<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<p class="details" style="font-style: italic; color: #777;">

<a href="https://gitlab.com/rockdaboot">Tim Rühsen</a> created an issue:

</p>

<div></div>

<p dir="auto">It is possible that a truncation remains unnoticed and we continue working with truncated strings (filenames ?)... IMO not a good thing to do.</p>

<p dir="auto">From Jeffrey Walton:</p>

<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">FYI...</span>

<span id="LC2" class="line" lang="plaintext"></span>

<span id="LC3" class="line" lang="plaintext">On Sun, Dec 22, 2019 at 11:25 AM Jeffrey Walton <noloader@gmail.com> wrote:</span>

<span id="LC4" class="line" lang="plaintext">></span>

<span id="LC5" class="line" lang="plaintext">> Hi Everyone,</span>

<span id="LC6" class="line" lang="plaintext">></span>

<span id="LC7" class="line" lang="plaintext">> I'm catching a dirty compile with GnuTLS 3.6.11.1 on Fedora 31.</span>

<span id="LC8" class="line" lang="plaintext">></span>

<span id="LC9" class="line" lang="plaintext">> ...</span>

<span id="LC10" class="line" lang="plaintext">> dn.c: In function 'append_elements':</span>

<span id="LC11" class="line" lang="plaintext">> dn.c:83:9: warning: '.?' directive output may be truncated writing 2</span>

<span id="LC12" class="line" lang="plaintext">> bytes into a region of size between 1 and 192 [-Wformat-truncation=]</span>

<span id="LC13" class="line" lang="plaintext">>    83 |      "%s.?%u", tmpbuffer1, k2);</span>

<span id="LC14" class="line" lang="plaintext">>       |         ^~</span>

<span id="LC15" class="line" lang="plaintext">> dn.c:83:6: note: directive argument in the range [1, 2147483647]</span>

<span id="LC16" class="line" lang="plaintext">>    83 |      "%s.?%u", tmpbuffer1, k2);</span>

<span id="LC17" class="line" lang="plaintext">>       |      ^~~~~~~~</span>

<span id="LC18" class="line" lang="plaintext">> dn.c:82:4: note: 'snprintf' output between 4 and 204 bytes into a</span>

<span id="LC19" class="line" lang="plaintext">> destination of size 192</span>

<span id="LC20" class="line" lang="plaintext">>    82 |    snprintf(tmpbuffer2, sizeof(tmpbuffer2),</span>

<span id="LC21" class="line" lang="plaintext">>       |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span>

<span id="LC22" class="line" lang="plaintext">>    83 |      "%s.?%u", tmpbuffer1, k2);</span>

<span id="LC23" class="line" lang="plaintext">>       |      ~~~~~~~~~~~~~~~~~~~~~~~~~</span>

<span id="LC24" class="line" lang="plaintext">> libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../.. -I./../../gl</span>

<span id="LC25" class="line" lang="plaintext">> -I./../../gl -I./../includes -I./../includes -I./..</span>

<span id="LC26" class="line" lang="plaintext">> -I/usr/local/include -DNDEBUG -Wtype-limits -fno-common -Wall</span>

<span id="LC27" class="line" lang="plaintext">> -I/usr/local/include -I/usr/local/include</span>

<span id="LC28" class="line" lang="plaintext">> -I/usr/local/include/p11-kit-1 -g2 -O2 -march=native -fPIC -pthread</span>

<span id="LC29" class="line" lang="plaintext">> -MT prov-seed.lo -MD -MP -MF .deps/prov-seed.Tpo -c prov-seed.c  -fPIC</span>

<span id="LC30" class="line" lang="plaintext">> -DPIC -o .libs/prov-seed.o</span>

<span id="LC31" class="line" lang="plaintext">> dn.c: In function '_gnutls_x509_parse_dn_oid':</span>

<span id="LC32" class="line" lang="plaintext">> dn.c:368:10: warning: '.?' directive output may be truncated writing 2</span>

<span id="LC33" class="line" lang="plaintext">> bytes into a region of size between 1 and 192 [-Wformat-truncation=]</span>

<span id="LC34" class="line" lang="plaintext">>   368 |       "%s.?%u", tmpbuffer1, k2);</span>

<span id="LC35" class="line" lang="plaintext">>       |          ^~</span>

<span id="LC36" class="line" lang="plaintext">> dn.c:368:7: note: directive argument in the range [1, 2147483647]</span>

<span id="LC37" class="line" lang="plaintext">>   368 |       "%s.?%u", tmpbuffer1, k2);</span>

<span id="LC38" class="line" lang="plaintext">>       |       ^~~~~~~~</span>

<span id="LC39" class="line" lang="plaintext">> dn.c:367:5: note: 'snprintf' output between 4 and 204 bytes into a</span>

<span id="LC40" class="line" lang="plaintext">> destination of size 192</span>

<span id="LC41" class="line" lang="plaintext">>   367 |     snprintf(tmpbuffer2, sizeof(tmpbuffer2),</span>

<span id="LC42" class="line" lang="plaintext">>       |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span>

<span id="LC43" class="line" lang="plaintext">>   368 |       "%s.?%u", tmpbuffer1, k2);</span>

<span id="LC44" class="line" lang="plaintext">>       |       ~~~~~~~~~~~~~~~~~~~~~~~~~</span>

<span id="LC45" class="line" lang="plaintext">> attributes.c: In function '_x509_parse_attribute':</span>

<span id="LC46" class="line" lang="plaintext">> attributes.c:138:9: warning: '.values.?' directive output may be</span>

<span id="LC47" class="line" lang="plaintext">> truncated writing 9 bytes into a region of size between 1 and 192</span>

<span id="LC48" class="line" lang="plaintext">> [-Wformat-truncation=]</span>

<span id="LC49" class="line" lang="plaintext">>   138 |      "%s.values.?%u", tmpbuffer1, indx + 1);</span>

<span id="LC50" class="line" lang="plaintext">>       |         ^~~~~~~~~</span>

<span id="LC51" class="line" lang="plaintext">> attributes.c:138:6: note: using the range [0, 4294967295] for directive argument</span>

<span id="LC52" class="line" lang="plaintext">>   138 |      "%s.values.?%u", tmpbuffer1, indx + 1);</span>

<span id="LC53" class="line" lang="plaintext">>       |      ^~~~~~~~~~~~~~~</span>

<span id="LC54" class="line" lang="plaintext">> attributes.c:137:4: note: 'snprintf' output between 11 and 211 bytes</span>

<span id="LC55" class="line" lang="plaintext">> into a destination of size 192</span>

<span id="LC56" class="line" lang="plaintext">>   137 |    snprintf(tmpbuffer3, sizeof(tmpbuffer3),</span>

<span id="LC57" class="line" lang="plaintext">>       |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span>

<span id="LC58" class="line" lang="plaintext">>   138 |      "%s.values.?%u", tmpbuffer1, indx + 1);</span>

<span id="LC59" class="line" lang="plaintext">>       |      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span>

<span id="LC60" class="line" lang="plaintext">> dn.c: In function '_gnutls_x509_get_dn_oid':</span>

<span id="LC61" class="line" lang="plaintext">> dn.c:528:10: warning: '.?' directive output may be truncated writing 2</span>

<span id="LC62" class="line" lang="plaintext">> bytes into a region of size between 1 and 192 [-Wformat-truncation=]</span>

<span id="LC63" class="line" lang="plaintext">>   528 |       "%s.?%u", tmpbuffer1, k2);</span>

<span id="LC64" class="line" lang="plaintext">>       |          ^~</span>

<span id="LC65" class="line" lang="plaintext">> dn.c:528:7: note: directive argument in the range [1, 2147483647]</span>

<span id="LC66" class="line" lang="plaintext">>   528 |       "%s.?%u", tmpbuffer1, k2);</span>

<span id="LC67" class="line" lang="plaintext">>       |       ^~~~~~~~</span>

<span id="LC68" class="line" lang="plaintext">> dn.c:527:5: note: 'snprintf' output between 4 and 204 bytes into a</span>

<span id="LC69" class="line" lang="plaintext">> destination of size 192</span>

<span id="LC70" class="line" lang="plaintext">>   527 |     snprintf(tmpbuffer2, sizeof(tmpbuffer2),</span>

<span id="LC71" class="line" lang="plaintext">>       |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span>

<span id="LC72" class="line" lang="plaintext">>   528 |       "%s.?%u", tmpbuffer1, k2);</span>

<span id="LC73" class="line" lang="plaintext">>       |       ~~~~~~~~~~~~~~~~~~~~~~~~~</span>

<span id="LC74" class="line" lang="plaintext">></span>

<span id="LC75" class="line" lang="plaintext">> ...</span>

<span id="LC76" class="line" lang="plaintext">> extensions.c: In function '_gnutls_write_new_othername':</span>

<span id="LC77" class="line" lang="plaintext">> extensions.c:803:36: warning: '.otherName.type-id' directive output</span>

<span id="LC78" class="line" lang="plaintext">> may be truncated writing 18 bytes into a region of size between 1 and</span>

<span id="LC79" class="line" lang="plaintext">> 128 [-Wformat-truncation=]</span>

<span id="LC80" class="line" lang="plaintext">>   803 |  snprintf(name2, sizeof(name2), "%s.otherName.type-id", name);</span>

<span id="LC81" class="line" lang="plaintext">>       |                                    ^~~~~~~~~~~~~~~~~~</span>

<span id="LC82" class="line" lang="plaintext">> extensions.c:803:2: note: 'snprintf' output between 19 and 146 bytes</span>

<span id="LC83" class="line" lang="plaintext">> into a destination of size 128</span>

<span id="LC84" class="line" lang="plaintext">>   803 |  snprintf(name2, sizeof(name2), "%s.otherName.type-id", name);</span>

<span id="LC85" class="line" lang="plaintext">>       |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span>

<span id="LC86" class="line" lang="plaintext">> extensions.c:812:36: warning: '.otherName.value' directive output may</span>

<span id="LC87" class="line" lang="plaintext">> be truncated writing 16 bytes into a region of size between 1 and 128</span>

<span id="LC88" class="line" lang="plaintext">> [-Wformat-truncation=]</span>

<span id="LC89" class="line" lang="plaintext">>   812 |  snprintf(name2, sizeof(name2), "%s.otherName.value", name);</span>

<span id="LC90" class="line" lang="plaintext">>       |                                    ^~~~~~~~~~~~~~~~</span>

<span id="LC91" class="line" lang="plaintext">> extensions.c:812:2: note: 'snprintf' output between 17 and 144 bytes</span>

<span id="LC92" class="line" lang="plaintext">> into a destination of size 128</span>

<span id="LC93" class="line" lang="plaintext">>   812 |  snprintf(name2, sizeof(name2), "%s.otherName.value", name);</span>

<span id="LC94" class="line" lang="plaintext">></span>

<span id="LC95" class="line" lang="plaintext">> ...</span>

<span id="LC96" class="line" lang="plaintext">> verify-high2.c: In function 'load_dir_certs':</span>

<span id="LC97" class="line" lang="plaintext">> verify-high2.c:407:40: warning: 'snprintf' output may be truncated</span>

<span id="LC98" class="line" lang="plaintext">> before the last format character [-Wformat-truncation=]</span>

<span id="LC99" class="line" lang="plaintext">>   407 |     snprintf(path, sizeof(path), "%s/%s",</span>

<span id="LC100" class="line" lang="plaintext">>       |                                        ^</span>

<span id="LC101" class="line" lang="plaintext">> verify-high2.c:407:5: note: 'snprintf' output 2 or more bytes</span>

<span id="LC102" class="line" lang="plaintext">> (assuming 257) into a destination of size 256</span>

<span id="LC103" class="line" lang="plaintext">>   407 |     snprintf(path, sizeof(path), "%s/%s",</span>

<span id="LC104" class="line" lang="plaintext">>       |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span>

<span id="LC105" class="line" lang="plaintext">>   408 |       dirname, d->d_name);</span>

<span id="LC106" class="line" lang="plaintext">>       |       ~~~~~~~~~~~~~~~~~~~</span></code></pre>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/901">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/sent_notifications/ed2f831091e1bb4e7769097f63d81673/unsubscribe">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/901"}}</script>

</p>

</div>

</body>

</html>