Hello, during compilation of ddrescue 1.27 suggests couple of places which potentially might result in some buffer overflow. Please can you check these?
----- g++ -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -f stack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf- protection -DPROGVERSION=\"1.27\" -c -o main.o main.cc In file included from main.cc:162: main_common.cc: In function 'format_num(long long, long long, int)': main_common.cc:278:28: warning: '%lld' directive output may be truncated writing between 1 and 20 bytes into a region of size 16 [-Wformat-truncation =] 278 | snprintf( buf, bufsize, "%lld %s", num, p ); | ^~~~ main_common.cc:278:27: note: directive argument in the range [- 9223372036854775807, 9223372036854775807] 278 | snprintf( buf, bufsize, "%lld %s", num, p ); | ^~~~~~~~~ In file included from /usr/include/stdio.h:906, from /usr/include/c++/12/cstdio:42, from main.cc:30: In function 'snprintf', inlined from 'format_num(long long, long long, int)' at main_common.cc: 278:11: /usr/include/bits/stdio2.h:54:35: note: '__snprintf_chk' output between 3 and 22 bytes into a destination of size 16 54 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, | ~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ 55 | __glibc_objsize (__s), __fmt, | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 56 | __va_arg_pack ()); | ~~~~~~~~~~~~~~~~~ ---------- g++ -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches - pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fs tack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 - mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf- protection -o ddrescue arg_parser.o rational.o non_posix.o lo ggers.o block.o mapfile.o mapbook.o fillbook.o genbook.o io.o rescuebook.o command_mode.o main.o In file included from ddrescuelog.cc:107: main_common.cc: In function 'format_num(long long, long long, int)': main_common.cc:278:28: warning: '%lld' directive output may be truncated writing between 1 and 20 bytes into a region of size 16 [-Wformat-truncation =] 278 | snprintf( buf, bufsize, "%lld %s", num, p ); | ^~~~ main_common.cc:278:27: note: directive argument in the range [- 9223372036854775807, 9223372036854775807] 278 | snprintf( buf, bufsize, "%lld %s", num, p ); | ^~~~~~~~~ In file included from /usr/include/stdio.h:906, from /usr/include/c++/12/cstdio:42, from ddrescuelog.cc:27: In function 'snprintf', inlined from 'format_num(long long, long long, int)' at main_common.cc: 278:11: /usr/include/bits/stdio2.h:54:35: note: '__snprintf_chk' output between 3 and 22 bytes into a destination of size 16 54 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, | ~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ 55 | __glibc_objsize (__s), __fmt, | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 56 | __va_arg_pack ()); | ~~~~~~~~~~~~~~~~~ Best regards Michal Ambroz
