[jira] [Commented] (GUACAMOLE-720) Build failure with GCC 9

Sat, 26 Jan 2019 05:43:46 -0800 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16753042#comment-16753042
 ] 

Nick Couchman commented on GUACAMOLE-720:
-----------------------------------------

Thanks, [~scaronni].  We'll definitely look into it.  I wonder if this will be 
resolved by GUACAMOLE-637 - I'm not certain, but I know that Mike is working on 
some changes to the versions of strn* functions being used.  See the following 
PR: https://github.com/apache/guacamole-server/pull/209.

> Build failure with GCC 9
> ------------------------
>
>                 Key: GUACAMOLE-720
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-720
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacd
>    Affects Versions: 1.0.0
>            Reporter: Simone Caronni
>            Priority: Minor
>
> In particular GCC 9 complains about this code:
> {code}
> > BUILDSTDERR: In file included from /usr/include/string.h:494,
> > BUILDSTDERR:                  from /usr/include/winpr/collections.h:25,
> > BUILDSTDERR:                  from /usr/include/freerdp/types.h:80,
> > BUILDSTDERR:                  from /usr/include/freerdp/svc.h:24,
> > BUILDSTDERR:                  from 
> > /usr/include/freerdp/utils/svc_plugin.h:27,
> > BUILDSTDERR:                  from ./rdp_svc.h:25,
> > BUILDSTDERR:                  from guac_svc/svc_service.h:24,
> > BUILDSTDERR:                  from guac_svc/svc_service.c:22:
> > BUILDSTDERR: In function 'strncpy',
> > BUILDSTDERR:     inlined from 'VirtualChannelEntry' at 
> > guac_svc/svc_service.c:56:5:
> > BUILDSTDERR: /usr/include/bits/string_fortified.h:106:10: error: 
> > '__builtin_strncpy' output may be truncated copying 7 bytes from a string 
> > of length 7 [-Werror=stringop-truncation]
> > BUILDSTDERR:   106 |   return __builtin___strncpy_chk (__dest, __src, 
> > __len, __bos (__dest));
> > BUILDSTDERR:       |          
> > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > BUILDSTDERR: cc1: all warnings being treated as errors
> {code}
> Which stems from this code:
> {code}
> >   /* Init channel def */
> >     
> >strncpy(svc_plugin->[plugin.channel_def.name|http://plugin.channel_def.name/],
> > svc->name,
> >             GUAC_RDP_SVC_MAX_LENGTH);
> {code}
> The compiler is complaining because it can not prove the resulting string has 
> a proper NUL terminator.  This can cause runtime faults and even  security 
> issues.
> Most folks are fixing this by either NUL terminating the string after the 
> call to strncpy .  However, in some cases the string is not guaranteed to be 
> NUL terminated -- in those cases the "nonstring" attribute is more 
> appropriate.  Note that using "nonstring" will cause the compiler to analyze 
> use points and warn if you pass a "nonstring" variable to a routine that 
> expects a properly terminated NUL string such as strlen.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to