snprintf() results may get truncated

[Eike Rathke]

Hi,

This is nothing overly critical (not even in mutt_rmtree() if
a truncated string also represents an existing directory entry, as there
was a checked opendir(path) and all entries are to be removed, but
truncated will not be removed as intended, so..), just a heads-up that
some long paths may get truncated when concatenating into a buffer.
Places that do such concatenation using snprintf() should check the
return value and if greater or equal than size(...) it means the result
is truncated. Maybe path related destination buffers also shouldn't be
of _POSIX_PATH_MAX but PATH_MAX size instead.

Places where gcc 7.1.1 spew out warnings (there are more, but not
directly deducible from local buffer sizes):

browser.c: In function ‘examine_mailboxes’:
browser.c:524:34: warning: ‘/new’ directive output may be truncated writing 4 
bytes into a region of size between 1 and 256 [-Wformat-truncation=]
       snprintf (md, sizeof (md), "%s/new", tmp->path);
                                  ^~~~~~~~
browser.c:524:7: note: ‘snprintf’ output between 5 and 260 bytes into a 
destination of size 256
       snprintf (md, sizeof (md), "%s/new", tmp->path);
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
browser.c:527:34: warning: ‘/cur’ directive output may be truncated writing 4 
bytes into a region of size between 1 and 256 [-Wformat-truncation=]
       snprintf (md, sizeof (md), "%s/cur", tmp->path);
                                  ^~~~~~~~
browser.c:527:7: note: ‘snprintf’ output between 5 and 260 bytes into a 
destination of size 256
       snprintf (md, sizeof (md), "%s/cur", tmp->path);
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


buffy.c: In function ‘buffy_maildir_check_dir’:
buffy.c:324:34: warning: ‘snprintf’ output may be truncated before the last 
format character [-Wformat-truncation=]
   snprintf (path, sizeof (path), "%s/%s", mailbox->path, dir_name);
                                  ^~~~~~~
buffy.c:324:3: note: ‘snprintf’ output 2 or more bytes (assuming 257) into a 
destination of size 256
   snprintf (path, sizeof (path), "%s/%s", mailbox->path, dir_name);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
buffy.c:370:46: warning: ‘snprintf’ output may be truncated before the last 
format character [-Wformat-truncation=]
           snprintf(msgpath, sizeof(msgpath), "%s/%s", path, de->d_name);
                                              ^~~~~~~
buffy.c:370:11: note: ‘snprintf’ output 2 or more bytes (assuming 257) into a 
destination of size 256
           snprintf(msgpath, sizeof(msgpath), "%s/%s", path, de->d_name);
           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


help.c: In function ‘pad’:
help.c:192:37: warning: ‘%d’ directive output may be truncated writing between 
1 and 11 bytes into a region of size 6 [-Wformat-truncation=]
     snprintf (fmt, sizeof(fmt), "%%-%ds", i - col);
                                     ^~
help.c:192:33: note: directive argument in the range [-1073741805, 2147483647]
     snprintf (fmt, sizeof(fmt), "%%-%ds", i - col);
                                 ^~~~~~~~
help.c:192:5: note: ‘snprintf’ output between 5 and 15 bytes into a destination 
of size 8
     snprintf (fmt, sizeof(fmt), "%%-%ds", i - col);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


mh.c: In function ‘_maildir_open_find_message’:
mh.c:2388:47: warning: ‘%s’ directive output may be truncated writing up to 255 
bytes into a region of size 254 [-Wformat-truncation=]
       snprintf (fname, sizeof (fname), "%s/%s/%s", folder, subfolder,
                                               ^~
mh.c:2388:7: note: ‘snprintf’ output 3 or more bytes (assuming 258) into a 
destination of size 256
       snprintf (fname, sizeof (fname), "%s/%s/%s", folder, subfolder,
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   de->d_name);
   ~~~~~~~~~~~
mh.c: In function ‘maildir_parse_dir’:
mh.c:852:36: warning: ‘snprintf’ output may be truncated before the last format 
character [-Wformat-truncation=]
       snprintf (tmp, sizeof (tmp), "%s/%s", subdir, de->d_name);
                                    ^~~~~~~
mh.c:852:7: note: ‘snprintf’ output 2 or more bytes (assuming 257) into a 
destination of size 256
       snprintf (tmp, sizeof (tmp), "%s/%s", subdir, de->d_name);
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


lib.c: In function ‘mutt_rmtree’:
lib.c:600:34: warning: ‘snprintf’ output may be truncated before the last 
format character [-Wformat-truncation=]
     snprintf (cur, sizeof (cur), "%s/%s", path, de->d_name);
                                  ^~~~~~~
lib.c:600:5: note: ‘snprintf’ output 2 or more bytes (assuming 257) into a 
destination of size 256
     snprintf (cur, sizeof (cur), "%s/%s", path, de->d_name);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


bcache.c: In function ‘mutt_bcache_put’:
bcache.c:139:39: warning: ‘%s’ directive output may be truncated writing up to 
4 bytes into a region of size between 1 and 256 [-Wformat-truncation=]
   snprintf (path, sizeof (path), "%s%s%s", bcache->path, id,
                                       ^~
bcache.c:139:3: note: ‘snprintf’ output 1 or more bytes (assuming 260) into a 
destination of size 256
   snprintf (path, sizeof (path), "%s%s%s", bcache->path, id,
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
             tmp ? ".tmp" : "");
             ~~~~~~~~~~~~~~~~~~


  Eike

-- 
OpenPGP/GnuPG encrypted mail preferred in all private communication.
GPG key 0x6A6CD5B765632D3A - 2265 D7F3 A7B0 95CC 3918  630B 6A6C D5B7 6563 2D3A
Care about Free Software, support the FSFE https://fsfe.org/support/?erack
Use LibreOffice! https://www.libreoffice.org/

signature.asc
Description: PGP signature