Control: tags -1 - help On Fri, May 04, 2018 at 12:24:12PM +0000, Matthias Klose wrote: >... > libtool: compile: gcc -DHAVE_CONFIG_H -I. -I./include -I./tests > -I./generated -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Werror -g -O2 > -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat > -Werror=format-security -MT zookeeper.lo -MD -MP -MF .deps/zookeeper.Tpo -c > src/zookeeper.c -fPIC -DPIC -o .libs/zookeeper.o > src/zookeeper.c: In function 'format_endpoint_info': > src/zookeeper.c:3469:21: error: '%d' directive writing between 1 and 5 bytes > into a region of size between 0 and 127 [-Werror=format-overflow=] > sprintf(buf,"%s:%d",addrstr,ntohs(port)); > ^~ > src/zookeeper.c:3469:17: note: directive argument in the range [0, 65535] > sprintf(buf,"%s:%d",addrstr,ntohs(port)); > ^~~~~~~ > In file included from /usr/include/stdio.h:862, > from ./include/zookeeper.h:29, > from src/zookeeper.c:27: > /usr/include/x86_64-linux-gnu/bits/stdio2.h:33:10: note: > '__builtin___sprintf_chk' output between 3 and 134 bytes into a destination > of size 128 > return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1, > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > __bos (__s), __fmt, __va_arg_pack ()); > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > cc1: all warnings being treated as errors >...
The relevant code is: ... static char buf[128]; char addrstr[128]; ... inet_ntop(ep->ss_family,inaddr,addrstr,sizeof(addrstr)-1); sprintf(buf,"%s:%d",addrstr,ntohs(port)); ... Both addrstr and buf have a size of 128. After the inet_ntop() call addrstr might contain up to 128 characters (including \0 termination). buf is a concatenation of addrstr, ':' and ntohs(port) into a string. That's up to 127(addrstr) + 1(:) + 5(ntohs) + 1(\0) = 134 characters. 134 > 128 cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed