[tboot-devel] [Patch] gcc-16 compile error in strpbrk_s(): variable ‘len’ set but not used

Fri, 23 Jan 2026 03:23:42 -0800 

Hello list,

although it seems there is no longer an active upstream for tboot, here
is a patch for a compiler error/warning in tboot which occurs with
gcc-16. Maybe at least other users of tboot can make use of it.

The diagnostic is as follows:

    safeclib/strpbrk_s.c: In function ‘strpbrk_s’:
    safeclib/strpbrk_s.c:95:13: error: variable ‘len’ set but not used 
[-Werror=unused-but-set-variable=]
        95 |     rsize_t len;
           |             ^~~
    cc1: all warnings being treated as errors

It seems that this function does not take the `slen` parameter into
account at all, thereby not providing the safety guarantees that the
function's signature suggests. My take on fixing the issue is found in
the attached patch. Hopefully this doesn't cause any regressions in
spots where this shortcoming has masked errors before.

Cheers

Matthias

-- 
Matthias Gerstner <[email protected]>
Security Engineer
https://www.suse.com/security
GPG Key ID: 0x14C405C971923553
 
SUSE Software Solutions Germany GmbH
HRB 36809, AG Nürnberg
Geschäftsführer: Jochen Jaser, Andrew McDonald, Werner Knoblich

Index: tboot-1.11.10/safestringlib/safeclib/strpbrk_s.c
===================================================================
--- tboot-1.11.10.orig/safestringlib/safeclib/strpbrk_s.c
+++ tboot-1.11.10/safestringlib/safeclib/strpbrk_s.c
@@ -92,7 +92,6 @@ strpbrk_s (char *dest, rsize_t dmax,
            char *src,  rsize_t slen, char **first)
 {
     char *ps;
-    rsize_t len;
 
     if (first == NULL) {
         invoke_safe_str_constraint_handler("strpbrk_s: count is null",
@@ -140,11 +139,10 @@ strpbrk_s (char *dest, rsize_t dmax,
     /*
      * look for a matching char in the substring src
      */
-    while (*dest && dmax) {
+    while (*dest && dmax && slen) {
 
         ps = src;
-        len = slen;
-        while (*ps) {
+        while (*ps && slen) {
 
             /* check for a match with the substring */
             if (*dest == *ps) {
@@ -152,7 +150,7 @@ strpbrk_s (char *dest, rsize_t dmax,
                 return RCNEGATE(EOK);
             }
             ps++;
-            len--;
+           slen--;
         }
         dest++;
         dmax--;

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tboot-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tboot-devel














    











					Reply via email to