Fix Warnings in Release Build #458
Conversation
fixes warning "may be used uninitialized in this function [-Werror=maybe-uninitialized]"
Shouldn't ever be negative anyways. Fixes the warning "argument 2 range [18446744071562067968, 18446744073709551615] exceeds maximum object size 9223372036854775807 [-Werror=alloc-size-larger-than=]"
lcmgen/emit_lua.c
Outdated
| @@ -747,7 +747,7 @@ static int emit_package(lcmgen_t *lcm, _package_contents_t *pc) | |||
| char **dirs = g_strsplit(pc->name, ".", 0); | |||
| char *pdname = build_filenamev(dirs); | |||
| char package_dir[PATH_MAX]; | |||
| char package_dir_prefix[PATH_MAX]; | |||
| char package_dir_prefix[PATH_MAX - 10]; // Must be less than package_dir to append to it. | |||
There was a problem hiding this comment.
I think since we are setting the length of the destination buffer, we could use snprintf instead of reducing its length like this. snprintf is safer than sprintf in this case since it terminates the output with '\0', avoids the original error message, and allows us to check for truncation. (Although it does still check the length of the source buffer.) If truncation of the output occurs, snprintf would return PATH_MAX or greater in this case and if an error occurs it returns a negative value. I would assume in either of these cases we wouldn't be able to rely on the buffer to hold a valid path so logging an error and returning a negative value seems appropriates since under similar circumstances the same thing is done a little further down. If you agree with this approach, the same thing could be done in emit_python.c.
diff --git a/lcmgen/emit_lua.c b/lcmgen/emit_lua.c
index 080bc55..481a890 100644
--- a/lcmgen/emit_lua.c
+++ b/lcmgen/emit_lua.c
@@ -751,10 +751,20 @@ static int emit_package(lcmgen_t *lcm, _package_contents_t *pc)
int have_package = dirs[0] != NULL;
int write_init_lua = !getopt_get_bool(lcm->gopt, "lua-no-init");
- sprintf(package_dir_prefix, "%s%s", getopt_get_string(lcm->gopt, "lpath"),
+ int ret = snprintf(package_dir_prefix, PATH_MAX, "%s%s", getopt_get_string(lcm->gopt, "lpath"),
strlen(getopt_get_string(lcm->gopt, "lpath")) > 0 ? G_DIR_SEPARATOR_S : "");
- sprintf(package_dir, "%s%s%s", package_dir_prefix, pdname,
+ if (ret >= PATH_MAX || ret < 0) {
+ free(pdname);
+ err("Could not create package directory prefix string\n");
+ return -1;
+ }
+ ret = snprintf(package_dir, PATH_MAX, "%s%s%s", package_dir_prefix, pdname,
have_package ? G_DIR_SEPARATOR_S : "");
+ if (ret >= PATH_MAX || ret < 0) {
+ free(pdname);
+ err("Could not create package directory string\n");
+ return -1;
+ }
free(pdname);
if (strlen(package_dir)) {
if (!g_file_test(package_dir, G_FILE_TEST_EXISTS)) {Fixes the warning "‘__builtin___sprintf_chk’ may write a terminating nul past the end of the destination [-Werror=format-overflow=]"
This PR:
Resolves #457.
This PR does not fix GCC 12 release build warnings (it is possible to use the Fedora target to produce those).