search for: string_fortifi

...mit a package on CRAN, and everything passes ok on all platforms but Debian, where CRAN responds with an automatic "significant" warning: * checking whether package ?QCA? can be installed ... [35s/35s] WARNING Found the following significant warnings: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning: ?__builtin_strncpy? output may be truncated copying 12 bytes from a string of length 79 [-Wstringop-truncation] See ?/srv/hornik/tmp/CRAN/QCA.Rcheck/00install.out? for details. I know the cause of this: using a cursomized version of some external C library, coupled with <S...

...me related work I built openssh 9.3p1 with -fsanitize=address and this came up during compilation. In file included from /usr/include/string.h:535, from kex.c:34: In function 'explicit_bzero', inlined from 'kex_free_newkeys' at kex.c:743:2: /usr/include/bits/string_fortified.h:72:3: warning: '__explicit_bzero_chk' writing 48 bytes into a region of size 8 overflows the destination [-Wstringop-overflow=] 72 | __explicit_bzero_chk (__dest, __len, __glibc_objsize0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In fil...

...AN, and everything passes ok on all platforms but Debian, where CRAN responds with an automatic "significant" warning: > > * checking whether package ?QCA? can be installed ... [35s/35s] WARNING > Found the following significant warnings: > /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning: ?__builtin_strncpy? output may be truncated copying 12 bytes from a string of length 79 [-Wstringop-truncation] > See ?/srv/hornik/tmp/CRAN/QCA.Rcheck/00install.out? for details. > > > I know the cause of this: using a cursomized version of some external C library...

...from /home/demartin/BuildClients/cobrasync-8.80-alsi11-lib32/cobrasync/rsync-3.2.7/match.c:22: In function 'memset', inlined from 'match_sums' at /home/demartin/BuildClients/cobrasync-8.80-alsi11-lib32/cobrasync/rsync-3.2.7/match.c:431:3: /usr/include/i386-linux-gnu/bits/string_fortified.h:71:10: error: '__builtin___memset_chk' specified size between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Werror=stringop-overflow=] 71 | return __builtin___memset_chk (__dest, __ch, __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~...

...caused by Debian patches), I noticed this in valgrind output: sshd[22181]: ==22181== Source and destination overlap in strlcpy(0x1ffeffd7e3, 0x1ffeffd7e3, 4096) sshd[22181]: ==22181== at 0x484E64D: strlcpy (vg_replace_strmem.c:667) sshd[22181]: ==22181== by 0x189ED5: UnknownInlinedFun (string_fortified.h:169) sshd[22181]: ==22181== by 0x189ED5: safe_path (misc.c:2335) sshd[22181]: ==22181== by 0x18A09D: safe_path_fd (misc.c:2376) sshd[22181]: ==22181== by 0x138C47: auth_openfile (auth2-pubkeyfile.c:477) sshd[22181]: ==22181== by 0x13783A: user_key_allowed2 (auth2-pubkey.c:63...

...ng passes ok on all platforms but Debian, where CRAN responds with an automatic "significant" warning: >> >> * checking whether package ?QCA? can be installed ... [35s/35s] WARNING >> Found the following significant warnings: >> /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning: ?__builtin_strncpy? output may be truncated copying 12 bytes from a string of length 79 [-Wstringop-truncation] >> See ?/srv/hornik/tmp/CRAN/QCA.Rcheck/00install.out? for details. >> >> >> I know the cause of this: using a cursomized version of some exte...