similar to: Possible overflow bug?

Hi folks, I have several build environments in which I must build rsync, and in some, but not all of them, the build fails when built with -Wall -Werror due to this warning: In file included from /usr/include/string.h:495, from /home/demartin/BuildClients/cobrasync-8.80-alsi11-lib32/cobrasync/rsync-3.2.7/rsync.h:339, from

I am trying to submit a package on CRAN, and everything passes ok on all platforms but Debian, where CRAN responds with an automatic "significant" warning: * checking whether package ?QCA? can be installed ... [35s/35s] WARNING Found the following significant warnings: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning: ?__builtin_strncpy? output may be truncated

Adrian, newer compilers are better at finding bugs - you may want to read the full trace of the error, it tells you that you likely have a memory overflow when using strncpy() in your package. You should check whether it is right. Unfortunately we can?t help you more specifically, because I don't see any link to what you submitted so can?t look at the code involved. Cheers, Simon > On

On 23/05/2020 07:38, Simon Urbanek wrote: > Adrian, > > newer compilers are better at finding bugs - you may want to read the full trace of the error, it tells you that you likely have a memory overflow when using strncpy() in your package. You should check whether it is right. Unfortunately we can?t help you more specifically, because I don't see any link to what you submitted so

https://bugzilla.mindrot.org/show_bug.cgi?id=2541 Bug ID: 2541 Summary: Add explicit_bzero() before free() in OpenSSH-7.1p2 for auth1.c/auth2.c/auth2-hostbased.c Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5

We use rsync to provide an rsync share on a linux server with a javascript program on Windows clients which ensures all client data is backed up each morning. After making no progress with my posting last month regarding making a module upload only to prevent someone from manually downloading the rsync share obtaining other users work (exclude = * wasn't possible because we need --delete to

Hi! I am doing backups from a number of machines to an rsync server. For some time I was trying to come up with a solution, which would prevent users from peeking at each other's files, which are backed up. Finally, I've hacked rsync, introducing a new option "write only" for rsyncd.conf. When set to true, this option forbids the transfers from server to the client, thus solving

Remove sshkey_load_private(), as this function's role is similar to sshkey_load_private_type(). --- Dependency: This change depends over recently merged change in openbsd: https://github.com/openbsd/src/commit/b0c328c8f066f6689874bef7f338179145ce58d0 Change log: v1->v2 - Remove declaration of sshkey_load_private() in authfile.h authfile.c | 38

On Wed, Jul 20, 2016 at 09:02:57PM -0600, Selphie Keller wrote: > I wonder if could be useful to set the fall back account to something user > defined to avoid suggesting people add passwords to root, though I do like > root since the account is always there, Since committing that diff I've heard of people running in production with no root password (ie *LK*, !! or similar).

On Fri, Sep 25, 2020 at 10:03 AM Wei Wang <weiwangcloud2020@gmail.com> wrote: > On Thu, Sep 24, 2020 at 2:58 PM Ján Tomko <jtomko@redhat.com> wrote: > >> On a Thursday in 2020, Wei Wang wrote: >> >Seems it didn't appear on the mailing list, resent it. >> > >> > Hi folks, >> > >> >I'm trying to build libvirt using meson

With the -Wformat-truncation warnings fixed, finish the job started in commit a61ddb4393ad ("drm: enable (most) W=1 warnings by default across the subsystem"), and enable that warning too. Signed-off-by: Jani Nikula <jani.nikula at intel.com> --- Gut feeling says there are more issues, and my configs just don't catch them all, but let's see what the build bots have to

?Hello everybody, basic UTs for libnutconf were pushed to balooloo/nut, libconf branch: https://github.com/balooloo/nut/commit/f453459419abf6c597d5d186494f91ed6f0e81aa Note that the tests are not exhaustive; however, they test the most prominent (sample) configuration settings (de)serialisation. The code should also give you an idea about how to write a simple configuration manipulation program

Hello! I have a minor observation about code in sshbuf.c, not sure if it would be useful, but here it is. sshbuf_reset() is currently implemented like this: void sshbuf_reset(struct sshbuf *buf) { u_char *d; if (buf->readonly || buf->refcount > 1) { /* Nonsensical. Just make buffer appear empty */ buf->off = buf->size; return; } if (sshbuf_check_sanity(buf) != 0)

Hi Jani, On Thu, May 23, 2024 at 06:51:09PM +0300, Jani Nikula wrote: > With the -Wformat-truncation warnings fixed, finish the job started in > commit a61ddb4393ad ("drm: enable (most) W=1 warnings by default across > the subsystem"), and enable that warning too. > > Signed-off-by: Jani Nikula <jani.nikula at intel.com> When it is enabled for all of drm then the

Hi! The Netfilter project proudly presents: conntrack-tools 1.4.6 The conntrack-tools are a set of tools targeted at system administrators. They are conntrack, the userspace command line interface, and conntrackd, the userspace daemon. The tool conntrack provides a full featured interface that is intended to replace the old /proc/net/ip_conntrack interface. Using conntrack, you can view

From: Xiongfeng Wang <xiongfeng.wang at linaro.org> gcc-8 reports drivers/gpu/drm/nouveau/nvif/client.c: In function 'nvif_client_init': ./include/linux/string.h:245:9: warning: '__builtin_strncpy' specified bound 32 equals destination size [-Wstringop-truncation] We need to use strlcpy() to make sure the dest string is nul-terminated. Signed-off-by: Xiongfeng Wang

A simple reproducer is: ---------------------------------------------------------------------- #include <stdio.h> #include <stdlib.h> #include <stdint.h> #include <string.h> const char * copyn (const char *str, size_t n) { return strndup (str, n); } const char * copy (const char *str) { return copyn (str, SIZE_MAX); }

On Thu, Sep 03, 2020 at 10:47:13AM +0100, Richard W.M. Jones wrote: > > A simple reproducer is: > > ---------------------------------------------------------------------- > #include <stdio.h> > #include <stdlib.h> > #include <stdint.h> > #include <string.h> > > const char * > copyn (const char *str, size_t n) > { > return strndup

OpenSSH 7.1p2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time. Once again, we would like to thank the OpenSSH

Both Coverity and GCC with -Wstringop-overflow noticed that nvif_outp_acquire_dp() accidentally defined its second argument with 1 additional element: drivers/gpu/drm/nouveau/dispnv50/disp.c: In function 'nv50_pior_atomic_enable': drivers/gpu/drm/nouveau/dispnv50/disp.c:1813:17: error: 'nvif_outp_acquire_dp' accessing 16 bytes in a region of size 15 [-Werror=stringop-overflow=]