Skip to content

Possible buffer overflow in q931.c #9

@kkeil

Description

@kkeil

Newer gcc find a possible bufferoverflow:

libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../include -I../include -Wall -Werror -I./include -D_FORTIFY_SOURCE=2 -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt -MT layer3/q931.lo -MD -MP -MF layer3/.deps/q931.Tpo -c layer3/q931.c  -fPIC -DPIC -o layer3/.libs/q931.o
In file included from /usr/include/string.h:494,
                 from layer3/q931.c:22:
In function ‘strncpy’,
    inlined from ‘mi_encode_redirecting_nr’ at layer3/q931.c:531:3:
/usr/include/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ forming offset [25, 31] is out of the bounds [0, 24] of object ‘ie’ with type ‘unsigned char[24]’ [-Werror=array-bounds]
   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
layer3/q931.c: In function ‘mi_encode_redirecting_nr’:
layer3/q931.c:509:16: note: ‘ie’ declared here
  unsigned char ie[24];
                ^~
In file included from /usr/include/string.h:494,
                 from layer3/q931.c:22:
In function ‘strncpy’,
    inlined from ‘mi_encode_redirection_nr’ at layer3/q931.c:557:3:
/usr/include/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ forming offset [25, 31] is out of the bounds [0, 24] of object ‘ie’ with type ‘unsigned char[24]’ [-Werror=array-bounds]
   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
layer3/q931.c: In function ‘mi_encode_redirection_nr’:
layer3/q931.c:540:16: note: ‘ie’ declared here
  unsigned char ie[24];

Thanks to tpowa reporting this.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions