I'd argue for a global replacement of sprintf(dest, ...)  to snprintf(dest,
sizeof(dest)...)
Unfortunately, that's probably not an automated task.
from the man page:
     The snprintf() and vsnprintf() functions will write at most size-1 of
the characters printed
     into the output string (the size'th character then gets the
terminating ‘\0’); if the return
     value is greater than or equal to the size argument, the string was
too short and some of the
     printed characters were discarded.  The output is always
null-terminated, unless size is 0.

bonus points for checking the return code :)

On Mon, Jul 8, 2024 at 6:55 AM Vincent Lefevre <vinc...@vinc17.net> wrote:

> Compiling master with GCC gives:
>
> screen.c: In function ‘main’:
> screen.c:794:56: warning: ‘sprintf’ may write a terminating nul past the
> end of the destination [-Wformat-overflow=]
>   794 |                         sprintf(SocketPath, "%s/.screen", home);
>       |                                                        ^
> screen.c:794:25: note: ‘sprintf’ output between 9 and 4097 bytes into a
> destination of size 4096
>   794 |                         sprintf(SocketPath, "%s/.screen", home);
>       |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Indeed, the test strlen(home) > MAXPATHLEN - 8 is not sufficient
> due to the terminating null character (if home has length
> MAXPATHLEN - 8, then MAXPATHLEN + 1 characters are written,
> which is larger than the buffer size MAXPATHLEN).
>
> The attached patch fixes this problem and makes the warning disappear.
>
> --
> Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
>

Reply via email to