URL: <https://savannah.gnu.org/bugs/?66415>
Summary: SocketPath and socknamebuf size
Group: GNU Screen
Submitter: themusicgod1
Submitted: Wed 06 Nov 2024 11:04:19 AM CST
Category: None
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Release: 5.0.0
Fixed Release: None
Planned Release: None
Work Required: None
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Wed 06 Nov 2024 11:04:19 AM CST By: Jeffrey Cliff <themusicgod1>
for
screen: 5.0 (but also master branch commit 9d8b0ff)
gcc: gcc (GCC) 15.0.0 20240509 (experimental)
CFLAGS: -std=gnu23 -Oz -march=native
shows that screen.c tries to write > 4095 bytes into a region of size 4095 via
snprintf
screen.c: In function ‘main’:
screen.c:955:102: warning: ‘%s’ directive output may be truncated writing
up to 4096 bytes into a region of size 4095 [-Wformat-truncation=]
955 | snprintf(SocketPath + strlen(SocketPath),
sizeof(SocketPath) - strlen(SocketPath), "/%s", socknamebuf);
|
^~ ~~~~~~~~~~~
screen.c:955:17: note: ‘snprintf’ output between 2 and 4098 bytes into a
destination of size 4096
955 | snprintf(SocketPath + strlen(SocketPath),
sizeof(SocketPath) - strlen(SocketPath), "/%s", socknamebuf);
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
screen.c:1020:94: warning: ‘%s’ directive output may be truncated writing
up to 4096 bytes into a region of size 4095 [-Wformat-truncation=]
1020 | snprintf(SocketPath + strlen(SocketPath), sizeof(SocketPath) -
strlen(SocketPath), "/%s", socknamebuf);
|
^~ ~~~~~~~~~~~
screen.c:1020:9: note: ‘snprintf’ output between 2 and 4098 bytes into a
destination of size 4096
1020 | snprintf(SocketPath + strlen(SocketPath), sizeof(SocketPath) -
strlen(SocketPath), "/%s", socknamebuf);
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
here's one potential fix:
--- screen-5.0.0/screen.c 2024-08-28 13:55:03.000000000 -0600
+++ screen-compiles/screen.c 2024-11-06 10:38:26.816344943 -0600
@@ -104,7 +104,7 @@
/* Content of the tty symlink when attach_tty_is_in_new_ns == true. */
char attach_tty_name_in_ns[MAXPATHLEN];
-char SocketPath[MAXPATHLEN];
+char SocketPath[MAXPATHLEN+2];
char *SocketName; /* SocketName is pointer in SocketPath
*/
char *SocketMatch = NULL; /* session id command line argument */
int ServerSocket = -1;
--- screen-5.0.0/screen.h 2024-08-28 13:55:03.000000000 -0600
+++ screen-compiles/screen.h 2024-11-06 10:38:09.609346246 -0600
@@ -237,7 +237,7 @@
extern char attach_tty_name_in_ns[];
extern char strnomem[];
extern char HostName[];
-extern char SocketPath[MAXPATHLEN];
+extern char SocketPath[MAXPATHLEN+2];
extern char *attach_tty;
extern char *attach_term;
extern char *captionstring;
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?66415>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature
