diff options
Diffstat (limited to 'recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch')
| -rw-r--r-- | recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch b/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch new file mode 100644 index 0000000..d0faba8 --- /dev/null +++ b/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch | |||
| @@ -0,0 +1,47 @@ | |||
| 1 | From 790d7a538f515d27d2390f1ef56c9871b107a346 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Steve Langasek <steve.langasek@canonical.com> | ||
| 3 | Date: Sun, 27 Aug 2017 21:28:40 -0700 | ||
| 4 | Subject: [PATCH] Fix build failure with GCC 7 due to possible truncation of | ||
| 5 | snprintf output | ||
| 6 | |||
| 7 | setools fails to build under GCC7 -Wformat -Werror with the following error: | ||
| 8 | |||
| 9 | x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wno-sign-compare -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -Ilibqpol -Ilibqpol/include -I/usr/include/python3.6m -c libqpol/policy_extend.c -o build/temp.linux-amd64-3.6/libqpol/policy_extend.o -Werror -Wextra -Waggregate-return -Wfloat-equal -Wformat -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-include-dirs -Wnested-externs -Wold-style-definition -Wpointer-arith -Wredundant-decls -Wstrict-prototypes -Wunknown-pragmas -Wwrite-strings -Wno-missing-field-initializers -Wno-unused-parameter -Wno-cast-qual -Wno-shadow -Wno-unreachable-code -fno-exceptions | ||
| 10 | libqpol/policy_extend.c: In function 'policy_extend': | ||
| 11 | libqpol/policy_extend.c:161:27: error: '%04zd' directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=] | ||
| 12 | snprintf(buff, 9, "@ttr%04zd", i + 1); | ||
| 13 | ^~~~~ | ||
| 14 | libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295] | ||
| 15 | snprintf(buff, 9, "@ttr%04zd", i + 1); | ||
| 16 | ^~~~~~~~~~~ | ||
| 17 | |||
| 18 | Exceeding 10,000 attributes is necessarily going to result in collisions | ||
| 19 | inserting into the hash table given this naming scheme, and we already error | ||
| 20 | out on the first collision; but there will be holes since types are not | ||
| 21 | handled the same as attributes. Short of making backwards-incompatible | ||
| 22 | changes to the entry names, this is probably the best way to fix this build | ||
| 23 | failure while reducing the chances of a hash collision in the unlikely event | ||
| 24 | that the hashtable is (nearly) full. | ||
| 25 | |||
| 26 | Closes: https://github.com/TresysTechnology/setools/issues/174 | ||
| 27 | Signed-off-by: Mark Hatle <mark.hatle@windriver.com> | ||
| 28 | --- | ||
| 29 | libqpol/policy_extend.c | 2 +- | ||
| 30 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 31 | |||
| 32 | diff --git a/libqpol/policy_extend.c b/libqpol/policy_extend.c | ||
| 33 | index 742819b..70e8f7c 100644 | ||
| 34 | --- a/libqpol/policy_extend.c | ||
| 35 | +++ b/libqpol/policy_extend.c | ||
| 36 | @@ -158,7 +158,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) | ||
| 37 | * with this attribute */ | ||
| 38 | /* Does not exist */ | ||
| 39 | if (db->p_type_val_to_name[i] == NULL){ | ||
| 40 | - snprintf(buff, 9, "@ttr%04zd", i + 1); | ||
| 41 | + snprintf(buff, 9, "@ttr%04zd", (i + 1) % 10000); | ||
| 42 | tmp_name = strdup(buff); | ||
| 43 | if (!tmp_name) { | ||
| 44 | error = errno; | ||
| 45 | -- | ||
| 46 | 1.8.3.1 | ||
| 47 | |||