From c0186953ac0396d415477b2c709decded5df4e32 Mon Sep 17 00:00:00 2001 From: Kai Kang Date: Wed, 10 Apr 2019 01:56:06 -0400 Subject: setools: fix build failure with gcc 7 Backport patch from setools upstream to fix build failure with GCC 7 due to possible truncation of snprintf output. It could be reproduced on 64 bit bsps such as qemux86-64 and qemumips64 with configs: SELECTED_OPTIMIZATION = "${DEBUG_OPTIMIZATION}" DEBUG_BUILD = "1" Signed-off-by: Kai Kang Signed-off-by: Joe MacDonald --- ...ailure-with-GCC-7-due-to-possible-truncat.patch | 90 ++++++++++++++++++---- 1 file changed, 74 insertions(+), 16 deletions(-) diff --git a/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch b/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch index d0faba8..a5af041 100644 --- a/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch +++ b/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch @@ -1,6 +1,10 @@ -From 790d7a538f515d27d2390f1ef56c9871b107a346 Mon Sep 17 00:00:00 2001 -From: Steve Langasek -Date: Sun, 27 Aug 2017 21:28:40 -0700 +Upstream-Status: Backport [https://github.com/TresysTechnology/setools/commit/e41adf0] + +Signed-off-by: Kai Kang + +From e41adf01647c695b80b112b337e76021bb9f30c3 Mon Sep 17 00:00:00 2001 +From: Laurent Bigonville +Date: Tue, 26 Sep 2017 15:15:30 +0200 Subject: [PATCH] Fix build failure with GCC 7 due to possible truncation of snprintf output @@ -15,33 +19,87 @@ libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 429496 snprintf(buff, 9, "@ttr%04zd", i + 1); ^~~~~~~~~~~ -Exceeding 10,000 attributes is necessarily going to result in collisions -inserting into the hash table given this naming scheme, and we already error -out on the first collision; but there will be holes since types are not -handled the same as attributes. Short of making backwards-incompatible -changes to the entry names, this is probably the best way to fix this build -failure while reducing the chances of a hash collision in the unlikely event -that the hashtable is (nearly) full. +Increase the size of the buffer to avoid collisions Closes: https://github.com/TresysTechnology/setools/issues/174 -Signed-off-by: Mark Hatle +Signed-off-by: Laurent Bigonville --- - libqpol/policy_extend.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + libqpol/policy_extend.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/libqpol/policy_extend.c b/libqpol/policy_extend.c -index 742819b..70e8f7c 100644 +index 742819b..739e184 100644 --- a/libqpol/policy_extend.c +++ b/libqpol/policy_extend.c +@@ -110,7 +110,7 @@ static int qpol_policy_remove_bogus_aliases(qpol_policy_t * policy) + * Builds data for the attributes and inserts them into the policydb. + * This function modifies the policydb. Names created for attributes + * are of the form @ttr where value is the value of the attribute +- * as a four digit number (prepended with 0's as needed). ++ * as a ten digit number (prepended with 0's as needed). + * @param policy The policy from which to read the attribute map and + * create the type data for the attributes. This policy will be altered + * by this function. +@@ -125,7 +125,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) + uint32_t bit = 0, count = 0; + ebitmap_node_t *node = NULL; + type_datum_t *tmp_type = NULL, *orig_type; +- char *tmp_name = NULL, buff[10]; ++ char *tmp_name = NULL, buff[16]; + int error = 0, retv; + + INFO(policy, "%s", "Generating attributes for policy. (Step 4 of 5)"); +@@ -137,7 +137,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) + + db = &policy->p->p; + +- memset(&buff, 0, 10 * sizeof(char)); ++ memset(&buff, 0, 16 * sizeof(char)); + + for (i = 0; i < db->p_types.nprim; i++) { + /* skip types */ @@ -158,7 +158,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) * with this attribute */ /* Does not exist */ if (db->p_type_val_to_name[i] == NULL){ - snprintf(buff, 9, "@ttr%04zd", i + 1); -+ snprintf(buff, 9, "@ttr%04zd", (i + 1) % 10000); ++ snprintf(buff, 15, "@ttr%010zd", i + 1); tmp_name = strdup(buff); if (!tmp_name) { error = errno; +@@ -240,7 +240,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) + * Builds data for empty attributes and inserts them into the policydb. + * This function modifies the policydb. Names created for the attributes + * are of the form @ttr where value is the value of the attribute +- * as a four digit number (prepended with 0's as needed). ++ * as a ten digit number (prepended with 0's as needed). + * @param policy The policy to which to add type data for attributes. + * This policy will be altered by this function. + * @return Returns 0 on success and < 0 on failure; if the call fails, +@@ -251,7 +251,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) + static int qpol_policy_fill_attr_holes(qpol_policy_t * policy) + { + policydb_t *db = NULL; +- char *tmp_name = NULL, buff[10]; ++ char *tmp_name = NULL, buff[16]; + int error = 0, retv = 0; + ebitmap_t tmp_bmap = { NULL, 0 }; + type_datum_t *tmp_type = NULL; +@@ -265,12 +265,12 @@ static int qpol_policy_fill_attr_holes(qpol_policy_t * policy) + + db = &policy->p->p; + +- memset(&buff, 0, 10 * sizeof(char)); ++ memset(&buff, 0, 16 * sizeof(char)); + + for (i = 0; i < db->p_types.nprim; i++) { + if (db->type_val_to_struct[i]) + continue; +- snprintf(buff, 9, "@ttr%04zd", i + 1); ++ snprintf(buff, 15, "@ttr%010zd", i + 1); + tmp_name = strdup(buff); + if (!tmp_name) { + error = errno; -- -1.8.3.1 +2.20.1 -- cgit v1.2.3-54-g00ecf