Attempting to compile pacman with gcc8 results in several warnings like: remove.c: In function ‘unlink_file.isra.4’: remove.c:407:34: warning: ‘.pacsave.’ directive output may be truncated writing 9 bytes into a region of size between 1 and 4096 [-Wformat-truncation=] Fix by adding checks to error out if snprintf tries to reserve a truncated filename. Because the return values are checked, gcc delegates the truncation response to our code instead of throwing warnings. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> --- This seems to solve the issue, though as mentioned in IRC it might be nice if we only needed to check the first use of newfile -- everything else is guaranteed to be shorter. Also feel free to nitpick the log message wording. lib/libalpm/remove.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/libalpm/remove.c b/lib/libalpm/remove.c index 5b53ac34..78ca5be7 100644 --- a/lib/libalpm/remove.c +++ b/lib/libalpm/remove.c @@ -404,14 +404,22 @@ static void shift_pacsave(alpm_handle_t *handle, const char *file) /* Shift pacsaves */ unsigned long i; for(i = log_max + 1; i > 1; i--) { - snprintf(oldfile, PATH_MAX, "%s.pacsave.%lu", file, i-1); - snprintf(newfile, PATH_MAX, "%s.pacsave.%lu", file, i); + if(snprintf(oldfile, PATH_MAX, "%s.pacsave.%lu", file, i-1) >= PATH_MAX + || snprintf(newfile, PATH_MAX, "%s.pacsave.%lu", file, i) >= PATH_MAX) { + _alpm_log(handle, ALPM_LOG_ERROR, + _("could not backup %s due to PATH_MAX overflow\n"), file); + goto cleanup; + } rename(oldfile, newfile); } - snprintf(oldfile, PATH_MAX, "%s.pacsave", file); + if(snprintf(oldfile, PATH_MAX, "%s.pacsave", file) >= PATH_MAX + || snprintf(newfile, PATH_MAX, "%s.1", oldfile) >= PATH_MAX) { + _alpm_log(handle, ALPM_LOG_ERROR, + _("could not backup %s due to PATH_MAX overflow\n"), file); + goto cleanup; + } if(stat(oldfile, &st) == 0) { - snprintf(newfile, PATH_MAX, "%s.1", oldfile); rename(oldfile, newfile); } -- 2.17.0