[pacman-dev] [PATCH] package.c, fix incorrect buffersize

Pierre Neidhardt ambrevar at gmail.com
Sun Nov 1 10:23:28 UTC 2015


On 15-11-01 19:50:56, Allan McRae wrote:
> On 01/11/15 10:32, Rikard Falkeborn wrote:
> > Correct title_suffix_len to be the actual number of elements in
> > the string (including the NUL-terminator) instead of the size
> > of a pointer.
> > 
> > Note that wmemcpy blindly copies the number of wide characters it is told
> > to copy (no check for NUL-terminating character), so this previously copied
> > data outside of title_suffix.
> > 
> 
> This is actually not the cause of the warning from clang...   But it
> does fix it (unlike all the other suggestions in the thread).
>
> package.c:95:34: error: variable length array folded to constant array as an
>       extension [-Werror,-Wgnu-folding-constant]
>         wchar_t wbuf[ARRAYSIZE(titles)][TITLE_MAXLEN + title_suffix_len];
>                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> package.c:81:22: note: expanded from macro 'TITLE_MAXLEN'
> #define TITLE_MAXLEN 50
>                      ^

Right, there were two errors here. One was the memory overflow pointed out by
Rikard.

If I'm not mistaken, the second one reported by clang comes from that 'const'
variables are not constants semantically speaking, they are immutable. And a
constant array must be initialized with constant size(s). Crap. :(

Simpler fix would be:

- static const wchar_t title_suffix[] = L" :";
- static const size_t title_suffix_len = sizeof(title_suffix);
- wchar_t wbuf[ARRAYSIZE(titles)][TITLE_MAXLEN + title_suffix_len];
+ static const wchar_t title_suffix[] = L" :";
+ wchar_t wbuf[ARRAYSIZE(titles)][TITLE_MAXLEN + ARRAYSIZE(title_suffix)];

...

- wmemcpy(wbuf[i] + max, title_suffix, title_suffix_len);
+ wmemcpy(wbuf[i] + max, title_suffix, ARRAYSIZE(title_suffix));

-- 
Pierre Neidhardt


More information about the pacman-dev mailing list