about summary refs log tree commit diff homepage
diff options
context:
space:
mode:
authorLukas Zaoral <lzaoral@redhat.com>2021-04-14 21:23:24 +0200
committerCristian Cadar <c.cadar@imperial.ac.uk>2021-04-18 20:04:46 +0100
commita0e2d3c837ddd4398ff3af76c34ddeb32d70e7b5 (patch)
tree32b6b7a6bf68ce9428405761679074a8efe3566e
parentb0aef8ebc9d53945549fc477558a4437baa46e2d (diff)
downloadklee-a0e2d3c837ddd4398ff3af76c34ddeb32d70e7b5.tar.gz
klee-replay: Fix -Wformat-truncation warning
Increase the size of the buffer to PATH_MAX in create_link as that is the
maximal possible length of fname and check whether output truncation occurred.

Fixes:
tools/klee-replay/file-creator.c: In function 'create_file':
tools/klee-replay/file-creator.c:55:31: warning: '%s' directive output may be truncated writing up to 4095 bytes into a region of size 64 [-Wformat-truncation=]
   55 |   snprintf(buf, sizeof(buf), "%s.lnk", fname);
      |                               ^~
......
  344 |   target = tmpname;
      |            ~~~~~~~
In file included from /usr/include/stdio.h:866,
                 from tools/klee-replay/file-creator.c:16:
/usr/include/bits/stdio2.h:70:10: note: '__snprintf_chk' output between 5 and 4100 bytes into a destination of size 64
   70 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   71 |        __bos (__s), __fmt, __va_arg_pack ());
      |        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-rw-r--r--tools/klee-replay/file-creator.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/tools/klee-replay/file-creator.c b/tools/klee-replay/file-creator.c
index f843a1eb..497cf1c3 100644
--- a/tools/klee-replay/file-creator.c
+++ b/tools/klee-replay/file-creator.c
@@ -49,10 +49,15 @@ static void check_file(int index, exe_disk_file_t *dfile);
 static int create_link(const char *fname,
                        exe_disk_file_t *dfile,
                        const char *tmpdir) {
-  char buf[64];
+  char buf[PATH_MAX];
   struct stat64 *s = dfile->stat;
 
-  snprintf(buf, sizeof(buf), "%s.lnk", fname);
+  // make sure that the .lnk suffix is not truncated
+  if (snprintf(buf, sizeof buf, "%s.lnk", fname) >= PATH_MAX) {
+    fputs("create_link: fname is too long for additional .lnk suffix", stderr);
+    return -1;
+  }
+
   s->st_mode = (s->st_mode & ~S_IFMT) | S_IFREG;
   create_file(-1, buf, dfile, tmpdir);