[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[groff] 01/01: src/roff/troff/input.cpp: Hush compiler warning.
From: |
G. Branden Robinson |
Subject: |
[groff] 01/01: src/roff/troff/input.cpp: Hush compiler warning. |
Date: |
Tue, 6 Nov 2018 06:18:45 -0500 (EST) |
gbranden pushed a commit to branch master
in repository groff.
commit fca2b723e7f1dc65057841e9eefc5b074786c4e1
Author: G. Branden Robinson <address@hidden>
Date: Tue Nov 6 05:53:52 2018 -0500
src/roff/troff/input.cpp: Hush compiler warning.
* src/roff/troff/input.cpp (macro_source): GCC 8 dislikes it,
throwing a stringop-overflow warning, when the length argument
to strncat() is computed based on the length of the source
argument rather than the destination. It's a reasonable
warning, but GCC is not smart enough to discern that our
destination string was allocated based on the length of a
superset of the source string, and so cannot overflow.
GCC 8 is not fooled if the length of the source string is
computed in the same basic block as the strncat(), but it is
if we lift it outside. This has the side benefit of slightly
greater efficiency in that we compute strlen(fn) only once
instead of up to three times in the case that someone does an
.mso of "foobar.tmac" but that file is not present and
"tmac.foobar" is attempted instead.
For background, see
<https://www.us-cert.gov/bsi/articles/knowledge/coding-practices/strncpy-and-strncat>.
Fixes <https://savannah.gnu.org/bugs/index.php?54968>.
Signed-off-by: G. Branden Robinson <address@hidden>
---
src/roff/troff/input.cpp | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/roff/troff/input.cpp b/src/roff/troff/input.cpp
index fbffe38..6af7a03 100644
--- a/src/roff/troff/input.cpp
+++ b/src/roff/troff/input.cpp
@@ -7701,19 +7701,20 @@ void macro_source()
// FOOBAR.tmac and vice versa
if (!fp) {
const char *fn = nm.contents();
+ int fnlen = strlen(fn);
if (strncasecmp(fn, MACRO_PREFIX, sizeof(MACRO_PREFIX) - 1) == 0) {
- char *s = new char[strlen(fn) + sizeof(MACRO_POSTFIX)];
+ char *s = new char[fnlen + sizeof(MACRO_POSTFIX)];
strcpy(s, fn + sizeof(MACRO_PREFIX) - 1);
strcat(s, MACRO_POSTFIX);
fp = mac_path->open_file(s, &path);
a_delete s;
}
if (!fp) {
- if (strncasecmp(fn + strlen(fn) - sizeof(MACRO_POSTFIX) + 1,
+ if (strncasecmp(fn + fnlen - sizeof(MACRO_POSTFIX) + 1,
MACRO_POSTFIX, sizeof(MACRO_POSTFIX) - 1) == 0) {
- char *s = new char[strlen(fn) + sizeof(MACRO_PREFIX)];
+ char *s = new char[fnlen + sizeof(MACRO_PREFIX)];
strcpy(s, MACRO_PREFIX);
- strncat(s, fn, strlen(fn) - sizeof(MACRO_POSTFIX) + 1);
+ strncat(s, fn, fnlen - sizeof(MACRO_POSTFIX) + 1);
fp = mac_path->open_file(s, &path);
a_delete s;
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [groff] 01/01: src/roff/troff/input.cpp: Hush compiler warning.,
G. Branden Robinson <=