Joan Lledó, le sam. 11 août 2018 18:17:10 +0200, a ecrit: > GCC 8 new warning -Wstringop-truncation detected some buffer overflows. > > * lwip/options.c (parse_opt): Fix the buffer overflow. > * lwip/pfinet-ops.c (dev_ifconf): Likewise. > --- > lwip/options.c | 2 +- > lwip/pfinet-ops.c | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/lwip/options.c b/lwip/options.c > index 6591ac52..d35b9f32 100644 > --- a/lwip/options.c > +++ b/lwip/options.c > @@ -133,7 +133,7 @@ parse_opt (int opt, char *arg, struct argp_state *state) > } > in = h->curint; > > - strncpy (in->dev_name, arg, DEV_NAME_LEN); > + strncpy (in->dev_name, arg, sizeof(in->dev_name)-1);
Mmm, but if arg is longer than the given size and doesn't contain a \0, in->dev_name will not contain one either? > break; > > case 'a': > diff --git a/lwip/pfinet-ops.c b/lwip/pfinet-ops.c > index 56b7dcd1..1af2a3fe 100644 > --- a/lwip/pfinet-ops.c > +++ b/lwip/pfinet-ops.c > @@ -61,7 +61,7 @@ dev_ifconf (struct ifconf *ifc) > memset (ifr, 0, sizeof (struct ifreq)); > > strncpy (ifr->ifr_name, netif_get_state (netif)->devname, > - strlen (netif_get_state (netif)->devname) + 1); > + sizeof (ifr->ifr_name)-1); Similarly. Samuel
