Bug 1932066 - Cannot build with -Werror=stringop-truncation
Summary: Cannot build with -Werror=stringop-truncation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: libss7
Version: 35
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Ben Beasley
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-02-23 20:10 UTC by Ben Beasley
Modified: 2021-09-24 20:10 UTC (History)
4 users (show)

Fixed In Version: libss7-2.0.1-1.fc36 libss7-2.0.1-1.el8 libss7-2.0.1-1.el7 libss7-2.0.1-1.fc34 libss7-2.0.1-1.fc33 libss7-2.0.1-1.fc35
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-08-27 16:12:15 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
Complete compiler diagnostic output (9.15 KB, text/plain)
2021-02-23 20:10 UTC, Ben Beasley
no flags Details

Description Ben Beasley 2021-02-23 20:10:05 UTC
Created attachment 1758941 [details]
Complete compiler diagnostic output

Description of problem:

Cannot build with -Werror=stringop-truncation, which is part of the usual hardening flags.

Version-Release number of selected component (if applicable):

All versions

How reproducible:

Steps to Reproduce:
1. Remove the line
     export CFLAGS="${CFLAGS} -Wno-error=stringop-truncation"
   from the spec file.
2. Build the RPM.
3. Observe the RPM build fails with an error.

Actual results:

Cannot build with -Werror=stringop-truncation.

Expected results:

Nothing in the code triggers these warnings.

Additional info:

Currently these warnings are still reported in the build, but are not treated as errors.

These warnings look like real problems, and should be reported upstream.

This bug is to track the problem, and any efforts to resolve it properly.

Comment 1 Fedora Admin user for bugzilla script actions 2021-02-24 02:35:15 UTC
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.

Comment 2 Ben Beasley 2021-03-27 13:52:29 UTC
Here is an example of the warnings about strncpy().

> In file included from /usr/include/string.h:519,
>                  from isup.c:32:
> In function 'strncpy',
>     inlined from 'isup_set_calling' at isup.c:2879:4,
>     inlined from 'isup_set_calling' at isup.c:2875:6:
> /usr/include/bits/string_fortified.h:91:10: warning: 'strncpy' specified bound 64 equals destination size [-Wstringop-truncation]
>    91 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
>       |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

> void isup_set_calling(struct isup_call *c, const char *calling, unsigned char calling_nai, unsigned char presentation_ind, unsigned char screening_ind)
> {
>         if ((calling && calling[0]) || presentation_ind == SS7_PRESENTATION_ADDR_NOT_AVAILABLE) {
>                 if (calling) {
>                         strncpy(c->calling_party_num, calling, sizeof(c->calling_party_num));
>                 } else {
>                         c->calling_party_num[0] = '\0';
>                 }
>                 c->calling_nai = calling_nai;
>                 c->presentation_ind = presentation_ind;
>                 c->screening_ind = screening_ind;
>         }
> }

There are a number of similar warnings about strncpy() for other fields. In this case, the intent seems to be that the argument “calling” is copied into the struct field with null-termination, truncating any overlong string. But strncpy does not guarantee null-termination. It is likely that the code should have been something like:

>                 if (calling) {
>                         strncpy(c->calling_party_num, calling, sizeof(c->calling_party_num));
>                         c->calling_party_num[sizeof(c->calling_party_num) - 1U] = '\0';
>                 } else {

-----

The other category of strncpy() warnings is like this:

> In function 'strncpy',
>     inlined from 'isup_event_iam' at isup.c:4335:2:
> /usr/include/bits/string_fortified.h:91:10: warning: 'strncpy' output may be truncated copying 50 bytes from a string of length 63 [-Wstringop-truncation]
>    91 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
>       |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

That comes from

> strncpy(e->iam.called_party_num, c->called_party_num, sizeof(e->iam.called_party_num));

where e is an ss7_event discriminated union (from libss7.h), with the ss7_event_iam-type member active. That has “char called_party_num[50];”, which is indeed shorter than the called_party_num in “c”, which is a struct isup_call.

What should be done in this case? Is truncation appropriate? It is already happening, only without null termination.

-----

I intend to consult the upstream developers on IRC (Freenode #asterisk-dev) to see what they think of these warnings.

Comment 3 Ben Beasley 2021-04-12 13:09:43 UTC
Upstream issue: https://issues.asterisk.org/jira/browse/SS7-64

Upstream developers have been busy but plan to look at it when they can.

Comment 4 Ben Cotton 2021-08-10 12:52:49 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 35 development cycle.
Changing version to 35.

Comment 5 Fedora Update System 2021-08-27 16:10:37 UTC
FEDORA-2021-19406642b5 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2021-19406642b5

Comment 6 Fedora Update System 2021-08-27 16:12:15 UTC
FEDORA-2021-19406642b5 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 7 Fedora Update System 2021-08-27 16:28:40 UTC
FEDORA-2021-17bf9d14f8 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-17bf9d14f8

Comment 8 Fedora Update System 2021-08-27 16:38:27 UTC
FEDORA-2021-c5b708f363 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-c5b708f363

Comment 9 Fedora Update System 2021-08-27 17:10:00 UTC
FEDORA-2021-91d42ce83e has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-91d42ce83e

Comment 10 Fedora Update System 2021-08-27 17:26:23 UTC
FEDORA-2021-17bf9d14f8 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-17bf9d14f8`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-17bf9d14f8

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 11 Fedora Update System 2021-08-27 17:29:59 UTC
FEDORA-EPEL-2021-dd64ecd715 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-dd64ecd715

Comment 12 Fedora Update System 2021-08-27 17:39:37 UTC
FEDORA-EPEL-2021-37aab93b64 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-37aab93b64

Comment 13 Fedora Update System 2021-08-27 18:59:07 UTC
FEDORA-2021-91d42ce83e has been pushed to the Fedora 33 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-91d42ce83e`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-91d42ce83e

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 14 Fedora Update System 2021-08-27 19:02:46 UTC
FEDORA-EPEL-2021-dd64ecd715 has been pushed to the Fedora EPEL 8 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-dd64ecd715

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 15 Fedora Update System 2021-08-27 19:09:06 UTC
FEDORA-EPEL-2021-37aab93b64 has been pushed to the Fedora EPEL 7 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-37aab93b64

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 16 Fedora Update System 2021-08-27 19:37:12 UTC
FEDORA-2021-c5b708f363 has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-c5b708f363`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-c5b708f363

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 17 Fedora Update System 2021-09-04 19:05:06 UTC
FEDORA-EPEL-2021-dd64ecd715 has been pushed to the Fedora EPEL 8 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 18 Fedora Update System 2021-09-04 19:20:41 UTC
FEDORA-EPEL-2021-37aab93b64 has been pushed to the Fedora EPEL 7 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 19 Fedora Update System 2021-09-04 19:31:51 UTC
FEDORA-2021-c5b708f363 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 20 Fedora Update System 2021-09-04 19:35:24 UTC
FEDORA-2021-91d42ce83e has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 21 Fedora Update System 2021-09-24 20:10:09 UTC
FEDORA-2021-17bf9d14f8 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.