Use proper buffer size in tt_user.c's digit_suffix #582
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Modern Ubuntu (e.g. GitHub Actions' `ubuntu-latest`), among other distros, compiles with `-D_FORTIFY_SOURCE=3` which does neat things like checking `strlcpy` won't overflow. `tt_user_s` has a `char digit_suffix[3+1]`, so when attempting to `strlcpy` into it with length 5, this triggers a buffer overflow error for safety reasons (even though the source string only has length 4) Let's instead pass a size to `digit_suffix` and use that.
doismellburning
added a commit
to doismellburning/samoyed
that referenced
this pull request
Jul 19, 2025
Incorporates the digit_suffix buffer length fix from wb2osz/direwolf#582 to avoid buffer overflow assertions when running with -D_FORTIFY_SOURCE=3
|
Note that this was found by running the test in tt_user.c - I think it would probably be good if this were run automatically |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Modern Ubuntu (e.g. GitHub Actions'
ubuntu-latest), among other distros, compiles with-D_FORTIFY_SOURCE=3which does neat things like checkingstrlcpywon't overflow.tt_user_shas achar digit_suffix[3+1], so when attempting tostrlcpyinto it with length 5, this triggers a buffer overflow error for safety reasons (even though the source string only has length 4)Let's instead pass a size to
digit_suffixand use that.