Possible overflow bug?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



While doing some related work I built openssh 9.3p1 with -fsanitize=address and this came up during compilation.

In file included from /usr/include/string.h:535,
                 from kex.c:34:
In function 'explicit_bzero',
    inlined from 'kex_free_newkeys' at kex.c:743:2:
/usr/include/bits/string_fortified.h:72:3: warning: '__explicit_bzero_chk' writing 48 bytes into a region of size 8 overflows the destination [-Wstringop-overflow=]
   72 |   __explicit_bzero_chk (__dest, __len, __glibc_objsize0 (__dest));
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from kex.c:53:
kex.h: In function 'kex_free_newkeys':
kex.h:116:18: note: destination object 'name' of size 8
  116 |         char    *name;
      |                  ^~~~
/usr/include/bits/string_fortified.h:66:6: note: in a call to function '__explicit_bzero_chk' declared with attribute 'access (write_only, 1, 2)' 66 | void __explicit_bzero_chk (void *__dest, size_t __len, size_t __destlen)

Not sure if this is a real problem or not but I thought I'd pass it over just in case.

Chris
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux