From: Paul Eggert <eggert@cs.ucla.edu>
To: "Basil L. Contovounesios" <contovob@tcd.ie>
Cc: 57211-done@debbugs.gnu.org
Subject: bug#57211: 29.0.50; generate-new-buffer-name sprintf format overflow warning
Date: Sun, 14 Aug 2022 13:54:08 -0700 [thread overview]
Message-ID: <9bd9ae82-8525-1d32-c4a1-5daaf909609a@cs.ucla.edu> (raw)
In-Reply-To: <87ilmulqh0.fsf@tcd.ie>
[-- Attachment #1: Type: text/plain, Size: 1133 bytes --]
On 8/14/22 09:50, Basil L. Contovounesios wrote:
> Can the upper bound 9 ever be achieved? If so, how? If not, is this a
> GCC bug? Either way, is there a way to pacify the warning?
It can't be achieved, and it's arguably a GCC bug. I installed the
attached to pacify GCC.
> int i = r % 1000000;
>
> can the result of % ever exceed INT_MAX?
No.
On 8/14/22 11:59, Matt Armstrong wrote:
> Gcc doesn't know that get_random() returns only non-negative numbers,
> and the eassume() call doesn't seem to be enough to convince gcc this
> fact, or gcc does not infer i is also non-negative.
It's worse than that. Even if you add 'eassume (0 <= i && i < 1000000);"
GCC still doesn't assume that the sprintf is in range.
> Personally, I'd change this code to use a buffer
>
> INT_BUFSIZE_BOUND(int) + sizeof "-"
The problem with overallocating buffers is not the memory loss (it's
trivial, as you say), it's that later readers like me will wonder why
the buffer is being overallocated, which is maintenance overhead.
I installed the attached to pacify GCC while also attempting to not
entirely mystify later readers.
[-- Attachment #2: 0001-Work-around-Bug-57211.patch --]
[-- Type: text/x-patch, Size: 855 bytes --]
From 23561f9665609bcb4cbe89a993a70eeccbec600e Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun, 14 Aug 2022 13:48:11 -0700
Subject: [PATCH] Work around Bug#57211
* src/buffer.c (Fgenerate_new_buffer_name): Allocate a bigger buffer.
---
src/buffer.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/buffer.c b/src/buffer.c
index 6ab516d5f5..98066a2eb6 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -1160,7 +1160,8 @@ DEFUN ("generate-new-buffer-name", Fgenerate_new_buffer_name,
genbase = name;
else
{
- char number[sizeof "-999999"];
+ enum { bug_52711 = true }; /* https://bugs.gnu.org/57211 */
+ char number[bug_52711 ? INT_BUFSIZE_BOUND (int) + 1 : sizeof "-999999"];
EMACS_INT r = get_random ();
eassume (0 <= r);
int i = r % 1000000;
--
2.34.1
prev parent reply other threads:[~2022-08-14 20:54 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-14 16:50 bug#57211: 29.0.50; generate-new-buffer-name sprintf format overflow warning Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-08-14 18:59 ` Matt Armstrong
2022-08-14 20:54 ` Paul Eggert [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9bd9ae82-8525-1d32-c4a1-5daaf909609a@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=57211-done@debbugs.gnu.org \
--cc=contovob@tcd.ie \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).