Make gcc die on init overflow of an array.

- Use -pedantic-errors with gcc to make an array-init fatal. - Fix all the extra warnings that gcc outputs due to this option. - Also add -Wno-pedantic to gcc if we're using the internal popt code (since it has lots of pedantic issues).
TomasKorbar · Sep 29, 2020 · 8f15111 · 8f15111
1 parent acca9d4
commit 8f15111
Show file tree

Hide file tree

Showing 7 changed files with 33 additions and 14 deletions.
diff --git a/configure.ac b/configure.ac
@@ -116,9 +116,9 @@ fi
 # I don't want our version too far out of sync.
 CFLAGS="$CFLAGS -DHAVE_CONFIG_H"
 
-# If GCC, turn on warnings.
+# If GCC, turn on warnings and turn pedantic warnings into errors to ensure an array-init overflow is an error.
 if test x"$GCC" = x"yes"; then
-	CFLAGS="$CFLAGS -Wall -W"
+	CFLAGS="$CFLAGS -Wall -W -pedantic-errors"
 fi
 
 AC_ARG_WITH(included-popt,
@@ -1046,6 +1046,12 @@ elif test x"$ac_cv_header_popt_h" != x"yes"; then
     with_included_popt=yes
 fi
 
+if test x"$with_included_popt" = x"yes" -a x"$GCC" = x"yes"; then
+	# Our internal popt code cannot be compiled with pedantic warnings as errors, so turn off
+	# pedantic warnings.  This does not affect the array-init overflow as an error, though.
+	CFLAGS="$CFLAGS -Wno-pedantic"
+fi
+
 AC_MSG_CHECKING([whether to use included libpopt])
 if test x"$with_included_popt" = x"yes"; then
     AC_MSG_RESULT($srcdir/popt)

diff --git a/generator.c b/generator.c
@@ -182,7 +182,8 @@ static int remember_delete(struct file_struct *file, const char *fname, int flag
 static int read_delay_line(char *buf, int *flags_p)
 {
 	static int read_pos = 0;
-	int j, len, mode;
+	unsigned int mode;
+	int j, len;
 	char *bp, *past_space;
 
 	while (1) {

diff --git a/loadparm.c b/loadparm.c
@@ -437,7 +437,7 @@ static BOOL do_parameter(char *parmname, char *parmvalue)
 		break;
 
 	case P_OCTAL:
-		sscanf(parmvalue, "%o", (int *)parm_ptr);
+		sscanf(parmvalue, "%o", (unsigned int *)parm_ptr);
 		break;
 
 	case P_PATH:

diff --git a/log.c b/log.c
@@ -838,14 +838,24 @@ void maybe_log_item(struct file_struct *file, int iflags, int itemizing, const c
 
 void log_delete(const char *fname, int mode)
 {
-	static struct {
-		union file_extras ex[4]; /* just in case... */
-		struct file_struct file;
-	} x; /* Zero-initialized due to static declaration. */
+	static struct file_struct *file = NULL;
 	int len = strlen(fname);
 	const char *fmt;
 
-	x.file.mode = mode;
+	if (!file) {
+		int extra_len = (file_extra_cnt + 2) * EXTRA_LEN;
+		char *bp;
+#if EXTRA_ROUNDING > 0
+		if (extra_len & (EXTRA_ROUNDING * EXTRA_LEN))
+			extra_len = (extra_len | (EXTRA_ROUNDING * EXTRA_LEN)) + EXTRA_LEN;
+#endif
+
+		bp = new_array0(char, FILE_STRUCT_LEN + extra_len + 1);
+		bp += extra_len;
+		file = (struct file_struct *)bp;
+	}
+
+	file->mode = mode;
 
 	if (am_server && protocol_version >= 29 && len < MAXPATHLEN) {
 		if (S_ISDIR(mode))
@@ -855,14 +865,14 @@ void log_delete(const char *fname, int mode)
 		;
 	else {
 		fmt = stdout_format_has_o_or_i ? stdout_format : "deleting %n";
-		log_formatted(FCLIENT, fmt, "del.", &x.file, fname, ITEM_DELETED, NULL);
+		log_formatted(FCLIENT, fmt, "del.", file, fname, ITEM_DELETED, NULL);
 	}
 
 	if (!logfile_name || dry_run || !logfile_format)
 		return;
 
 	fmt = logfile_format_has_o_or_i ? logfile_format : "deleting %n";
-	log_formatted(FLOG, fmt, "del.", &x.file, fname, ITEM_DELETED, NULL);
+	log_formatted(FLOG, fmt, "del.", file, fname, ITEM_DELETED, NULL);
 }
 
 /*

diff --git a/tls.c b/tls.c
@@ -60,7 +60,8 @@ int nsec_times = 0;
 
 static int stat_xattr(const char *fname, STRUCT_STAT *fst)
 {
-	int mode, rdev_major, rdev_minor, uid, gid, len;
+	unsigned int mode;
+	int rdev_major, rdev_minor, uid, gid, len;
 	char buf[256];
 
 	if (am_root >= 0 || IS_DEVICE(fst->st_mode) || IS_SPECIAL(fst->st_mode))

diff --git a/token.c b/token.c
@@ -570,7 +570,7 @@ static int32 recv_deflated_token(int f, char **data)
 				rx_strm.avail_in = 4;
 				rx_strm.next_in = (Bytef *)cbuf;
 				cbuf[0] = cbuf[1] = 0;
-				cbuf[2] = cbuf[3] = 0xff;
+				cbuf[2] = cbuf[3] = (char)0xff;
 				inflate(&rx_strm, Z_SYNC_FLUSH);
 				recv_state = r_idle;
 			}

diff --git a/xattrs.c b/xattrs.c
@@ -1118,7 +1118,8 @@ int del_def_xattr_acl(const char *fname)
 
 int get_stat_xattr(const char *fname, int fd, STRUCT_STAT *fst, STRUCT_STAT *xst)
 {
-	int mode, rdev_major, rdev_minor, uid, gid, len;
+	unsigned int mode;
+	int rdev_major, rdev_minor, uid, gid, len;
 	char buf[256];
 
 	if (am_root >= 0 || IS_DEVICE(fst->st_mode) || IS_SPECIAL(fst->st_mode))