search

alibaba / xquic

XQUIC Library released by Alibaba is a cross-platform implementation of QUIC and HTTP/3 protocol.
Apache License 2.0
1.65k stars 326 forks source link

[Bug]: 编译错误,指定的界限取决于源参数的长度 #262

Closed lz-Cahpt closed 12 months ago

lz-Cahpt commented 1 year ago

What happened?

在src/tls/xqc_tls.c的xqc_tls_set_alpn函数中,先使用strlen获得alpn长度,然后又将这个长度作为strncpy的参数。建议将size_t alpn_len = strlen(alpn)改为size_t alpn_len = strnlen(alpn, 128)。

Steps To Reproduce

使用GCC 11.1.0 x86_64-linux-gun编译器构建项目

Relevant log output

[  1%] Building C object CMakeFiles/xquic-static.dir/src/tls/xqc_tls.c.o
[  2%] Building C object CMakeFiles/xquic.dir/src/tls/xqc_tls.c.o
In file included from /usr/include/string.h:519,
                 from /home/ubuntu/Downloads/xquic-1.2.0-stable/src/common/xqc_common.h:8,
                 from /home/ubuntu/Downloads/xquic-1.2.0-stable/src/tls/xqc_tls_defs.h:9,
                 from /home/ubuntu/Downloads/xquic-1.2.0-stable/src/tls/xqc_tls.h:11,
                 from /home/ubuntu/Downloads/xquic-1.2.0-stable/src/tls/xqc_tls.c:5:
In function ‘strncpy’,
    inlined from ‘xqc_tls_set_alpn’ at /home/ubuntu/Downloads/xquic-1.2.0-stable/src/tls/xqc_tls.c:171:5:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:95:10: error: ‘__builtin_strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-truncation]
   95 |   return __builtin___strncpy_chk (__dest, __src, __len,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   96 |                                   __glibc_objsize (__dest));
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~
/home/ubuntu/Downloads/xquic-1.2.0-stable/src/tls/xqc_tls.c: In function ‘xqc_tls_set_alpn’:
/home/ubuntu/Downloads/xquic-1.2.0-stable/src/tls/xqc_tls.c:151:23: note: length computed here
  151 |     size_t alpn_len = strlen(alpn);
      |                       ^~~~~~~~~~~~
In file included from /usr/include/string.h:519,
                 from /home/ubuntu/Downloads/xquic-1.2.0-stable/src/common/xqc_common.h:8,
                 from /home/ubuntu/Downloads/xquic-1.2.0-stable/src/tls/xqc_tls_defs.h:9,
                 from /home/ubuntu/Downloads/xquic-1.2.0-stable/src/tls/xqc_tls.h:11,
                 from /home/ubuntu/Downloads/xquic-1.2.0-stable/src/tls/xqc_tls.c:5:
In function ‘strncpy’,
    inlined from ‘xqc_tls_set_alpn’ at /home/ubuntu/Downloads/xquic-1.2.0-stable/src/tls/xqc_tls.c:171:5:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:95:10: error: ‘__builtin_strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-truncation]
   95 |   return __builtin___strncpy_chk (__dest, __src, __len,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   96 |                                   __glibc_objsize (__dest));
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~
/home/ubuntu/Downloads/xquic-1.2.0-stable/src/tls/xqc_tls.c: In function ‘xqc_tls_set_alpn’:
/home/ubuntu/Downloads/xquic-1.2.0-stable/src/tls/xqc_tls.c:151:23: note: length computed here
  151 |     size_t alpn_len = strlen(alpn);
      |                       ^~~~~~~~~~~~
cc1: all warnings being treated as errors
make[2]: *** [CMakeFiles/xquic-static.dir/build.make:557:CMakeFiles/xquic-static.dir/src/tls/xqc_tls.c.o] 错误 1
make[1]: *** [CMakeFiles/Makefile2:105:CMakeFiles/xquic-static.dir/all] 错误 2
make[1]: *** 正在等待未完成的任务....
cc1: all warnings being treated as errors
make[2]: *** [CMakeFiles/xquic.dir/build.make:557:CMakeFiles/xquic.dir/src/tls/xqc_tls.c.o] 错误 1
make[1]: *** [CMakeFiles/Makefile2:78:CMakeFiles/xquic.dir/all] 错误 2
make: *** [Makefile:84:all] 错误 2
Kulsk commented 12 months ago

fixed on aea7ffb