fdo-mirrors/weston
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/wayland/weston.git synced 2026-06-13 00:09:27 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

backend-rdp: fix sprintf compiler warning

Browse source 
This patch seems to fix the following compiler warning (as error) from
GCC 16.1.1:

../../git/weston/libweston/backend-rdp/rdpclip.c: In function ‘clipboard_process_html’:
../../git/weston/libweston/backend-rdp/rdpclip.c:417:31: error: ‘%08u’ directive writing between 8 and 10 bytes into a region of size 0 [-Werror=format-overflow=]
  417 |                 sprintf(cur, "%08u", fragment_start);
      |                               ^~~~
../../git/weston/libweston/backend-rdp/rdpclip.c:417:17: note: ‘sprintf’ output between 9 and 11 bytes into a destination of size 0
  417 |                 sprintf(cur, "%08u", fragment_start);
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../git/weston/libweston/backend-rdp/rdpclip.c:420:31: error: ‘%08u’ directive writing between 8 and 10 bytes into a region of size 0 [-Werror=format-overflow=]
  420 |                 sprintf(cur, "%08u", fragment_end);
      |                               ^~~~
../../git/weston/libweston/backend-rdp/rdpclip.c:420:30: note: using the range [0, 4294967295] for directive argument
  420 |                 sprintf(cur, "%08u", fragment_end);
      |                              ^~~~~~
../../git/weston/libweston/backend-rdp/rdpclip.c:420:17: note: ‘sprintf’ output between 9 and 11 bytes into a destination of size 0
  420 |                 sprintf(cur, "%08u", fragment_end);
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This is a false-positive, as the destination is fixed via the hardcoded
HTML header and the offsets into it.

First I thought the problem was with the "region of size 0" and could
not make sense of it. Turns out the warnings were triggered by the
potential of formatting numbers longer than 8 decimal characters.
Ensuring the numbers cannot need more than 8 characters makes the
compiler happy.

If the numbers were more than 8 characters, the header would get
corrupted, and the numbers itself would get corrupted. Hence it seems
prudent to just bail off in that case. Input data is not trusted anyway,
and although unlikely, a 100+ MB blob does seem possible in theory.

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
This commit is contained in:
Pekka Paalanen 2026-06-01 13:52:35 +03:00
parent 4db67f1eac
commit e36836e64f
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
libweston/backend-rdp/rdpclip.c
View file

@ -413,6 +413,10 @@ clipboard_process_html(struct rdp_clipboard_data_source *source, bool is_send)
strcat(buf, rdp_clipboard_html_fragment_end);
strcat(buf, cur);
if (fragment_start >= 100000000u ||
fragment_end >= 100000000u)
goto error_return;
cur = buf + RDP_CLIPBOARD_FRAGMENT_START_OFFSET;
sprintf(cur, "%08u", fragment_start);
*(cur+8) = '\r';