libs3 icon indicating copy to clipboard operation
libs3 copied to clipboard
verified publisher icon bji

src/request.c:298: out of scope ?

Open dcb314 opened this issue 7 years ago • 6 comments

[src/request.c:293] -> [src/request.c:290] -> [src/request.c:298]: (error) Using pointer to local variable 'headerNameWithPrefix' that is out of scope.

Source code is

if (addPrefix) {
    char headerNameWithPrefix[S3_MAX_METADATA_SIZE - sizeof(": v")];
    snprintf(headerNameWithPrefix, sizeof(headerNameWithPrefix),
             S3_METADATA_HEADER_NAME_PREFIX "%s", headerName);
    headerStr = headerNameWithPrefix;
}

// Make sure the new header (plus ": " plus string terminator) will fit
// in the buffer.
if ((values->amzHeadersRawLength + strlen(headerStr) + strlen(headerValue)
    + 3) >= sizeof(values->amzHeadersRaw)) {

dcb314 avatar Nov 29 '18 11:11 dcb314

Looks like it indeed.

aghiles avatar Nov 29 '18 12:11 aghiles

I guess I missed that when I reviewed commit da1f0fb5e0f a couple of years ago.

Luckily, there are no other locals to push on the stack in that function; the only other local is a loop variable likely kept in a register by the compiler.

So I don't think this is likely to actually be a problem in any realistically compiled binaries, but it definitely should be fixed.

I am assuming that your compiler or whatever tool you are using to detect this error didn't find any other such problems in the code, which is at least encouraging.

bji avatar Nov 29 '18 18:11 bji

I am assuming that your compiler or whatever tool you are using to detect this error didn't find any other such problems in the code, which is at least encouraging.

False assumption. I only gave you the most serious. Here is a warning it made:

src/request.c:844]: (warning) %d in format string (no. 1) requires 'int' but the argument type is 'unsigned int'.

dcb314 avatar Nov 29 '18 19:11 dcb314

Some warnings from the compiler:

src/request.c:993:77: warning: '%s' directive output may be truncated writing up to 64 bytes into a region of size between 17 and 144 [-Wformat-truncation=] src/request.c:1059:74: warning: '%s' directive output may be truncated writing up to 2511 bytes into a region of size between 875 and 966 [-Wformat-truncation=] src/request.c:1461:51: warning: '%s' directive output may be truncated writing up to 64 bytes into a region of size between 31 and 96 [-Wformat-truncation=] src/request.c:1760:14: warning: '%s' directive output may be truncated writing up to 2511 bytes into a region of size between 170 and 329 [-Wformat-truncation=]

dcb314 avatar Nov 29 '18 19:11 dcb314

OK I believe I fixed all in my recent commit 4f2db1ebfa82cc4b364a891e1deeaa73dfda9c24.

Except this; I'm not sure my compiler showed me this one:

src/request.c:844]: (warning) %d in format string (no. 1) requires 'int' but the argument type is 'unsigned int'.

bji avatar Nov 29 '18 19:11 bji

gcc flag -Wformat-signedness will help with the last one.

I used static analyser cppcheck, available from sourceforge. I recommend it for all C/C++ code.

dcb314 avatar Nov 29 '18 21:11 dcb314