From c7344d33587bc5b781b958315c643284e2e9cf18 Mon Sep 17 00:00:00 2001 From: Bernhard Voelker Date: Sun, 8 Jul 2018 00:18:03 +0200 Subject: [PATCH 178/224] ftsfind.c: avoid buffer overflow in -D code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reported by GCC 8.1.1: ftsfind.c: In function ‘get_fts_info_name’: ftsfind.c:164:23: warning: ‘%d’ directive writing between 1 and 11 bytes into a region of size 9 [-Wformat-overflow=] sprintf (buf, "[%d]", info); ^~ ftsfind.c:164:7: note: ‘sprintf’ output between 4 and 14 bytes into a destination of size 10 sprintf (buf, "[%d]", info); ^~~~~~~~~~~~~~~~~~~~~~~~~~~ * find/ftsfind.c (get_fts_info_name): Increase buffer from 10 to 14 to be able to hold the 11-char string representation of the %d format, the surrounding '[' and ']', plus the terminating NULL character. --- find/ftsfind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/find/ftsfind.c b/find/ftsfind.c index 607ea8d3..57804950 100644 --- a/find/ftsfind.c +++ b/find/ftsfind.c @@ -143,7 +143,7 @@ static void init_mounted_dev_list (void); static const char * get_fts_info_name (int info) { - static char buf[10]; + static char buf[14]; switch (info) { HANDLECASE(FTS_D); -- 2.19.1