1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
From 065a471d16636c3fba5da8aed86ffa30dcfd489b Mon Sep 17 00:00:00 2001
From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
Date: Wed, 20 Mar 2019 13:22:51 -0500
Subject: [PATCH 1/2] CSecurityTLS: Use size_t as argument for new
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Using an 'int' is invalid, and produces the following output under GCC 8.3.0:
tigervnc-1.9.0/common/rfb/CSecurityTLS.cxx: In member function ‘void rfb::CSecurityTLS::checkSession()’:
tigervnc-1.9.0/common/rfb/CSecurityTLS.cxx:384:11: error: specified bound range [18446744071562067968, 18446744073709551615] exceeds ‘INT_MAX’ [-Werror=format-truncation=]
snprintf(certinfo, len, "This certificate has been signed by an unknown "
~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"authority:\n\n%s\n\nDo you want to save it and "
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"continue? ", info.data);
~~~~~~~~~~~~~~~~~~~~~~~~
tigervnc-1.9.0/common/rfb/CSecurityTLS.cxx:380:26: error: argument 1 range [18446744071562067968, 18446744073709551615] exceeds maximum object size 9223372036854775807 [-Werror=alloc-size-larger-than=]
certinfo = new char[len];
^
In file included from /usr/include/c++/8.3.0/ext/new_allocator.h:33,
from /usr/include/c++/8.3.0/powerpc64-foxkit-linux-musl/bits/c++allocator.h:33,
from /usr/include/c++/8.3.0/bits/allocator.h:46,
from /usr/include/c++/8.3.0/bits/stl_tree.h:64,
from /usr/include/c++/8.3.0/set:60,
from tigervnc-1.9.0/common/rfb/ConnParams.h:26,
from tigervnc-1.9.0/common/rfb/SMsgHandler.h:28,
from tigervnc-1.9.0/common/rfb/SConnection.h:29,
from tigervnc-1.9.0/common/rfb/SSecurity.h:47,
from tigervnc-1.9.0/common/rfb/SSecurityStack.h:23,
from tigervnc-1.9.0/common/rfb/SSecurityVeNCrypt.h:32,
from tigervnc-1.9.0/common/rfb/CSecurityTLS.h:34,
from tigervnc-1.9.0/common/rfb/CSecurityTLS.cxx:36:
/usr/include/c++/8.3.0/new:122:7: note: in a call to allocation function ‘void* operator new [](std::size_t)’ declared here
void* operator new[](std::size_t) _GLIBCXX_THROW (std::bad_alloc)
^~~~~~~~
---
common/rfb/CSecurityTLS.cxx | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index c6d1e310..235df45d 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -383,7 +383,7 @@ void CSecurityTLS::checkSession()
size_t out_size = 0;
char *out_buf = NULL;
char *certinfo = NULL;
- int len = 0;
+ size_t len = 0;
vlog.debug("certificate issuer unknown");
@@ -403,7 +403,7 @@ void CSecurityTLS::checkSession()
"authority:\n\n%s\n\nDo you want to save it and "
"continue? ", info.data);
- for (int i = 0; i < len - 1; i++)
+ for (size_t i = 0; i < len - 1; i++)
if (certinfo[i] == ',' && certinfo[i + 1] == ' ')
certinfo[i] = '\n';
--
2.19.2
|
