Eight off by one errors ?

Question

Eight off by one errors ?

dcb314 opened this issue 3 years ago · 1 comments

Static analyser cppcheck says:

../slirp/misc.c:630:6: error: Width 256 given in format string (no. 1) is larger than destination buffer 'buff2[256]', use %255s
to prevent overflowing it. [invalidScanfFormatWidth]
../slirp/misc.c:630:6: error: Width 256 given in format string (no. 2) is larger than destination buffer 'buff1[256]', use %255s
to prevent overflowing it. [invalidScanfFormatWidth]
../slirp/misc.c:645:7: error: Width 256 given in format string (no. 1) is larger than destination buffer 'buff1[256]', use %255s
to prevent overflowing it. [invalidScanfFormatWidth]
../slirp/tcp_subr.c:966:8: error: Width 256 given in format string (no. 7) is larger than destination buffer 'buff[256]', use %2
55[^] to prevent overflowing it. [invalidScanfFormatWidth]
../slirp/tcp_subr.c:997:8: error: Width 256 given in format string (no. 7) is larger than destination buffer 'buff[256]', use %2
55[^] to prevent overflowing it. [invalidScanfFormatWidth]
../slirp/tcp_subr.c:1057:7: error: Width 256 given in format string (no. 1) is larger than destination buffer 'buff[256]', use %
255s to prevent overflowing it. [invalidScanfFormatWidth]
../slirp/tcp_subr.c:1065:14: error: Width 256 given in format string (no. 1) is larger than destination buffer 'buff[256]', use
%255s to prevent overflowing it. [invalidScanfFormatWidth]
../slirp/tcp_subr.c:1073:14: error: Width 256 given in format string (no. 1) is larger than destination buffer 'buff[256]', use
%255s to prevent overflowing it. [invalidScanfFormatWidth]

Answer 1 · 2024-08-08T16:37:58.000Z

Nice find!