Skip to content

gcc 13.2.0: bogus Wstringop-overflow in qrencode MQRspec_createFrame (-O3 only) #1541

New issue
Jump to bottom
New issue
Jump to bottom
Open
Open
gcc 13.2.0: bogus Wstringop-overflow in qrencode MQRspec_createFrame (-O3 only)#1541
Labels
buildinvalid
@evoskuil

Description

@evoskuil
evoskuil
opened on Oct 25, 2024
static unsigned char *MQRspec_createFrame(int version)
{
	unsigned char *frame, *p, *q;
	int width;
	int x, y;

	width = mqrspecCapacity[version].width;
	frame = (unsigned char *)malloc((size_t)(width * width));
	if(frame == NULL) return NULL;

	memset(frame, 0, (size_t)(width * width));
	/* Finder pattern */
	putFinderPattern(frame, width, 0, 0);
	/* Separator */
	p = frame;
	for(y = 0; y < 7; y++) {
		p[7] = 0xc0;
		p += width;
	}
	memset(frame + width * 7, 0xc0, 8);
	/* Mask format information area */
	memset(frame + width * 8 + 1, 0x84, 8);
	p = frame + width + 8;
	for(y = 0; y < 7; y++) {
		*p = 0x84;
		p += width;
	}
	/* Timing pattern */
	p = frame + 8;
	q = frame + width * 8;
	for(x = 1; x < width-7; x++) {
		*p =  0x90 | (x & 1);
		*q =  0x90 | (x & 1);
		p++;
		q += width;
	}

	return frame;
}

In relation to the above code, the warnings below imply that frame + width * 7 and frame + width * 8 + 1 may be zero, which cannot be the case. The minimum non-zero value for width is 21, and if when it is zero frame == NULL.

	width = mqrspecCapacity[version].width;
	frame = (unsigned char *)malloc((size_t)(width * width));
	if(frame == NULL) return NULL;
In function 'memset',
    inlined from 'MQRspec_createFrame' at src/wallet/addresses/qrencode/mqrspec.c:206:2,
    inlined from 'MQRspec_newFrame' at src/wallet/addresses/qrencode/mqrspec.c:231:9:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:59:10: warning: '__builtin___memset_chk' writing 8 bytes into a region of size 0 overflows the destination [-Wstringop-overflow=]
   59 |   return __builtin___memset_chk (__dest, __ch, __len,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   60 |                                  __glibc_objsize0 (__dest));
      |                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~

In function 'memset',
    inlined from 'MQRspec_createFrame' at src/wallet/addresses/qrencode/mqrspec.c:208:2,
    inlined from 'MQRspec_newFrame' at src/wallet/addresses/qrencode/mqrspec.c:231:9:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:59:10: warning: '__builtin___memset_chk' writing 8 bytes into a region of size 0 overflows the destination [-Wstringop-overflow=]
   59 |   return __builtin___memset_chk (__dest, __ch, __len,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   60 |                                  __glibc_objsize0 (__dest));
      |                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~

Metadata

Assignees

No one assigned

    Labels

    buildinvalid

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions