BUG: Possible buffer overflow

When compiling motion, there is a warning concerning a possible buffer overflow. This kind of things prevents the package from being included in some Linux distributions for security reasons. See the log below. Built with gcc version 4.3.2 20081105 (Red Hat 4.3.2-7) (GCC)

I'm not a C programmer, so discard this report if it's not your fault

make
...
gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -D_REENTRANT -DHAVE_FFMPEG -I/usr/include/ffmpeg -DFFMPEG_NEW_INCLUDES -DHAVE_FFMPEG_NEW -DMOTION_V4L2 -DTYPE_32BIT="int" -DHAVE_BSWAP    -Wall -DVERSION=\"3.2.11\" -Dsysconfdir=\"/etc/motion\"    -c -o video2.o video2.c
In function 'strncat',
    inlined from 'v4l_open_vidpipe' at video.c:507:
/usr/include/bits/string3.h:153: warning: call to __builtin___strncat_chk might overflow destination buffer
...

Environment

Motion version:	3.2.11
ffmpeg version:	ffmpeg-0.4.9-0.54.20080908.fc10.x86_64
Shared libraries:	ffmpeg
Server OS:	Fedora 10 x86_64

-- StevenM - 03 Mar 2009

Follow up

Fix record

This is already fixed in trunk , it's a warning from GCC 4.3 but i think was not a real issue.

-- AngelCarpintero - 05 Mar 2009

BugReportForm edit

TopicTitle	Possible buffer overflow
BugStatus	Released
AssignedBugTo
SubmittedBy	StevenM

Topic revision: r3 - 10 Aug 2009, AngelCarpintero

Motion

Welcome

Motion Web
Motion Home

Copyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Please do not email Kenneth for support questions (read why). Use the Support Requests page or join the Mailing List.
This website only use harmless session cookies. See Cookie Policy for details. By using this website you accept the use of these cookies.