Skip to content
This repository has been archived by the owner on May 18, 2021. It is now read-only.

Getting a strncpy warning during build #104

Closed
starxfighter opened this issue Dec 18, 2018 · 15 comments
Closed

Getting a strncpy warning during build #104

starxfighter opened this issue Dec 18, 2018 · 15 comments

Comments

@starxfighter
Copy link

starxfighter commented Dec 18, 2018

Upon issuing the go get github.com/segmentio/aws-okta command the software starts downloading and installing the package. The installation errors out with the following error message:

$ go get github.com/segmentio/aws-okta                                           
# github.com/marshallbrekka/go-u2fhost/vendor/github.com/marshallbrekka/go.hid   
hid_windows.c: In function 'hid_enumerate':                                      
hid_windows.c:423:5: warning: 'strncpy' specified bound depends on the length of  the source argument [-Wstringop-overflow=]                                           
strncpy(cur_dev->path, str, len+1);                                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                          
hid_windows.c:421:11: note: length computed here                                      
len = strlen(str);                                                                     
^~~~~~~~~~~

This error prevents aws-okta from being completely installed.

@nickatsegment
Copy link
Contributor

Are you installing on Windows?

@starxfighter
Copy link
Author

Shoot...sorry I forgot to add that. The machine is a windows 10 64-bit. I also have the latest version of Go installed. I also have the latest version of MinGW64 installed. Installation of Go and MinGW64 has been tested and verified. Path variable is pointing to all of the relevant bin locations.

@nickatsegment
Copy link
Contributor

We don't use a lot of Windows at Segment, so it'll be tough for us to repro and track this down, but I'll see what I can do.

That looks like a warning, not an error; I'm surprised that'd break the whole build?

@starxfighter
Copy link
Author

Once it hits the error it terminates and doe not complete creating the bin files so the aws-okta.exe is never created.

@michaelreiser
Copy link

I getting this too.

@nickatsegment
Copy link
Contributor

@devonbleak I know you folks use Windows: are you getting this error as well? Any advice?

@devonbleak
Copy link
Contributor

devonbleak commented Feb 4, 2019

@nickatsegment Can confirm I had one report of this with mingw64 on Win10. I use win-builds gcc and haven't run into it myself.

@devonbleak
Copy link
Contributor

Submitted #118 that documents the existence of an issue with mingw-w64 gcc

@stale
Copy link

stale bot commented May 5, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label May 5, 2019
@stale stale bot closed this as completed May 13, 2019
@dave-tucker
Copy link

I think this should still be open as the warning is still present:

Windows Version

OS Name:                   Microsoft Windows 10 Pro
OS Version:                10.0.17763 N/A Build 17763

GCC Version

$ gcc --version
gcc.exe (x86_64-posix-seh-rev0, Built by MinGW-W64 project) 8.1.0
Copyright (C) 2018 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Warning

hid_windows.c: In function 'hid_enumerate':
hid_windows.c:423:5: warning: 'strncpy' specified bound depends on the length of the source argument [-Wstringop-overflow=]
     strncpy(cur_dev->path, str, len+1);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hid_windows.c:421:11: note: length computed here
     len = strlen(str);
           ^~~~~~~~~~~

@nickatsegment nickatsegment changed the title Getting a strncpy error Getting a strncpy warning during build May 17, 2019
@nickatsegment
Copy link
Contributor

@dave-tucker What's the impact for you? Is it just annoying? Or does it prevent a build?

Seems like it's got the potential to be a security bug.

Frankly my ability to dive into a HID library written in C for Windows is pretty limited. I wouldn't expect this to get fixed any time soon.

@nickatsegment nickatsegment added stale and removed stale labels May 17, 2019
@dave-tucker
Copy link

dave-tucker commented May 20, 2019

It's more concerning that annoying - especially as it's used to interact with USB security devices.
FWIW, I already took a look at fixing it. The trail of breadcrumbs...

Led to finding that go.hid is deprecated and doesn't work on Go 1.6+🤷‍♂
marshallbrekka/go-u2fhost#4 is open to migrate to a newer HID library.
I'd guess that would need to be fixed before it could be picked up here.

@nickatsegment
Copy link
Contributor

Ha, looks like our very own @alberts has been here before marshallbrekka/go-u2fhost#3 (comment). Seems like these libs are all a little under-maintained. Seems like we should fork.

@canoztokmak
Copy link

this error still happens when trying to execute go get github.com/segmentio/aws-okta.

@nickatsegment
Copy link
Contributor

Looks like marshallbrekka/go-u2fhost#4 got fixed by marshallbrekka/go-u2fhost#5, so maybe this error goes away. If a Windows user can get a build using this updated version of go-u2fhost tested, I'd be willing to accept a PR.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

6 participants