From d63772845a28a08ea9c812ad8ac281cf9e0ae12a Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Fri, 4 Dec 2020 23:16:04 +0100
Subject: HexDigest: Silence -Wstringop-overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The compiler does not know that the size is small and thinks we might
be doing a stack buffer overflow of the vla:

    Add APT_ASSUME macro and silence -Wstringop-overflow in HexDigest()

    The compiler does not know that the size of a hash is at most 512 bit,
    so tell it that it is.

    ../apt-pkg/contrib/hashes.cc: In function ‘std::string HexDigest(gcry_md_hd_t, int)’:
    ../apt-pkg/contrib/hashes.cc:415:21: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
      415 |    Result[(Size)*2] = 0;
          |    ~~~~~~~~~~~~~~~~~^~~
    ../apt-pkg/contrib/hashes.cc:414:9: note: at offset [-9223372036854775808, 9223372036854775807] to an object with size at most 4294967295 declared here
      414 |    char Result[((Size)*2) + 1];
          |         ^~~~~~

Fix this by adding a simple assertion. This generates an extra two
instructions in the normal code path, so it's not exactly super costly.
---
 apt-pkg/contrib/hashes.cc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apt-pkg/contrib/hashes.cc b/apt-pkg/contrib/hashes.cc
index 8733f6392..267e2679a 100644
--- a/apt-pkg/contrib/hashes.cc
+++ b/apt-pkg/contrib/hashes.cc
@@ -411,6 +411,7 @@ static APT_PURE std::string HexDigest(gcry_md_hd_t hd, int algo)
        'c', 'd', 'e', 'f'};
 
    auto Size = gcry_md_get_algo_dlen(algo);
+   assert(Size <= 512/8);
    char Result[((Size)*2) + 1];
    Result[(Size)*2] = 0;
 
-- 
cgit v1.2.3