From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 25 Oct 2024 10:48:52 +0000 (+0200)
Subject: traffic-selector: Add workaround for possibly bogus warning with GCC 14
X-Git-Tag: 6.0.0rc1~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f462e4b9ee2dc97696aab56fc1ad052f9345dba0;p=thirdparty%2Fstrongswan.git

traffic-selector: Add workaround for possibly bogus warning with GCC 14

When compiling with -O3 with GCC 14, we get the following warning/error:

/usr/include/x86_64-linux-gnu/bits/string_fortified.h:29:10: error: '__builtin_memcpy' offset [0, 3] is out of the bounds [0, 0] [-Werror=array-bounds=]
   29 |   return __builtin___memcpy_chk (__dest, __src, __len,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   30 |                                  __glibc_objsize0 (__dest));
      |                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~

Which seems completely bogus as that array has a fixed size of 16 and
some weird workarounds remove the warning (e.g. adding an assignment
to `subset->netbits` before the `memcpy()`).  This is also the only
place GCC complains about and we use `memcpy()` all over the place
in this file to set those addresses.

Closes strongswan/strongswan#2509
---

diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c
index fe61e3768b..4022c45c13 100644
--- a/src/libstrongswan/selectors/traffic_selector.c
+++ b/src/libstrongswan/selectors/traffic_selector.c
@@ -428,8 +428,8 @@ METHOD(traffic_selector_t, get_subset, traffic_selector_t*,
 
 	/* we have a match in protocol, port, and address: return it... */
 	subset = traffic_selector_create(protocol, this->type, from_port, to_port);
-	memcpy(subset->from, from, size);
-	memcpy(subset->to, to, size);
+	memcpy(subset->from, from, sizeof(subset->from));
+	memcpy(subset->to, to, sizeof(subset->to));
 	calc_netbits(subset);
 
 	return &subset->public;