GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8)
GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8)
GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8)
GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8)
use these to turn off warnings for most GCC-8 complaints. many
of these are false positives, most of the real bugs are already
commited, or are yet to come.
we plan to introduce versions of (some?) of these that use the
"-Wno-error=" form, which still displays the warnings but does
not make it an error, and all of the above will be re-considered
as either being "fix me" (warning still displayed) or "warning
is wrong."
battlestar was missing some {} in its insane printf()+puts() usage.
this is a literal code sequence i found:
printf("The blast catches ");
printf("the goddess in the ");
printf("stomach, knocking ");
puts("her to the ground.");
printf("She writhes in the ");
printf("dirt as the agony of ");
puts("death taunts her.");
puts("She has stopped moving.");
no lines inserted or removed.
tetris' checkscores() had wrong and missing {} usage.
This was writing time_t to disk. Worse, the time_t member was at an
unaligned offset in the structure in question, so after the time_t
change the structure layout depended on compiler-inserted structure
padding. This gives three legacy formats: one with 32-bit time, one
with 64-bit time, and one with 64-bit time and 4 bytes of structure
padding.
And of course the file didn't have a header or version coding or
anything.
The new code writes a structure of well-defined size that should not
receive unexpected padding, and gives the file a header and version
number. It reads that format and any of the three legacy formats,
figuring out which one it's dealing with by inspecting the file
contents. For good measure, it also now handles opposite-endian files,
doesn't bail out unceremoniously unless necessary, and won't croak if
the file is corrupt and e.g. contains unterminated strings.
(Was it worth going to this length? Maybe not. But it didn't seem
right to just leave it, and it's not clear where to stop halfway.)
Some object file diffs, but they are harmless. (Mostly they seem to
come from internal counters in gcc... and in one case the order of two
instructions was harmlessly swapped, which is odd and annoying.)
This is CVE-2006-1539, files against Gentoo Linux, the patch is from
Gentoo.
A standard NetBSD installation is not as much risk because tetris is
sgid "games", and users shouldn't be in that group.
mrg