TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 68e531f35e1c8ce20528cc709c25f424f5a16397^1..68e531f35e1c8ce20528cc709c25f424f5a16397 / .
commit68e531f35e1c8ce20528cc709c25f424f5a16397[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Fri Jun 20 12:29:52 2025 +0000
committerGitHub <noreply@github.com>Fri Jun 20 12:29:52 2025 +0000
tree675c088e7d1d896a452aa8392faeb9625fa79abc
parent7c536dab54bf083962a52ccbba9b752c3d6f682c [diff]
parent78b0521449ed6efda145028574a29096786ea412 [diff]
Merge pull request #10216 from felixc-arm/gcc-15-warning-dev

[Development] Fix GCC 15 warning 'Wunterminated-string-initialization'

diff --git a/ChangeLog.d/unterminated-string-initialization.txt b/ChangeLog.d/unterminated-string-initialization.txt
new file mode 100644
index 0000000..75a72ca
--- /dev/null
+++ b/ChangeLog.d/unterminated-string-initialization.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Silence spurious -Wunterminated-string-initialization warnings introduced
+     by GCC 15. Fixes #9944.

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index dbc703a..865e02c 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c

@@ -80,7 +80,8 @@
  *            the HkdfLabel structure on success.
  */
 
-static const char tls13_label_prefix[6] = "tls13 ";
+/* We need to tell the compiler that we meant to leave out the null character. */
+static const char tls13_label_prefix[6] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "tls13 ";
 
 #define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \
     (2                     /* expansion length           */ \

diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 14f6e48..1509e9a 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h

@@ -40,8 +40,9 @@
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
 
+/* We need to tell the compiler that we meant to leave out the null character. */
 #define MBEDTLS_SSL_TLS1_3_LABEL(name, string)       \
-    const unsigned char name    [sizeof(string) - 1];
+    const unsigned char name    [sizeof(string) - 1] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING;
 
 union mbedtls_ssl_tls13_labels_union {
     MBEDTLS_SSL_TLS1_3_LABEL_LIST

diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c
index ca090cc..71173d2 100644
--- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c
+++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c

@@ -4,6 +4,21 @@
  */
 
 #include "psa/crypto.h"
+/*
+ * Temporary hack: psasim’s Makefile only does:
+ *  -Itests/psa-client-server/psasim/include
+ *  -I$(MBEDTLS_ROOT_PATH)/include
+ *  -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include
+ *  -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include
+ * None of those cover tf-psa-crypto/core, so we rely on the
+ * “-I$(MBEDTLS_ROOT_PATH)/include” entry plus a parent-relative
+ * include "../tf-psa-crypto/core/common.h" in order to pull in common.h here,
+ * which in turn gets MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING (to silence the
+ * new GCC-15 unterminated-string-initialization warning).
+ * See GitHub issue #10223 for the proper long-term fix.
+ * https://github.com/Mbed-TLS/mbedtls/issues/10223
+ */
+#include "../tf-psa-crypto/core/common.h"
 #include <string.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -25,7 +40,9 @@
     uint8_t encrypt[BUFFER_SIZE] = { 0 };
     uint8_t decrypt[BUFFER_SIZE] = { 0 };
     const uint8_t plaintext[] = "Hello World!";
-    const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
+    /* We need to tell the compiler that we meant to leave out the null character. */
+    const uint8_t key_bytes[32] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING =
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
     uint8_t nonce[PSA_AEAD_NONCE_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CCM)];
     size_t nonce_length = sizeof(nonce);
     size_t ciphertext_length;

diff --git a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c
index a923feb..25c0b8a 100644
--- a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c
+++ b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c

@@ -4,6 +4,7 @@
  */
 
 #include "psa/crypto.h"
+#include "../tf-psa-crypto/core/common.h"
 #include <string.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -25,7 +26,9 @@
     uint8_t original[BUFFER_SIZE] = { 0 };
     uint8_t encrypt[BUFFER_SIZE] = { 0 };
     uint8_t decrypt[BUFFER_SIZE] = { 0 };
-    const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
+    /* We need to tell the compiler that we meant to leave out the null character. */
+    const uint8_t key_bytes[32] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING =
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
     size_t encrypted_length;
     size_t decrypted_length;
 

diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function
index 909e6cf..37265de 100644
--- a/tests/suites/test_suite_ssl_decrypt.function
+++ b/tests/suites/test_suite_ssl_decrypt.function

@@ -37,7 +37,8 @@
     mbedtls_ssl_write_version(rec_good.ver,
                               MBEDTLS_SSL_TRANSPORT_STREAM,
                               version);
-    const char sample_plaintext[3] = "ABC";
+    /* We need to tell the compiler that we meant to leave out the null character. */
+    const char sample_plaintext[3] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "ABC";
     mbedtls_ssl_context ssl;
     mbedtls_ssl_init(&ssl);
     uint8_t *buf = NULL;