randombit · randombit · May 13, 2024 · May 10, 2024
diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt
@@ -10,8 +10,10 @@ lang_flags "-std=c++20 -D_REENTRANT"
 warning_flags "-Wall -Wextra -Wpedantic -Wstrict-aliasing -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wzero-as-null-pointer-constant -Wnon-virtual-dtor -Wold-style-cast -Wsuggest-override -Wshadow -Wextra-semi"
 
 # Boost headers have 0 as nullptr and non-virtual-dtor issues so we can't werror on them
-# Have to disable maybe-uninitialized due to GCC bugs like https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105937
-werror_flags "-Werror -Wno-error=strict-overflow -Wno-error=zero-as-null-pointer-constant -Wno-error=non-virtual-dtor -Wno-error=maybe-uninitialized -Wno-error=stringop-overread"
+# -Wmaybe-uninitialized is buggy https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105937
+# -Wstringop-overread is buggy https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111499
+# -Wfree-nonheap-object is buggy https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115016
+werror_flags "-Werror -Wno-error=strict-overflow -Wno-error=zero-as-null-pointer-constant -Wno-error=non-virtual-dtor -Wno-error=maybe-uninitialized -Wno-error=stringop-overread -Wno-error=free-nonheap-object"
 
 maintainer_warning_flags "-Wstrict-overflow=5"
 

diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp
@@ -399,6 +399,10 @@ EC_Group::EC_Group() = default;
 
 EC_Group::~EC_Group() = default;
 
+EC_Group::EC_Group(const EC_Group&) = default;
+
+EC_Group& EC_Group::operator=(const EC_Group&) = default;
+
 EC_Group::EC_Group(const OID& domain_oid) {
    this->m_data = ec_group_data().lookup(domain_oid);
    if(!this->m_data) {

diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h
@@ -102,10 +102,10 @@ class BOTAN_PUBLIC_API(2, 0) EC_Group final {
 
       ~EC_Group();
 
-      EC_Group(const EC_Group&) = default;
+      EC_Group(const EC_Group&);
       EC_Group(EC_Group&&) = default;
 
-      EC_Group& operator=(const EC_Group&) = default;
+      EC_Group& operator=(const EC_Group&);
       EC_Group& operator=(EC_Group&&) = default;
 
       /**

diff --git a/src/lib/tls/tls13/tls_cipher_state.cpp b/src/lib/tls/tls13/tls_cipher_state.cpp
@@ -217,6 +217,7 @@ std::vector<uint8_t> current_nonce(const uint64_t seq_no, const secure_vector<ui
    //        client_write_iv or server_write_iv (depending on the role).
    std::vector<uint8_t> nonce(NONCE_LENGTH);
    store_be(seq_no, nonce.data() + (NONCE_LENGTH - sizeof(seq_no)));
+   BOTAN_ASSERT_EQUAL(iv.size(), NONCE_LENGTH, "Invalid TLS 1.3 nonce length");
    xor_buf(nonce, iv.data(), iv.size());
    return nonce;
 }

diff --git a/src/lib/tls/tls13/tls_extensions_key_share.cpp b/src/lib/tls/tls13/tls_extensions_key_share.cpp
@@ -87,7 +87,7 @@ class Key_Share_Entry {
 
       std::vector<uint8_t> serialize() const {
          std::vector<uint8_t> result;
-         result.reserve(m_key_exchange.size() + 2);
+         result.reserve(m_key_exchange.size() + 4);
 
          const uint16_t named_curve_id = m_group.wire_code();
          result.push_back(get_byte<0>(named_curve_id));