[for-3.1?,2/3] migration: fix stringop-truncation warning

Message ID	20181120152753.10463-3-marcandre.lureau@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: =?utf-8?q?Marc-Andr=C3=A9_Lureau?= <marcandre.lureau@redhat.com> To: qemu-devel@nongnu.org Date: Tue, 20 Nov 2018 19:27:52 +0400 Message-Id: <20181120152753.10463-3-marcandre.lureau@redhat.com> In-Reply-To: <20181120152753.10463-1-marcandre.lureau@redhat.com> References: <20181120152753.10463-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [Qemu-devel] [PATCH for-3.1? 2/3] migration: fix stringop-truncation warning Precedence: list Cc: Kevin Wolf <kwolf@redhat.com>, qemu-block@nongnu.org, Juan Quintela <quintela@redhat.com>, Jeff Cody <jcody@redhat.com>, "Michael S. Tsirkin" <mst@redhat.com>, "Dr. David Alan Gilbert" <dgilbert@redhat.com>, Max Reitz <mreitz@redhat.com>, =?utf-8?q?Marc-Andr=C3=A9_Lureau?= <marcandre.lureau@redhat.com>, Igor Mammedov <imammedo@redhat.com>, Liu Yuan <namei.unix@gmail.com> Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
Series	strcpy: fix stringop-truncation warnings \| expand [for-3.1?,0/3] strcpy: fix stringop-truncation warnings [for-3.1?,1/3] sheepdog: fix stringop-truncation warning [for-3.1?,2/3] migration: fix stringop-truncation warning [for-3.1?,3/3] acpi: fix stringop-truncation warnings

Marc-André Lureau Nov. 20, 2018, 3:27 p.m. UTC

Adding an assert is enough to silence GCC.

~/src/qemu/migration/global_state.c: In function 'global_state_store_running':
~/src/qemu/migration/global_state.c:45:5: error: 'strncpy' specified bound 100 equals destination size [-Werror=stringop-truncation]
     strncpy((char *)global_state.runstate,
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            state, sizeof(global_state.runstate));
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

(alternatively, we could hard-code "running")

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 migration/global_state.c | 1 +
 1 file changed, 1 insertion(+)

Eric Blake Nov. 20, 2018, 5:01 p.m. UTC | #1

On 11/20/18 9:27 AM, Marc-André Lureau wrote:
> Adding an assert is enough to silence GCC.
> 
> ~/src/qemu/migration/global_state.c: In function 'global_state_store_running':
> ~/src/qemu/migration/global_state.c:45:5: error: 'strncpy' specified bound 100 equals destination size [-Werror=stringop-truncation]
>       strncpy((char *)global_state.runstate,
>       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>              state, sizeof(global_state.runstate));
>              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors
> 
> (alternatively, we could hard-code "running")
> 
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
>   migration/global_state.c | 1 +
>   1 file changed, 1 insertion(+)

Reviewed-by: Eric Blake <eblake@redhat.com>

I think this is safe for 3.1, but I know the migration code is 
particularly wary of assert()s, even when they are non-triggerable (a 
100-byte buffer at global_state.runstate is big enough for ALL of the 
run states, not just RUN_STATE_RUNNING).

> 
> diff --git a/migration/global_state.c b/migration/global_state.c
> index 8e8ab5c51e..01805c567a 100644
> --- a/migration/global_state.c
> +++ b/migration/global_state.c
> @@ -42,6 +42,7 @@ int global_state_store(void)
>   void global_state_store_running(void)
>   {
>       const char *state = RunState_str(RUN_STATE_RUNNING);
> +    assert(strlen(state) < sizeof(global_state.runstate));
>       strncpy((char *)global_state.runstate,
>              state, sizeof(global_state.runstate));
>   }
>

Dr. David Alan Gilbert Nov. 20, 2018, 5:22 p.m. UTC | #2

* Eric Blake (eblake@redhat.com) wrote:
> On 11/20/18 9:27 AM, Marc-André Lureau wrote:
> > Adding an assert is enough to silence GCC.
> > 
> > ~/src/qemu/migration/global_state.c: In function 'global_state_store_running':
> > ~/src/qemu/migration/global_state.c:45:5: error: 'strncpy' specified bound 100 equals destination size [-Werror=stringop-truncation]
> >       strncpy((char *)global_state.runstate,
> >       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >              state, sizeof(global_state.runstate));
> >              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > cc1: all warnings being treated as errors
> > 
> > (alternatively, we could hard-code "running")
> > 
> > Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> > ---
> >   migration/global_state.c | 1 +
> >   1 file changed, 1 insertion(+)
> 
> Reviewed-by: Eric Blake <eblake@redhat.com>
> 
> I think this is safe for 3.1, but I know the migration code is particularly
> wary of assert()s, even when they are non-triggerable (a 100-byte buffer at
> global_state.runstate is big enough for ALL of the run states, not just
> RUN_STATE_RUNNING).

That's OK; the universe would have to be particularly broken to trigger
that one, and it's in no way connected with any state, so it would
trigger on even the most basic tests.

However, I wonder if this fixes the problem on mingw builds - windows
asserts are not marked as noreturn.

Dave

> > 
> > diff --git a/migration/global_state.c b/migration/global_state.c
> > index 8e8ab5c51e..01805c567a 100644
> > --- a/migration/global_state.c
> > +++ b/migration/global_state.c
> > @@ -42,6 +42,7 @@ int global_state_store(void)
> >   void global_state_store_running(void)
> >   {
> >       const char *state = RunState_str(RUN_STATE_RUNNING);
> > +    assert(strlen(state) < sizeof(global_state.runstate));
> >       strncpy((char *)global_state.runstate,
> >              state, sizeof(global_state.runstate));
> >   }
> > 
> 
> -- 
> Eric Blake, Principal Software Engineer
> Red Hat, Inc.           +1-919-301-3266
> Virtualization:  qemu.org | libvirt.org
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

Marc-André Lureau Nov. 20, 2018, 5:24 p.m. UTC | #3

Hi

On Tue, Nov 20, 2018 at 9:22 PM Dr. David Alan Gilbert
<dgilbert@redhat.com> wrote:
>
> * Eric Blake (eblake@redhat.com) wrote:
> > On 11/20/18 9:27 AM, Marc-André Lureau wrote:
> > > Adding an assert is enough to silence GCC.
> > >
> > > ~/src/qemu/migration/global_state.c: In function 'global_state_store_running':
> > > ~/src/qemu/migration/global_state.c:45:5: error: 'strncpy' specified bound 100 equals destination size [-Werror=stringop-truncation]
> > >       strncpy((char *)global_state.runstate,
> > >       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > >              state, sizeof(global_state.runstate));
> > >              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > cc1: all warnings being treated as errors
> > >
> > > (alternatively, we could hard-code "running")
> > >
> > > Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> > > ---
> > >   migration/global_state.c | 1 +
> > >   1 file changed, 1 insertion(+)
> >
> > Reviewed-by: Eric Blake <eblake@redhat.com>
> >
> > I think this is safe for 3.1, but I know the migration code is particularly
> > wary of assert()s, even when they are non-triggerable (a 100-byte buffer at
> > global_state.runstate is big enough for ALL of the run states, not just
> > RUN_STATE_RUNNING).
>
> That's OK; the universe would have to be particularly broken to trigger
> that one, and it's in no way connected with any state, so it would
> trigger on even the most basic tests.
>
> However, I wonder if this fixes the problem on mingw builds - windows
> asserts are not marked as noreturn.

On f29, with mingw64-gcc-8.2.0-3.fc29.x86_64, it fixes the warning.

>
> Dave
>
> > >
> > > diff --git a/migration/global_state.c b/migration/global_state.c
> > > index 8e8ab5c51e..01805c567a 100644
> > > --- a/migration/global_state.c
> > > +++ b/migration/global_state.c
> > > @@ -42,6 +42,7 @@ int global_state_store(void)
> > >   void global_state_store_running(void)
> > >   {
> > >       const char *state = RunState_str(RUN_STATE_RUNNING);
> > > +    assert(strlen(state) < sizeof(global_state.runstate));
> > >       strncpy((char *)global_state.runstate,
> > >              state, sizeof(global_state.runstate));
> > >   }
> > >
> >
> > --
> > Eric Blake, Principal Software Engineer
> > Red Hat, Inc.           +1-919-301-3266
> > Virtualization:  qemu.org | libvirt.org
> --
> Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

Dr. David Alan Gilbert Nov. 20, 2018, 5:25 p.m. UTC | #4

* Marc-André Lureau (marcandre.lureau@redhat.com) wrote:
> Hi
> 
> On Tue, Nov 20, 2018 at 9:22 PM Dr. David Alan Gilbert
> <dgilbert@redhat.com> wrote:
> >
> > * Eric Blake (eblake@redhat.com) wrote:
> > > On 11/20/18 9:27 AM, Marc-André Lureau wrote:
> > > > Adding an assert is enough to silence GCC.
> > > >
> > > > ~/src/qemu/migration/global_state.c: In function 'global_state_store_running':
> > > > ~/src/qemu/migration/global_state.c:45:5: error: 'strncpy' specified bound 100 equals destination size [-Werror=stringop-truncation]
> > > >       strncpy((char *)global_state.runstate,
> > > >       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > >              state, sizeof(global_state.runstate));
> > > >              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > > cc1: all warnings being treated as errors
> > > >
> > > > (alternatively, we could hard-code "running")
> > > >
> > > > Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> > > > ---
> > > >   migration/global_state.c | 1 +
> > > >   1 file changed, 1 insertion(+)
> > >
> > > Reviewed-by: Eric Blake <eblake@redhat.com>
> > >
> > > I think this is safe for 3.1, but I know the migration code is particularly
> > > wary of assert()s, even when they are non-triggerable (a 100-byte buffer at
> > > global_state.runstate is big enough for ALL of the run states, not just
> > > RUN_STATE_RUNNING).
> >
> > That's OK; the universe would have to be particularly broken to trigger
> > that one, and it's in no way connected with any state, so it would
> > trigger on even the most basic tests.
> >
> > However, I wonder if this fixes the problem on mingw builds - windows
> > asserts are not marked as noreturn.
> 
> On f29, with mingw64-gcc-8.2.0-3.fc29.x86_64, it fixes the warning.

OK, fine.


Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

Dave

> >
> > Dave
> >
> > > >
> > > > diff --git a/migration/global_state.c b/migration/global_state.c
> > > > index 8e8ab5c51e..01805c567a 100644
> > > > --- a/migration/global_state.c
> > > > +++ b/migration/global_state.c
> > > > @@ -42,6 +42,7 @@ int global_state_store(void)
> > > >   void global_state_store_running(void)
> > > >   {
> > > >       const char *state = RunState_str(RUN_STATE_RUNNING);
> > > > +    assert(strlen(state) < sizeof(global_state.runstate));
> > > >       strncpy((char *)global_state.runstate,
> > > >              state, sizeof(global_state.runstate));
> > > >   }
> > > >
> > >
> > > --
> > > Eric Blake, Principal Software Engineer
> > > Red Hat, Inc.           +1-919-301-3266
> > > Virtualization:  qemu.org | libvirt.org
> > --
> > Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

Philippe Mathieu-Daudé Nov. 20, 2018, 7:37 p.m. UTC | #5

On 20/11/18 16:27, Marc-André Lureau wrote:
> Adding an assert is enough to silence GCC.
> 
> ~/src/qemu/migration/global_state.c: In function 'global_state_store_running':
> ~/src/qemu/migration/global_state.c:45:5: error: 'strncpy' specified bound 100 equals destination size [-Werror=stringop-truncation]
>       strncpy((char *)global_state.runstate,
>       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>              state, sizeof(global_state.runstate));
>              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors
> 
> (alternatively, we could hard-code "running")
> 
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

> ---
>   migration/global_state.c | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/migration/global_state.c b/migration/global_state.c
> index 8e8ab5c51e..01805c567a 100644
> --- a/migration/global_state.c
> +++ b/migration/global_state.c
> @@ -42,6 +42,7 @@ int global_state_store(void)
>   void global_state_store_running(void)
>   {
>       const char *state = RunState_str(RUN_STATE_RUNNING);
> +    assert(strlen(state) < sizeof(global_state.runstate));
>       strncpy((char *)global_state.runstate,
>              state, sizeof(global_state.runstate));
>   }
>

[for-3.1?,2/3] migration: fix stringop-truncation warning

Commit Message

Comments

Patch