| Message ID | 20221111124550.35753-1-philmd@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | [PATCH-for-7.2,v2] libvduse: Avoid warning about dangerous use of strncpy() | expand |
> From: Philippe Mathieu-Daudé <f4bug@amsat.org> > > GCC 8 added a -Wstringop-truncation warning: > > The -Wstringop-truncation warning added in GCC 8.0 via r254630 for > bug 81117 is specifically intended to highlight likely unintended > uses of the strncpy function that truncate the terminating NUL > character from the source string. > > Here the next line indeed unconditionally zeroes the last byte, but > 1/ the buffer has been calloc'd, so we don't need to add an extra > byte, and 2/ we called vduse_name_is_invalid() which checked the > string length, so we can simply call strcpy(). > > This fixes when using gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0: > > [42/666] Compiling C object subprojects/libvduse/libvduse.a.p/libvduse.c.o > FAILED: subprojects/libvduse/libvduse.a.p/libvduse.c.o > cc -m64 -mcx16 -Isubprojects/libvduse/libvduse.a.p -Isubprojects/libvduse -I../../subprojects/libvduse [...] -o subprojects/libvduse/libvduse.a.p/libvduse.c.o -c ../../subprojects/libvduse/libvduse.c > In file included from /usr/include/string.h:495, > from ../../subprojects/libvduse/libvduse.c:24: > In function ‘strncpy’, > inlined from ‘vduse_dev_create’ at ../../subprojects/libvduse/libvduse.c:1312:5: > /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 256 equals destination size [-Werror=stringop-truncation] > 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > cc1: all warnings being treated as errors > ninja: build stopped: cannot make progress due to previous errors. > > Fixes: d9cf16c0be ("libvduse: Replace strcpy() with strncpy()") > Suggested-by: Markus Armbruster <armbru@redhat.com> > Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> > --- > Supersedes: <20220919192306.52729-1-f4bug@amsat.org> > Cc: Xie Yongji <xieyongji@bytedance.com> > Cc: Kevin Wolf <kwolf@redhat.com> > --- > subprojects/libvduse/libvduse.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) Tested-by: Bin Meng <bmeng@tinylab.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
On Fri, Nov 11, 2022 at 8:45 PM Philippe Mathieu-Daudé <philmd@linaro.org> wrote: > > From: Philippe Mathieu-Daudé <f4bug@amsat.org> > > GCC 8 added a -Wstringop-truncation warning: > > The -Wstringop-truncation warning added in GCC 8.0 via r254630 for > bug 81117 is specifically intended to highlight likely unintended > uses of the strncpy function that truncate the terminating NUL > character from the source string. > > Here the next line indeed unconditionally zeroes the last byte, but > 1/ the buffer has been calloc'd, so we don't need to add an extra > byte, and 2/ we called vduse_name_is_invalid() which checked the > string length, so we can simply call strcpy(). > > This fixes when using gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0: > > [42/666] Compiling C object subprojects/libvduse/libvduse.a.p/libvduse.c.o > FAILED: subprojects/libvduse/libvduse.a.p/libvduse.c.o > cc -m64 -mcx16 -Isubprojects/libvduse/libvduse.a.p -Isubprojects/libvduse -I../../subprojects/libvduse [...] -o subprojects/libvduse/libvduse.a.p/libvduse.c.o -c ../../subprojects/libvduse/libvduse.c > In file included from /usr/include/string.h:495, > from ../../subprojects/libvduse/libvduse.c:24: > In function ‘strncpy’, > inlined from ‘vduse_dev_create’ at ../../subprojects/libvduse/libvduse.c:1312:5: > /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 256 equals destination size [-Werror=stringop-truncation] > 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > cc1: all warnings being treated as errors > ninja: build stopped: cannot make progress due to previous errors. > > Fixes: d9cf16c0be ("libvduse: Replace strcpy() with strncpy()") > Suggested-by: Markus Armbruster <armbru@redhat.com> > Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> > --- > Supersedes: <20220919192306.52729-1-f4bug@amsat.org> > Cc: Xie Yongji <xieyongji@bytedance.com> > Cc: Kevin Wolf <kwolf@redhat.com> > --- > subprojects/libvduse/libvduse.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > Reviewed-by: Xie Yongji <xieyongji@bytedance.com>
On Fri, 11 Nov 2022 at 07:46, Philippe Mathieu-Daudé <philmd@linaro.org> wrote: > > From: Philippe Mathieu-Daudé <f4bug@amsat.org> > > GCC 8 added a -Wstringop-truncation warning: > > The -Wstringop-truncation warning added in GCC 8.0 via r254630 for > bug 81117 is specifically intended to highlight likely unintended > uses of the strncpy function that truncate the terminating NUL > character from the source string. > > Here the next line indeed unconditionally zeroes the last byte, but > 1/ the buffer has been calloc'd, so we don't need to add an extra > byte, and 2/ we called vduse_name_is_invalid() which checked the > string length, so we can simply call strcpy(). > > This fixes when using gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0: > > [42/666] Compiling C object subprojects/libvduse/libvduse.a.p/libvduse.c.o > FAILED: subprojects/libvduse/libvduse.a.p/libvduse.c.o > cc -m64 -mcx16 -Isubprojects/libvduse/libvduse.a.p -Isubprojects/libvduse -I../../subprojects/libvduse [...] -o subprojects/libvduse/libvduse.a.p/libvduse.c.o -c ../../subprojects/libvduse/libvduse.c > In file included from /usr/include/string.h:495, > from ../../subprojects/libvduse/libvduse.c:24: > In function ‘strncpy’, > inlined from ‘vduse_dev_create’ at ../../subprojects/libvduse/libvduse.c:1312:5: > /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 256 equals destination size [-Werror=stringop-truncation] > 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > cc1: all warnings being treated as errors > ninja: build stopped: cannot make progress due to previous errors. > > Fixes: d9cf16c0be ("libvduse: Replace strcpy() with strncpy()") > Suggested-by: Markus Armbruster <armbru@redhat.com> > Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> > --- > Supersedes: <20220919192306.52729-1-f4bug@amsat.org> > Cc: Xie Yongji <xieyongji@bytedance.com> > Cc: Kevin Wolf <kwolf@redhat.com> > --- > subprojects/libvduse/libvduse.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) Applied to qemu.git/master. Thanks, Stefan
diff --git a/subprojects/libvduse/libvduse.c b/subprojects/libvduse/libvduse.c index 1a5981445c..e089d4d546 100644 --- a/subprojects/libvduse/libvduse.c +++ b/subprojects/libvduse/libvduse.c @@ -1309,8 +1309,8 @@ VduseDev *vduse_dev_create(const char *name, uint32_t device_id, goto err_dev; } - strncpy(dev_config->name, name, VDUSE_NAME_MAX); - dev_config->name[VDUSE_NAME_MAX - 1] = '\0'; + assert(!vduse_name_is_invalid(name)); + strcpy(dev_config->name, name); dev_config->device_id = device_id; dev_config->vendor_id = vendor_id; dev_config->features = features;