From patchwork Fri Nov 10 17:31:04 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Martin Sebor X-Patchwork-Id: 836803 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=sourceware.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=libc-alpha-return-86961-incoming=patchwork.ozlabs.org@sourceware.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b="VJKwx3HO"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3yYRsL4nHZz9sPt for ; Sat, 11 Nov 2017 04:31:18 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:message-id:date:mime-version :content-type; q=dns; s=default; b=OOA+/ZsjGK3dNSJtDGusBVcaxFS3p bsEFt8eOjYsgSUnCfN+c8Ob3iij7hZ9OWrtTK5Had0fZvaGFDeIJGW11VzzTKolh 6OiK9/kfD/LNjHk9KBwyF34iA+Tz+ggkmR25JD6/I6bdiMig4WBxr/eX93EfP1hr wNLPzRGHYClvkg= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:message-id:date:mime-version :content-type; s=default; bh=rxitHRjz8eq9qjYRJlxSoKMGsww=; b=VJK wx3HO7fkBBGDhK07L0x85z4+BftK1JqvIMiaHJa7bi/4Vj8w9jrc67m3gDvVa9aa JkS4sf3lAE05Z9DDYoGbjp5iAUw+9Yg9pjehduoYc1vzAzfcCJ1lMj0GK4Bd8IRt Sfr16suJMtXAP7rXAYpiCI9nfKzDC79POA3LLo5Q= Received: (qmail 10672 invoked by alias); 10 Nov 2017 17:31:11 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 10662 invoked by uid 89); 10 Nov 2017 17:31:10 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-24.8 required=5.0 tests=AWL, BAYES_00, FREEMAIL_FROM, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, SPF_PASS autolearn=ham version=3.3.2 spammy=decorated, Username, prevalent, minority X-HELO: mail-ot0-f179.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version; bh=xKKl8X9ZPOlmziUu8WY2JX/d5D9GlmA88z/u3+Galss=; b=otC/TOZ6k8oIRwG9yNdByh7oo+pwwSv8QMaibynPmYXOTiOcZGDrX4bSYMm3D9K1LG s3J+o1V3T7de8ORBqCVmrYSp7IMNTmw3ELF/dmL+kXF01lr8jplcNN5CdluU/xp3qiX1 tZYozSg2/sPQ6RHPOSz3iitCKZ84EfpZVSoGPSyp8cSHyFprAQPgMKl9uIJg+ecXSNRb STEV+GvGxOR4ze/ELCfIm3HMoV2HpXBfecC55VEjFstkeVMvGm+TSRFPcdgDcJ9te0UD vAcVjNpN04mGVnw6D4KExZ0e8NqwZLhcHDKckd0h/HH+SifWQqhcYu//sdyCCEK8nLh5 KAzg== X-Gm-Message-State: AJaThX66iYo+UIVnjg0l9jYt8qVrHmsgXOBENh5tBauPr47a9DFSvH1H ZF8m3NeFU0zjUpe5lrf1uim03g== X-Google-Smtp-Source: AGs4zMbQayTIrvkjm6HPdOllIUnySPhoj1wL74FNUWHO1FDQ3Bnh/GYcOwaXPPVICLmqFqgtPH7qqQ== X-Received: by 10.157.80.168 with SMTP id b40mr692601oth.412.1510335067468; Fri, 10 Nov 2017 09:31:07 -0800 (PST) To: GNU C Library From: Martin Sebor Subject: [PATCH] add attribute nonstring Message-ID: Date: Fri, 10 Nov 2017 10:31:04 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 The latest revision of GCC 8.0 adds a -Wstringop-truncation option to detect common misuses of the strncpy and strncat functions that may truncate the copy and leave the result without a terminating nul character. On its own, the warning cannot distinguish the intended and safe uses of the functions (to fill a buffer with data) from the incorrect and unsafe ones (to make a "bounded" copy of a string). Because the misuses have become prevalent and the correct/intended uses are in a minority, GCC has added a new attribute called nonstring to annotate character arrays that aren't meant to be treated as nul-terminated strings. The attribute disables the checker. In the future, GCC will also use the attribute to issue warnings when such arrays are passed to functions that expect nul-terminated strings. Attached is a patch to annotate such arrays in Glibc to prevent warnings on x86_64 (I didn't test any other targets). The patch touches the timezone/tzfile.h header even though (IIUC) it comes from another project. I'm not familiar with the process for keeping the timezone directory in sync with tzcode. Please let me know how you'd like to go about making this change. Thanks Martin The -Wstringop-truncation option new in GCC 8 detects common misuses of the strncat and strncpy function that may result in truncating the copied string before the terminating NUL. To avoid false positive warnings for correct code that intentionally creates sequences of characters that aren't guaranteed to be NUL-terminated, arrays that are intended to store such sequences should be decorated with a new nonstring attribute. This change add this attribute to Glibc and uses it to suppress such false positives. ChangeLog: * misc/sys/cdefs.h (__NONSTRING): New macro. * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. * sysdeps/gnu/net/if.h (struct ifreq): Same. * timezone/tzfile.h (struct tzhead): Same. diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h index cfd39d5..af6d1ac 100644 --- a/misc/sys/cdefs.h +++ b/misc/sys/cdefs.h @@ -407,6 +407,14 @@ # endif #endif +#if __GNUC__ >= 8 +/* Describes a char array that is not necessarily a NUL-terminated + string. */ +# define __NONSTRING __attribute__ ((__nonstring__)) +#else +# define __NONSTRING +#endif + #if (!defined _Static_assert && !defined __cplusplus \ && (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \ && (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__)) diff --git a/sysdeps/gnu/bits/utmp.h b/sysdeps/gnu/bits/utmp.h index 2ee11cb..d4885f3 100644 --- a/sysdeps/gnu/bits/utmp.h +++ b/sysdeps/gnu/bits/utmp.h @@ -59,9 +59,13 @@ struct utmp { short int ut_type; /* Type of login. */ pid_t ut_pid; /* Process ID of login process. */ + __NONSTRING char ut_line[UT_LINESIZE]; /* Devicename. */ + __NONSTRING char ut_id[4]; /* Inittab ID. */ + __NONSTRING char ut_user[UT_NAMESIZE]; /* Username. */ + __NONSTRING char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ struct exit_status ut_exit; /* Exit status of a process marked as DEAD_PROCESS. */ diff --git a/sysdeps/gnu/net/if.h b/sysdeps/gnu/net/if.h index 0afce08..eb11813 100644 --- a/sysdeps/gnu/net/if.h +++ b/sysdeps/gnu/net/if.h @@ -129,6 +129,7 @@ struct ifreq # define IFNAMSIZ IF_NAMESIZE union { + __NONSTRING char ifrn_name[IFNAMSIZ]; /* Interface name, e.g. "en0". */ } ifr_ifrn; diff --git a/timezone/tzfile.h b/timezone/tzfile.h index 0e51dce..19fe20a 100644 --- a/timezone/tzfile.h +++ b/timezone/tzfile.h @@ -38,6 +38,7 @@ #define TZ_MAGIC "TZif" struct tzhead { + __NONSTRING char tzh_magic[4]; /* TZ_MAGIC */ char tzh_version[1]; /* '\0' or '2' or '3' as of 2013 */ char tzh_reserved[15]; /* reserved; must be zero */