* [PATCH v2 1/2] tools: use memcpy instead of strncpy in getBridge
@ 2020-10-07 8:28 Bertrand Marquis
2020-10-07 8:39 ` Jürgen Groß
0 siblings, 1 reply; 5+ messages in thread
From: Bertrand Marquis @ 2020-10-07 8:28 UTC (permalink / raw)
To: xen-devel; +Cc: jgross, Ian Jackson, Wei Liu
Use memcpy in getBridge to prevent gcc warnings about truncated
strings. We know that we might truncate it, so the gcc warning
here is wrong.
Revert previous change changing buffer sizes as bigger buffers
are not needed.
Signed-off-by: Bertrand Marquis <bertrand.marquis@arm.com>
---
Changes in v2:
Use MIN between string length of de->d_name and resultLen to copy only
the minimum size required and prevent crossing to from an unallocated
space.
---
tools/libs/stat/xenstat_linux.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/tools/libs/stat/xenstat_linux.c b/tools/libs/stat/xenstat_linux.c
index d2ee6fda64..0ace03af1b 100644
--- a/tools/libs/stat/xenstat_linux.c
+++ b/tools/libs/stat/xenstat_linux.c
@@ -29,6 +29,7 @@
#include <string.h>
#include <unistd.h>
#include <regex.h>
+#include <xen-tools/libs.h>
#include "xenstat_priv.h"
@@ -78,7 +79,13 @@ static void getBridge(char *excludeName, char *result, size_t resultLen)
sprintf(tmp, "/sys/class/net/%s/bridge", de->d_name);
if (access(tmp, F_OK) == 0) {
- strncpy(result, de->d_name, resultLen);
+ /*
+ * Do not use strncpy to prevent compiler warning with
+ * gcc >= 10.0
+ * If de->d_name is longer then resultLen we truncate it
+ */
+ memcpy(result, de->d_name, MIN(strnlen(de->d_name,
+ sizeof(de->d_name)),resultLen - 1));
result[resultLen - 1] = 0;
}
}
@@ -264,7 +271,7 @@ int xenstat_collect_networks(xenstat_node * node)
{
/* Helper variables for parseNetDevLine() function defined above */
int i;
- char line[512] = { 0 }, iface[16] = { 0 }, devBridge[256] = { 0 }, devNoBridge[257] = { 0 };
+ char line[512] = { 0 }, iface[16] = { 0 }, devBridge[16] = { 0 }, devNoBridge[17] = { 0 };
unsigned long long rxBytes, rxPackets, rxErrs, rxDrops, txBytes, txPackets, txErrs, txDrops;
struct priv_data *priv = get_priv_data(node->handle);
--
2.17.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v2 1/2] tools: use memcpy instead of strncpy in getBridge
2020-10-07 8:28 [PATCH v2 1/2] tools: use memcpy instead of strncpy in getBridge Bertrand Marquis
@ 2020-10-07 8:39 ` Jürgen Groß
2020-10-07 8:56 ` Bertrand Marquis
0 siblings, 1 reply; 5+ messages in thread
From: Jürgen Groß @ 2020-10-07 8:39 UTC (permalink / raw)
To: Bertrand Marquis, xen-devel; +Cc: Ian Jackson, Wei Liu
On 07.10.20 10:28, Bertrand Marquis wrote:
> Use memcpy in getBridge to prevent gcc warnings about truncated
> strings. We know that we might truncate it, so the gcc warning
> here is wrong.
> Revert previous change changing buffer sizes as bigger buffers
> are not needed.
>
> Signed-off-by: Bertrand Marquis <bertrand.marquis@arm.com>
> ---
> Changes in v2:
> Use MIN between string length of de->d_name and resultLen to copy only
> the minimum size required and prevent crossing to from an unallocated
> space.
> ---
> tools/libs/stat/xenstat_linux.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/tools/libs/stat/xenstat_linux.c b/tools/libs/stat/xenstat_linux.c
> index d2ee6fda64..0ace03af1b 100644
> --- a/tools/libs/stat/xenstat_linux.c
> +++ b/tools/libs/stat/xenstat_linux.c
> @@ -29,6 +29,7 @@
> #include <string.h>
> #include <unistd.h>
> #include <regex.h>
> +#include <xen-tools/libs.h>
>
> #include "xenstat_priv.h"
>
> @@ -78,7 +79,13 @@ static void getBridge(char *excludeName, char *result, size_t resultLen)
> sprintf(tmp, "/sys/class/net/%s/bridge", de->d_name);
>
> if (access(tmp, F_OK) == 0) {
> - strncpy(result, de->d_name, resultLen);
> + /*
> + * Do not use strncpy to prevent compiler warning with
> + * gcc >= 10.0
> + * If de->d_name is longer then resultLen we truncate it
s/then/than/
> + */
> + memcpy(result, de->d_name, MIN(strnlen(de->d_name,
> + sizeof(de->d_name)),resultLen - 1));
You can't use sizeof(de->d_name) here, as AFAIK there is no guarantee
that de->d_name isn't e.g. defined like "char d_name[]".
My suggestion to use NAME_MAX as upper boundary for the length was
really meant to be used that way.
And additionally you might want to add 1 to the strnlen() result in
order to copy the trailing 0-byte, too (or you should zero out the
result buffer before and omit writing the final zero byte).
Thinking more about it zeroing the result buffer is better as it even
covers the theoretical case of NAME_MAX being shorter than resultLen.
Juergen
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2 1/2] tools: use memcpy instead of strncpy in getBridge
2020-10-07 8:39 ` Jürgen Groß
@ 2020-10-07 8:56 ` Bertrand Marquis
2020-10-07 9:14 ` Jürgen Groß
0 siblings, 1 reply; 5+ messages in thread
From: Bertrand Marquis @ 2020-10-07 8:56 UTC (permalink / raw)
To: Jürgen Groß; +Cc: xen-devel, Ian Jackson, Wei Liu
Hi Jurgen,
> On 7 Oct 2020, at 09:39, Jürgen Groß <jgross@suse.com> wrote:
>
> On 07.10.20 10:28, Bertrand Marquis wrote:
>> Use memcpy in getBridge to prevent gcc warnings about truncated
>> strings. We know that we might truncate it, so the gcc warning
>> here is wrong.
>> Revert previous change changing buffer sizes as bigger buffers
>> are not needed.
>> Signed-off-by: Bertrand Marquis <bertrand.marquis@arm.com>
>> ---
>> Changes in v2:
>> Use MIN between string length of de->d_name and resultLen to copy only
>> the minimum size required and prevent crossing to from an unallocated
>> space.
>> ---
>> tools/libs/stat/xenstat_linux.c | 11 +++++++++--
>> 1 file changed, 9 insertions(+), 2 deletions(-)
>> diff --git a/tools/libs/stat/xenstat_linux.c b/tools/libs/stat/xenstat_linux.c
>> index d2ee6fda64..0ace03af1b 100644
>> --- a/tools/libs/stat/xenstat_linux.c
>> +++ b/tools/libs/stat/xenstat_linux.c
>> @@ -29,6 +29,7 @@
>> #include <string.h>
>> #include <unistd.h>
>> #include <regex.h>
>> +#include <xen-tools/libs.h>
>> #include "xenstat_priv.h"
>> @@ -78,7 +79,13 @@ static void getBridge(char *excludeName, char *result, size_t resultLen)
>> sprintf(tmp, "/sys/class/net/%s/bridge", de->d_name);
>> if (access(tmp, F_OK) == 0) {
>> - strncpy(result, de->d_name, resultLen);
>> + /*
>> + * Do not use strncpy to prevent compiler warning with
>> + * gcc >= 10.0
>> + * If de->d_name is longer then resultLen we truncate it
>
> s/then/than/
Will fix
>
>> + */
>> + memcpy(result, de->d_name, MIN(strnlen(de->d_name,
>> + sizeof(de->d_name)),resultLen - 1));
>
> You can't use sizeof(de->d_name) here, as AFAIK there is no guarantee
> that de->d_name isn't e.g. defined like "char d_name[]".
>
> My suggestion to use NAME_MAX as upper boundary for the length was
> really meant to be used that way.
>
> And additionally you might want to add 1 to the strnlen() result in
> order to copy the trailing 0-byte, too (or you should zero out the
> result buffer before and omit writing the final zero byte).
>
> Thinking more about it zeroing the result buffer is better as it even
> covers the theoretical case of NAME_MAX being shorter than resultLen.
Setting the result buffer completely to 0 and doing after a copy sounds like
a big complexity.
How about:
copysize = MIN(strnlen(de->d_name,NAME_MAX), resultLen - 1);
memcpy(result, de->d_name, copysize);
result[copysize + 1] = 0
This would cover the case where NAME_MAX is shorter then resultLen.
Cheers
Bertrand
>
>
> Juergen
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2 1/2] tools: use memcpy instead of strncpy in getBridge
2020-10-07 8:56 ` Bertrand Marquis
@ 2020-10-07 9:14 ` Jürgen Groß
2020-10-07 9:20 ` Bertrand Marquis
0 siblings, 1 reply; 5+ messages in thread
From: Jürgen Groß @ 2020-10-07 9:14 UTC (permalink / raw)
To: Bertrand Marquis; +Cc: xen-devel, Ian Jackson, Wei Liu
On 07.10.20 10:56, Bertrand Marquis wrote:
> Hi Jurgen,
>
>> On 7 Oct 2020, at 09:39, Jürgen Groß <jgross@suse.com> wrote:
>>
>> On 07.10.20 10:28, Bertrand Marquis wrote:
>>> Use memcpy in getBridge to prevent gcc warnings about truncated
>>> strings. We know that we might truncate it, so the gcc warning
>>> here is wrong.
>>> Revert previous change changing buffer sizes as bigger buffers
>>> are not needed.
>>> Signed-off-by: Bertrand Marquis <bertrand.marquis@arm.com>
>>> ---
>>> Changes in v2:
>>> Use MIN between string length of de->d_name and resultLen to copy only
>>> the minimum size required and prevent crossing to from an unallocated
>>> space.
>>> ---
>>> tools/libs/stat/xenstat_linux.c | 11 +++++++++--
>>> 1 file changed, 9 insertions(+), 2 deletions(-)
>>> diff --git a/tools/libs/stat/xenstat_linux.c b/tools/libs/stat/xenstat_linux.c
>>> index d2ee6fda64..0ace03af1b 100644
>>> --- a/tools/libs/stat/xenstat_linux.c
>>> +++ b/tools/libs/stat/xenstat_linux.c
>>> @@ -29,6 +29,7 @@
>>> #include <string.h>
>>> #include <unistd.h>
>>> #include <regex.h>
>>> +#include <xen-tools/libs.h>
>>> #include "xenstat_priv.h"
>>> @@ -78,7 +79,13 @@ static void getBridge(char *excludeName, char *result, size_t resultLen)
>>> sprintf(tmp, "/sys/class/net/%s/bridge", de->d_name);
>>> if (access(tmp, F_OK) == 0) {
>>> - strncpy(result, de->d_name, resultLen);
>>> + /*
>>> + * Do not use strncpy to prevent compiler warning with
>>> + * gcc >= 10.0
>>> + * If de->d_name is longer then resultLen we truncate it
>>
>> s/then/than/
>
> Will fix
>
>>
>>> + */
>>> + memcpy(result, de->d_name, MIN(strnlen(de->d_name,
>>> + sizeof(de->d_name)),resultLen - 1));
>>
>> You can't use sizeof(de->d_name) here, as AFAIK there is no guarantee
>> that de->d_name isn't e.g. defined like "char d_name[]".
>>
>> My suggestion to use NAME_MAX as upper boundary for the length was
>> really meant to be used that way.
>>
>> And additionally you might want to add 1 to the strnlen() result in
>> order to copy the trailing 0-byte, too (or you should zero out the
>> result buffer before and omit writing the final zero byte).
>>
>> Thinking more about it zeroing the result buffer is better as it even
>> covers the theoretical case of NAME_MAX being shorter than resultLen.
>
> Setting the result buffer completely to 0 and doing after a copy sounds like
> a big complexity.
>
> How about:
> copysize = MIN(strnlen(de->d_name,NAME_MAX), resultLen - 1);
> memcpy(result, de->d_name, copysize);
> result[copysize + 1] = 0
result[copysize] = 0;
>
> This would cover the case where NAME_MAX is shorter then resultLen.
Why is:
memset(result, 0, resultLen);
memcpy(result, de->d_name, MIN(strnlen(de->d_name,NAME_MAX), resultLen -
1));
A big complexity?
In the end both variants are fine.
Juergen
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2 1/2] tools: use memcpy instead of strncpy in getBridge
2020-10-07 9:14 ` Jürgen Groß
@ 2020-10-07 9:20 ` Bertrand Marquis
0 siblings, 0 replies; 5+ messages in thread
From: Bertrand Marquis @ 2020-10-07 9:20 UTC (permalink / raw)
To: Jürgen Groß; +Cc: xen-devel, Ian Jackson, Wei Liu
> On 7 Oct 2020, at 10:14, Jürgen Groß <jgross@suse.com> wrote:
>
> On 07.10.20 10:56, Bertrand Marquis wrote:
>> Hi Jurgen,
>>> On 7 Oct 2020, at 09:39, Jürgen Groß <jgross@suse.com> wrote:
>>>
>>> On 07.10.20 10:28, Bertrand Marquis wrote:
>>>> Use memcpy in getBridge to prevent gcc warnings about truncated
>>>> strings. We know that we might truncate it, so the gcc warning
>>>> here is wrong.
>>>> Revert previous change changing buffer sizes as bigger buffers
>>>> are not needed.
>>>> Signed-off-by: Bertrand Marquis <bertrand.marquis@arm.com>
>>>> ---
>>>> Changes in v2:
>>>> Use MIN between string length of de->d_name and resultLen to copy only
>>>> the minimum size required and prevent crossing to from an unallocated
>>>> space.
>>>> ---
>>>> tools/libs/stat/xenstat_linux.c | 11 +++++++++--
>>>> 1 file changed, 9 insertions(+), 2 deletions(-)
>>>> diff --git a/tools/libs/stat/xenstat_linux.c b/tools/libs/stat/xenstat_linux.c
>>>> index d2ee6fda64..0ace03af1b 100644
>>>> --- a/tools/libs/stat/xenstat_linux.c
>>>> +++ b/tools/libs/stat/xenstat_linux.c
>>>> @@ -29,6 +29,7 @@
>>>> #include <string.h>
>>>> #include <unistd.h>
>>>> #include <regex.h>
>>>> +#include <xen-tools/libs.h>
>>>> #include "xenstat_priv.h"
>>>> @@ -78,7 +79,13 @@ static void getBridge(char *excludeName, char *result, size_t resultLen)
>>>> sprintf(tmp, "/sys/class/net/%s/bridge", de->d_name);
>>>> if (access(tmp, F_OK) == 0) {
>>>> - strncpy(result, de->d_name, resultLen);
>>>> + /*
>>>> + * Do not use strncpy to prevent compiler warning with
>>>> + * gcc >= 10.0
>>>> + * If de->d_name is longer then resultLen we truncate it
>>>
>>> s/then/than/
>> Will fix
>>>
>>>> + */
>>>> + memcpy(result, de->d_name, MIN(strnlen(de->d_name,
>>>> + sizeof(de->d_name)),resultLen - 1));
>>>
>>> You can't use sizeof(de->d_name) here, as AFAIK there is no guarantee
>>> that de->d_name isn't e.g. defined like "char d_name[]".
>>>
>>> My suggestion to use NAME_MAX as upper boundary for the length was
>>> really meant to be used that way.
>>>
>>> And additionally you might want to add 1 to the strnlen() result in
>>> order to copy the trailing 0-byte, too (or you should zero out the
>>> result buffer before and omit writing the final zero byte).
>>>
>>> Thinking more about it zeroing the result buffer is better as it even
>>> covers the theoretical case of NAME_MAX being shorter than resultLen.
>> Setting the result buffer completely to 0 and doing after a copy sounds like
>> a big complexity.
>> How about:
>> copysize = MIN(strnlen(de->d_name,NAME_MAX), resultLen - 1);
>> memcpy(result, de->d_name, copysize);
>> result[copysize + 1] = 0
>
> result[copysize] = 0;
>
>> This would cover the case where NAME_MAX is shorter then resultLen.
>
> Why is:
>
> memset(result, 0, resultLen);
> memcpy(result, de->d_name, MIN(strnlen(de->d_name,NAME_MAX), resultLen - 1));
>
> A big complexity?
it is potentially more computation (complexity was not the right word maybe).
>
> In the end both variants are fine.
in the end I am fully ok with any, at then end there is no performance issue here.
I will use use the memset solution and push a v3.
Cheers
Bertrand
>
>
> Juergen
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-10-07 9:21 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-07 8:28 [PATCH v2 1/2] tools: use memcpy instead of strncpy in getBridge Bertrand Marquis
2020-10-07 8:39 ` Jürgen Groß
2020-10-07 8:56 ` Bertrand Marquis
2020-10-07 9:14 ` Jürgen Groß
2020-10-07 9:20 ` Bertrand Marquis
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).