* [PATCH 0/3] mdadm: Fix some building errors
@ 2017-03-17 11:55 Xiao Ni
2017-03-17 11:55 ` [PATCH 1/3] mdadm: Replace snprintf with strncpy at some places to avoid truncation Xiao Ni
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Xiao Ni @ 2017-03-17 11:55 UTC (permalink / raw)
To: linux-raid; +Cc: Jes.Sorensen, ncroxon, artur.paszkiewicz
There are some error buildings in Fedora release 26 (Rawhide)
The gcc version is gcc (GCC) 7.0.1 20170211 (Red Hat 7.0.1-0.8)
There are three types of errors:
1. Fall through
mdadm.c:149:28: error: this statement may fall through [-Werror=implicit-fallthrough=]
if (mode == ASSEMBLE || mode == BUILD ||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mode == CREATE || mode == GROW ||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mode == INCREMENTAL || mode == MANAGE)
~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~
mdadm.c:151:3: note: here
case Brief:
^~~~
2. format-overflow
Detail.c: In function ‘Detail’:
Detail.c:584:31: error: ‘%s’ directive writing up to 255 bytes into a region of size 189 [-Werror=format-overflow=]
sprintf(path, "/sys/block/%s/md/metadata_version",
^~
Detail.c:584:5: note: ‘sprintf’ output between 32 and 287 bytes into a destination of size 200
sprintf(path, "/sys/block/%s/md/metadata_version",
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
de->d_name);
~~~~~~~~~~~
3. format-truncation
super-intel.c: In function ‘examine_super_imsm’:
super-intel.c:1815:30: error: ‘%s’ directive output may be truncated writing up to 31 bytes into a region of size 24 [-Werror=format-truncation=]
snprintf(str, MPB_SIG_LEN, "%s", mpb->sig);
^~
super-intel.c:1815:2: note: ‘snprintf’ output between 1 and 32 bytes into a destination of size 24
snprintf(str, MPB_SIG_LEN, "%s", mpb->sig);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Xiao Ni (3):
Replace snprintf with strncpy at some places to avoid truncation
Add Wimplicit-fallthrough=0 in Makefile
Specify enough length when write to buffer
Detail.c | 2 +-
Makefile | 5 +++++
super-intel.c | 11 +++++++----
super0.c | 2 +-
util.c | 2 +-
5 files changed, 15 insertions(+), 7 deletions(-)
--
2.7.4
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/3] mdadm: Replace snprintf with strncpy at some places to avoid truncation
2017-03-17 11:55 [PATCH 0/3] mdadm: Fix some building errors Xiao Ni
@ 2017-03-17 11:55 ` Xiao Ni
2017-03-17 19:55 ` jes.sorensen
2017-03-17 11:55 ` [PATCH 2/3] mdadm: Add Wimplicit-fallthrough=0 in Makefile Xiao Ni
2017-03-17 11:55 ` [PATCH 3/3] mdadm: Specify enough length when write to buffer Xiao Ni
2 siblings, 1 reply; 8+ messages in thread
From: Xiao Ni @ 2017-03-17 11:55 UTC (permalink / raw)
To: linux-raid; +Cc: Jes.Sorensen, ncroxon, artur.paszkiewicz
In gcc7 there are some building errors like:
directive output may be truncated writing up to 31 bytes into a region of size 24
snprintf(str, MPB_SIG_LEN, %s, mpb->sig);
It just need to copy one string to target. So use strncpy to replace it.
Signed-off-by: Xiao Ni <xni@redhat.com>
---
super-intel.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/super-intel.c b/super-intel.c
index d5e9517..e1618f1 100644
--- a/super-intel.c
+++ b/super-intel.c
@@ -1811,7 +1811,8 @@ static void examine_super_imsm(struct supertype *st, char *homehost)
__u32 reserved = imsm_reserved_sectors(super, super->disks);
struct dl *dl;
- snprintf(str, MPB_SIG_LEN, "%s", mpb->sig);
+ strncpy(str, (char *)mpb->sig, MPB_SIG_LEN);
+ str[MPB_SIG_LEN-1] = '\0';
printf(" Magic : %s\n", str);
snprintf(str, strlen(MPB_VERSION_RAID0), "%s", get_imsm_version(mpb));
printf(" Version : %s\n", get_imsm_version(mpb));
@@ -5227,7 +5228,7 @@ static int init_super_imsm_volume(struct supertype *st, mdu_array_info_t *info,
disk->status = CONFIGURED_DISK | FAILED_DISK;
disk->scsi_id = __cpu_to_le32(~(__u32)0);
snprintf((char *) disk->serial, MAX_RAID_SERIAL_LEN,
- "missing:%d", i);
+ "missing:%d", (__u8)i);
}
find_missing(super);
} else {
@@ -7142,14 +7143,16 @@ static int update_subarray_imsm(struct supertype *st, char *subarray,
u->type = update_rename_array;
u->dev_idx = vol;
- snprintf((char *) u->name, MAX_RAID_SERIAL_LEN, "%s", name);
+ strncpy((char *) u->name, name, MAX_RAID_SERIAL_LEN);
+ u->name[MAX_RAID_SERIAL_LEN-1] = '\0';
append_metadata_update(st, u, sizeof(*u));
} else {
struct imsm_dev *dev;
int i;
dev = get_imsm_dev(super, vol);
- snprintf((char *) dev->volume, MAX_RAID_SERIAL_LEN, "%s", name);
+ strncpy((char *) dev->volume, name, MAX_RAID_SERIAL_LEN);
+ dev->volume[MAX_RAID_SERIAL_LEN-1] = '\0';
for (i = 0; i < mpb->num_raid_devs; i++) {
dev = get_imsm_dev(super, i);
handle_missing(super, dev);
--
2.7.4
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/3] mdadm: Add Wimplicit-fallthrough=0 in Makefile
2017-03-17 11:55 [PATCH 0/3] mdadm: Fix some building errors Xiao Ni
2017-03-17 11:55 ` [PATCH 1/3] mdadm: Replace snprintf with strncpy at some places to avoid truncation Xiao Ni
@ 2017-03-17 11:55 ` Xiao Ni
2017-03-17 19:57 ` jes.sorensen
2017-03-17 11:55 ` [PATCH 3/3] mdadm: Specify enough length when write to buffer Xiao Ni
2 siblings, 1 reply; 8+ messages in thread
From: Xiao Ni @ 2017-03-17 11:55 UTC (permalink / raw)
To: linux-raid; +Cc: Jes.Sorensen, ncroxon, artur.paszkiewicz
There are many errors like 'error: this statement may fall through'.
But the logic is right. So add the flag Wimplicit-fallthrough=0
to disable the error messages. The method I use is from
https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
#index-Wimplicit-fallthrough-375
Signed-off-by: Xiao Ni <xni@redhat.com>
---
Makefile | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/Makefile b/Makefile
index a6f464c..d1a6ac4 100644
--- a/Makefile
+++ b/Makefile
@@ -48,6 +48,11 @@ ifdef WARN_UNUSED
CWFLAGS += -Wp,-D_FORTIFY_SOURCE=2 -O3
endif
+FALLTHROUGH := $(shell gcc -v --help 2>&1 | grep "implicit-fallthrough" | wc -l)
+ifneq "$(FALLTHROUGH)" "0"
+CWFLAGS += -Wimplicit-fallthrough=0
+endif
+
ifdef DEBIAN
CPPFLAGS += -DDEBIAN
endif
--
2.7.4
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 3/3] mdadm: Specify enough length when write to buffer
2017-03-17 11:55 [PATCH 0/3] mdadm: Fix some building errors Xiao Ni
2017-03-17 11:55 ` [PATCH 1/3] mdadm: Replace snprintf with strncpy at some places to avoid truncation Xiao Ni
2017-03-17 11:55 ` [PATCH 2/3] mdadm: Add Wimplicit-fallthrough=0 in Makefile Xiao Ni
@ 2017-03-17 11:55 ` Xiao Ni
2017-03-17 19:58 ` jes.sorensen
2 siblings, 1 reply; 8+ messages in thread
From: Xiao Ni @ 2017-03-17 11:55 UTC (permalink / raw)
To: linux-raid; +Cc: Jes.Sorensen, ncroxon, artur.paszkiewicz
In Detail.c the buffer path in function Detail is defined as path[200],
in fact the max lenth of content which needs to write to the buffer is
287. Because the length of dname of struct dirent is 255.
During building it reports error:
error: ‘%s’ directive writing up to 255 bytes into a region of size 189
[-Werror=format-overflow=]
In function examine_super0 there is a buffer nb with length 5.
But it need to show a int type argument. The lenght of max
number of int is 10. So the buffer length should be 11.
In human_size function the length of buf is 30. During building
there is a error:
output between 20 and 47 bytes into a destination of size 30.
Change the length to 47.
Signed-off-by: Xiao Ni <xni@redhat.com>
---
Detail.c | 2 +-
super0.c | 2 +-
util.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/Detail.c b/Detail.c
index 509b0d4..cb33794 100644
--- a/Detail.c
+++ b/Detail.c
@@ -575,7 +575,7 @@ This is pretty boring
printf(" Member Arrays :");
while (dir && (de = readdir(dir)) != NULL) {
- char path[200];
+ char path[287];
char vbuf[1024];
int nlen = strlen(sra->sys_name);
dev_t devid;
diff --git a/super0.c b/super0.c
index 938cfd9..f5b4507 100644
--- a/super0.c
+++ b/super0.c
@@ -231,7 +231,7 @@ static void examine_super0(struct supertype *st, char *homehost)
d++) {
mdp_disk_t *dp;
char *dv;
- char nb[5];
+ char nb[11];
int wonly, failfast;
if (d>=0) dp = &sb->disks[d];
else dp = &sb->this_disk;
diff --git a/util.c b/util.c
index f100972..32bd909 100644
--- a/util.c
+++ b/util.c
@@ -811,7 +811,7 @@ unsigned long calc_csum(void *super, int bytes)
#ifndef MDASSEMBLE
char *human_size(long long bytes)
{
- static char buf[30];
+ static char buf[47];
/* We convert bytes to either centi-M{ega,ibi}bytes or
* centi-G{igi,ibi}bytes, with appropriate rounding,
--
2.7.4
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 1/3] mdadm: Replace snprintf with strncpy at some places to avoid truncation
2017-03-17 11:55 ` [PATCH 1/3] mdadm: Replace snprintf with strncpy at some places to avoid truncation Xiao Ni
@ 2017-03-17 19:55 ` jes.sorensen
2017-03-18 1:02 ` Xiao Ni
0 siblings, 1 reply; 8+ messages in thread
From: jes.sorensen @ 2017-03-17 19:55 UTC (permalink / raw)
To: Xiao Ni; +Cc: linux-raid, ncroxon, artur.paszkiewicz
Xiao Ni <xni@redhat.com> writes:
> In gcc7 there are some building errors like:
> directive output may be truncated writing up to 31 bytes into a region of size 24
> snprintf(str, MPB_SIG_LEN, %s, mpb->sig);
>
> It just need to copy one string to target. So use strncpy to replace it.
>
> Signed-off-by: Xiao Ni <xni@redhat.com>
> ---
> super-intel.c | 11 +++++++----
> 1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/super-intel.c b/super-intel.c
> index d5e9517..e1618f1 100644
> --- a/super-intel.c
> +++ b/super-intel.c
> @@ -1811,7 +1811,8 @@ static void examine_super_imsm(struct supertype *st, char *homehost)
> __u32 reserved = imsm_reserved_sectors(super, super->disks);
> struct dl *dl;
>
> - snprintf(str, MPB_SIG_LEN, "%s", mpb->sig);
> + strncpy(str, (char *)mpb->sig, MPB_SIG_LEN);
> + str[MPB_SIG_LEN-1] = '\0';
> printf(" Magic : %s\n", str);
> snprintf(str, strlen(MPB_VERSION_RAID0), "%s", get_imsm_version(mpb));
> printf(" Version : %s\n", get_imsm_version(mpb));
Given str is defined as 'char str[MAX_SIGNATURE_LENGTH]', it would be
more correct to use MAX_SIGNATURE_LENGTH as the size limit here.
> @@ -5227,7 +5228,7 @@ static int init_super_imsm_volume(struct supertype *st, mdu_array_info_t *info,
> disk->status = CONFIGURED_DISK | FAILED_DISK;
> disk->scsi_id = __cpu_to_le32(~(__u32)0);
> snprintf((char *) disk->serial, MAX_RAID_SERIAL_LEN,
> - "missing:%d", i);
> + "missing:%d", (__u8)i);
> }
> find_missing(super);
> } else {
This is unrelated to the commit message.
> @@ -7142,14 +7143,16 @@ static int update_subarray_imsm(struct supertype *st, char *subarray,
>
> u->type = update_rename_array;
> u->dev_idx = vol;
> - snprintf((char *) u->name, MAX_RAID_SERIAL_LEN, "%s", name);
> + strncpy((char *) u->name, name, MAX_RAID_SERIAL_LEN);
> + u->name[MAX_RAID_SERIAL_LEN-1] = '\0';
> append_metadata_update(st, u, sizeof(*u));
> } else {
> struct imsm_dev *dev;
> int i;
>
> dev = get_imsm_dev(super, vol);
> - snprintf((char *) dev->volume, MAX_RAID_SERIAL_LEN, "%s", name);
> + strncpy((char *) dev->volume, name, MAX_RAID_SERIAL_LEN);
> + dev->volume[MAX_RAID_SERIAL_LEN-1] = '\0';
> for (i = 0; i < mpb->num_raid_devs; i++) {
> dev = get_imsm_dev(super, i);
> handle_missing(super, dev);
These two look fine.
Jes
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/3] mdadm: Add Wimplicit-fallthrough=0 in Makefile
2017-03-17 11:55 ` [PATCH 2/3] mdadm: Add Wimplicit-fallthrough=0 in Makefile Xiao Ni
@ 2017-03-17 19:57 ` jes.sorensen
0 siblings, 0 replies; 8+ messages in thread
From: jes.sorensen @ 2017-03-17 19:57 UTC (permalink / raw)
To: Xiao Ni; +Cc: linux-raid, ncroxon, artur.paszkiewicz
Xiao Ni <xni@redhat.com> writes:
> There are many errors like 'error: this statement may fall through'.
> But the logic is right. So add the flag Wimplicit-fallthrough=0
> to disable the error messages. The method I use is from
> https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
> #index-Wimplicit-fallthrough-375
>
> Signed-off-by: Xiao Ni <xni@redhat.com>
> ---
> Makefile | 5 +++++
> 1 file changed, 5 insertions(+)
Applied!
Thanks,
Jes
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 3/3] mdadm: Specify enough length when write to buffer
2017-03-17 11:55 ` [PATCH 3/3] mdadm: Specify enough length when write to buffer Xiao Ni
@ 2017-03-17 19:58 ` jes.sorensen
0 siblings, 0 replies; 8+ messages in thread
From: jes.sorensen @ 2017-03-17 19:58 UTC (permalink / raw)
To: Xiao Ni; +Cc: linux-raid, ncroxon, artur.paszkiewicz
Xiao Ni <xni@redhat.com> writes:
> In Detail.c the buffer path in function Detail is defined as path[200],
> in fact the max lenth of content which needs to write to the buffer is
> 287. Because the length of dname of struct dirent is 255.
> During building it reports error:
> error: ‘%s’ directive writing up to 255 bytes into a region of size 189
> [-Werror=format-overflow=]
>
> In function examine_super0 there is a buffer nb with length 5.
> But it need to show a int type argument. The lenght of max
> number of int is 10. So the buffer length should be 11.
>
> In human_size function the length of buf is 30. During building
> there is a error:
> output between 20 and 47 bytes into a destination of size 30.
> Change the length to 47.
>
> Signed-off-by: Xiao Ni <xni@redhat.com>
> ---
> Detail.c | 2 +-
> super0.c | 2 +-
> util.c | 2 +-
> 3 files changed, 3 insertions(+), 3 deletions(-)
Applied!
Thanks!
Jes
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/3] mdadm: Replace snprintf with strncpy at some places to avoid truncation
2017-03-17 19:55 ` jes.sorensen
@ 2017-03-18 1:02 ` Xiao Ni
0 siblings, 0 replies; 8+ messages in thread
From: Xiao Ni @ 2017-03-18 1:02 UTC (permalink / raw)
To: jes sorensen; +Cc: linux-raid, ncroxon, artur paszkiewicz
----- Original Message -----
> From: "jes sorensen" <jes.sorensen@gmail.com>
> To: "Xiao Ni" <xni@redhat.com>
> Cc: linux-raid@vger.kernel.org, ncroxon@redhat.com, "artur paszkiewicz" <artur.paszkiewicz@intel.com>
> Sent: Saturday, March 18, 2017 3:55:43 AM
> Subject: Re: [PATCH 1/3] mdadm: Replace snprintf with strncpy at some places to avoid truncation
>
> Xiao Ni <xni@redhat.com> writes:
> > In gcc7 there are some building errors like:
> > directive output may be truncated writing up to 31 bytes into a region of
> > size 24
> > snprintf(str, MPB_SIG_LEN, %s, mpb->sig);
> >
> > It just need to copy one string to target. So use strncpy to replace it.
> >
> > Signed-off-by: Xiao Ni <xni@redhat.com>
> > ---
> > super-intel.c | 11 +++++++----
> > 1 file changed, 7 insertions(+), 4 deletions(-)
> >
> > diff --git a/super-intel.c b/super-intel.c
> > index d5e9517..e1618f1 100644
> > --- a/super-intel.c
> > +++ b/super-intel.c
> > @@ -1811,7 +1811,8 @@ static void examine_super_imsm(struct supertype *st,
> > char *homehost)
> > __u32 reserved = imsm_reserved_sectors(super, super->disks);
> > struct dl *dl;
> >
> > - snprintf(str, MPB_SIG_LEN, "%s", mpb->sig);
> > + strncpy(str, (char *)mpb->sig, MPB_SIG_LEN);
> > + str[MPB_SIG_LEN-1] = '\0';
> > printf(" Magic : %s\n", str);
> > snprintf(str, strlen(MPB_VERSION_RAID0), "%s", get_imsm_version(mpb));
> > printf(" Version : %s\n", get_imsm_version(mpb));
>
> Given str is defined as 'char str[MAX_SIGNATURE_LENGTH]', it would be
> more correct to use MAX_SIGNATURE_LENGTH as the size limit here.
I talked with Artur about this. It should use MPB_SIG_LEN, because the mpb->sig
has version after the signature. It will print more if use MAX_SIGNATURE_LENGTH.
>
> > @@ -5227,7 +5228,7 @@ static int init_super_imsm_volume(struct supertype
> > *st, mdu_array_info_t *info,
> > disk->status = CONFIGURED_DISK | FAILED_DISK;
> > disk->scsi_id = __cpu_to_le32(~(__u32)0);
> > snprintf((char *) disk->serial, MAX_RAID_SERIAL_LEN,
> > - "missing:%d", i);
> > + "missing:%d", (__u8)i);
> > }
> > find_missing(super);
> > } else {
>
> This is unrelated to the commit message.
I'll re-send this patch later.
Regards
Xiao
>
> > @@ -7142,14 +7143,16 @@ static int update_subarray_imsm(struct supertype
> > *st, char *subarray,
> >
> > u->type = update_rename_array;
> > u->dev_idx = vol;
> > - snprintf((char *) u->name, MAX_RAID_SERIAL_LEN, "%s", name);
> > + strncpy((char *) u->name, name, MAX_RAID_SERIAL_LEN);
> > + u->name[MAX_RAID_SERIAL_LEN-1] = '\0';
> > append_metadata_update(st, u, sizeof(*u));
> > } else {
> > struct imsm_dev *dev;
> > int i;
> >
> > dev = get_imsm_dev(super, vol);
> > - snprintf((char *) dev->volume, MAX_RAID_SERIAL_LEN, "%s", name);
> > + strncpy((char *) dev->volume, name, MAX_RAID_SERIAL_LEN);
> > + dev->volume[MAX_RAID_SERIAL_LEN-1] = '\0';
> > for (i = 0; i < mpb->num_raid_devs; i++) {
> > dev = get_imsm_dev(super, i);
> > handle_missing(super, dev);
>
> These two look fine.
>
> Jes
> --
> To unsubscribe from this list: send the line "unsubscribe linux-raid" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-03-18 1:02 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-17 11:55 [PATCH 0/3] mdadm: Fix some building errors Xiao Ni
2017-03-17 11:55 ` [PATCH 1/3] mdadm: Replace snprintf with strncpy at some places to avoid truncation Xiao Ni
2017-03-17 19:55 ` jes.sorensen
2017-03-18 1:02 ` Xiao Ni
2017-03-17 11:55 ` [PATCH 2/3] mdadm: Add Wimplicit-fallthrough=0 in Makefile Xiao Ni
2017-03-17 19:57 ` jes.sorensen
2017-03-17 11:55 ` [PATCH 3/3] mdadm: Specify enough length when write to buffer Xiao Ni
2017-03-17 19:58 ` jes.sorensen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.