From: Paolo Bonzini <pbonzini@redhat.com>
To: Thomas Huth <thuth@redhat.com>, Chetan <chetan4windows@gmail.com>,
qemu-devel@nongnu.org, Peter Maydell <peter.maydell@linaro.org>
Subject: Re: Better alternative to strncpy in QEMU.
Date: Tue, 13 Apr 2021 09:32:22 +0200 [thread overview]
Message-ID: <1d9b49b5-a771-8b5e-1220-ba82efc9572e@redhat.com> (raw)
In-Reply-To: <162f832d-ea91-a8f4-6f1d-56cda086f481@redhat.com>
On 12/04/21 06:51, Thomas Huth wrote:
>>
>
> I think this is pretty much the same as g_strlcpy() from the glib:
>
> https://developer.gnome.org/glib/2.66/glib-String-Utility-Functions.html#g-strlcpy
>
> So I guess Paolo had something different in mind when adding this task?
Yes, I did. strncpy is used legitimately when placing data in a
fixed-size buffer that is written to a socket, to a file or to guest
memory. The problem with using g_strlcpy in those cases is that it does
not write past the first '\0' character, and therefore it can leak host
data.
What I had in mind was basically strncpy plus an assertion that the last
copied byte will be set to 0. It can be written in many ways, for
example strncpy followed by assert(dest[destlen - 1] == '\0'), or like
assert(strlen(src) < destlen) followed by strncpy, or of course you
could write a for loop by hand.
Once you do that, you can split uses of strncpy in two: those where the
reader expects the last byte to be zero, and those where the reader does
not. (I don't expect many cases of the first type, because the reader
always has to think of how to handle a malicious data stream that does
not have a zero termination).
As long as you avoid the accidentally quadratic behavior that Peter
pointed out, any way is fine since performance does not matter on these
paths. Making the code nice and readable is more important.
Paolo
next prev parent reply other threads:[~2021-04-13 7:33 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-11 13:50 Better alternative to strncpy in QEMU Chetan
2021-04-12 4:51 ` Thomas Huth
2021-04-13 7:32 ` Paolo Bonzini [this message]
2021-04-12 13:19 ` Peter Maydell
2021-04-13 2:50 ` Chetan
[not found] <mailman.36964.1618210428.30242.qemu-devel@nongnu.org>
2021-04-12 12:48 ` Bruno Piazera Larsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1d9b49b5-a771-8b5e-1220-ba82efc9572e@redhat.com \
--to=pbonzini@redhat.com \
--cc=chetan4windows@gmail.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.