* [Qemu-devel] [PATCH] jazz_led: fix bad snprintf
@ 2017-05-03 10:44 Paolo Bonzini
2017-05-03 10:51 ` [Qemu-devel] [Qemu-trivial] " Laurent Vivier
` (3 more replies)
0 siblings, 4 replies; 11+ messages in thread
From: Paolo Bonzini @ 2017-05-03 10:44 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-trivial, leon.alrae
Detected by GCC 7's -Wformat-truncation. snprintf writes at most
2 bytes here including the terminating NUL, so the result is
truncated. In addition, the newline at the end is pointless.
Fix the buffer size and the format string.
---
hw/display/jazz_led.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/display/jazz_led.c b/hw/display/jazz_led.c
index b72fdb1717..3c97d56434 100644
--- a/hw/display/jazz_led.c
+++ b/hw/display/jazz_led.c
@@ -227,13 +227,13 @@ static void jazz_led_invalidate_display(void *opaque)
static void jazz_led_text_update(void *opaque, console_ch_t *chardata)
{
LedState *s = opaque;
- char buf[2];
+ char buf[3];
dpy_text_cursor(s->con, -1, -1);
qemu_console_resize(s->con, 2, 1);
/* TODO: draw the segments */
- snprintf(buf, 2, "%02hhx\n", s->segments);
+ snprintf(buf, 3, "%02hhx", s->segments);
console_write_ch(chardata++, ATTR2CHTYPE(buf[0], QEMU_COLOR_BLUE,
QEMU_COLOR_BLACK, 1));
console_write_ch(chardata++, ATTR2CHTYPE(buf[1], QEMU_COLOR_BLUE,
--
2.12.2
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [Qemu-devel] [Qemu-trivial] [PATCH] jazz_led: fix bad snprintf
2017-05-03 10:44 [Qemu-devel] [PATCH] jazz_led: fix bad snprintf Paolo Bonzini
@ 2017-05-03 10:51 ` Laurent Vivier
2017-05-03 11:38 ` [Qemu-devel] " Markus Armbruster
` (2 subsequent siblings)
3 siblings, 0 replies; 11+ messages in thread
From: Laurent Vivier @ 2017-05-03 10:51 UTC (permalink / raw)
To: Paolo Bonzini, qemu-devel; +Cc: qemu-trivial, leon.alrae
On 03/05/2017 12:44, Paolo Bonzini wrote:
> Detected by GCC 7's -Wformat-truncation. snprintf writes at most
> 2 bytes here including the terminating NUL, so the result is
> truncated. In addition, the newline at the end is pointless.
> Fix the buffer size and the format string.
> ---
> hw/display/jazz_led.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/hw/display/jazz_led.c b/hw/display/jazz_led.c
> index b72fdb1717..3c97d56434 100644
> --- a/hw/display/jazz_led.c
> +++ b/hw/display/jazz_led.c
> @@ -227,13 +227,13 @@ static void jazz_led_invalidate_display(void *opaque)
> static void jazz_led_text_update(void *opaque, console_ch_t *chardata)
> {
> LedState *s = opaque;
> - char buf[2];
> + char buf[3];
>
> dpy_text_cursor(s->con, -1, -1);
> qemu_console_resize(s->con, 2, 1);
>
> /* TODO: draw the segments */
> - snprintf(buf, 2, "%02hhx\n", s->segments);
> + snprintf(buf, 3, "%02hhx", s->segments);
> console_write_ch(chardata++, ATTR2CHTYPE(buf[0], QEMU_COLOR_BLUE,
> QEMU_COLOR_BLACK, 1));
> console_write_ch(chardata++, ATTR2CHTYPE(buf[1], QEMU_COLOR_BLUE,
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Qemu-devel] [PATCH] jazz_led: fix bad snprintf
2017-05-03 10:44 [Qemu-devel] [PATCH] jazz_led: fix bad snprintf Paolo Bonzini
2017-05-03 10:51 ` [Qemu-devel] [Qemu-trivial] " Laurent Vivier
@ 2017-05-03 11:38 ` Markus Armbruster
2017-05-03 11:54 ` Paolo Bonzini
2017-05-05 6:24 ` Michael Tokarev
2017-05-05 9:47 ` Michael Tokarev
3 siblings, 1 reply; 11+ messages in thread
From: Markus Armbruster @ 2017-05-03 11:38 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: qemu-devel, qemu-trivial, leon.alrae
Paolo Bonzini <pbonzini@redhat.com> writes:
> Detected by GCC 7's -Wformat-truncation. snprintf writes at most
> 2 bytes here including the terminating NUL, so the result is
> truncated. In addition, the newline at the end is pointless.
> Fix the buffer size and the format string.
> ---
> hw/display/jazz_led.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/hw/display/jazz_led.c b/hw/display/jazz_led.c
> index b72fdb1717..3c97d56434 100644
> --- a/hw/display/jazz_led.c
> +++ b/hw/display/jazz_led.c
> @@ -227,13 +227,13 @@ static void jazz_led_invalidate_display(void *opaque)
> static void jazz_led_text_update(void *opaque, console_ch_t *chardata)
> {
> LedState *s = opaque;
> - char buf[2];
> + char buf[3];
>
> dpy_text_cursor(s->con, -1, -1);
> qemu_console_resize(s->con, 2, 1);
>
> /* TODO: draw the segments */
> - snprintf(buf, 2, "%02hhx\n", s->segments);
> + snprintf(buf, 3, "%02hhx", s->segments);
> console_write_ch(chardata++, ATTR2CHTYPE(buf[0], QEMU_COLOR_BLUE,
> QEMU_COLOR_BLACK, 1));
> console_write_ch(chardata++, ATTR2CHTYPE(buf[1], QEMU_COLOR_BLUE,
Since we're only every interested in the first two characters, the
truncation is totally harmless. Thus, your patch cleans doesn't really
"fix bad snprintf", it cleans up an unclean one. Consider rewording the
commit message accordingly.
Regardless,
Reviewed-by: Markus Armbruster <armbru@redhat.com>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Qemu-devel] [PATCH] jazz_led: fix bad snprintf
2017-05-03 11:38 ` [Qemu-devel] " Markus Armbruster
@ 2017-05-03 11:54 ` Paolo Bonzini
2017-05-03 12:12 ` [Qemu-devel] [Qemu-trivial] " Laurent Vivier
2017-05-03 12:56 ` [Qemu-devel] " Markus Armbruster
0 siblings, 2 replies; 11+ messages in thread
From: Paolo Bonzini @ 2017-05-03 11:54 UTC (permalink / raw)
To: Markus Armbruster; +Cc: qemu-devel, qemu-trivial, leon.alrae
On 03/05/2017 13:38, Markus Armbruster wrote:
> Paolo Bonzini <pbonzini@redhat.com> writes:
>
>> Detected by GCC 7's -Wformat-truncation. snprintf writes at most
>> 2 bytes here including the terminating NUL, so the result is
>> truncated. In addition, the newline at the end is pointless.
>> Fix the buffer size and the format string.
>> ---
>> hw/display/jazz_led.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/hw/display/jazz_led.c b/hw/display/jazz_led.c
>> index b72fdb1717..3c97d56434 100644
>> --- a/hw/display/jazz_led.c
>> +++ b/hw/display/jazz_led.c
>> @@ -227,13 +227,13 @@ static void jazz_led_invalidate_display(void *opaque)
>> static void jazz_led_text_update(void *opaque, console_ch_t *chardata)
>> {
>> LedState *s = opaque;
>> - char buf[2];
>> + char buf[3];
>>
>> dpy_text_cursor(s->con, -1, -1);
>> qemu_console_resize(s->con, 2, 1);
>>
>> /* TODO: draw the segments */
>> - snprintf(buf, 2, "%02hhx\n", s->segments);
>> + snprintf(buf, 3, "%02hhx", s->segments);
>> console_write_ch(chardata++, ATTR2CHTYPE(buf[0], QEMU_COLOR_BLUE,
>> QEMU_COLOR_BLACK, 1));
>> console_write_ch(chardata++, ATTR2CHTYPE(buf[1], QEMU_COLOR_BLUE,
>
> Since we're only every interested in the first two characters, the
> truncation is totally harmless. Thus, your patch cleans doesn't really
> "fix bad snprintf", it cleans up an unclean one. Consider rewording the
> commit message accordingly.
My reading is that buf[1] is always '\0' in the current code: "snprintf
writes at most 2 bytes here including the terminating NUL, so the result
is truncated".
Paolo
> Regardless,
> Reviewed-by: Markus Armbruster <armbru@redhat.com>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Qemu-devel] [Qemu-trivial] [PATCH] jazz_led: fix bad snprintf
2017-05-03 11:54 ` Paolo Bonzini
@ 2017-05-03 12:12 ` Laurent Vivier
2017-05-03 12:56 ` [Qemu-devel] " Markus Armbruster
1 sibling, 0 replies; 11+ messages in thread
From: Laurent Vivier @ 2017-05-03 12:12 UTC (permalink / raw)
To: Paolo Bonzini, Markus Armbruster; +Cc: qemu-trivial, leon.alrae, qemu-devel
On 03/05/2017 13:54, Paolo Bonzini wrote:
>
>
> On 03/05/2017 13:38, Markus Armbruster wrote:
>> Paolo Bonzini <pbonzini@redhat.com> writes:
>>
>>> Detected by GCC 7's -Wformat-truncation. snprintf writes at most
>>> 2 bytes here including the terminating NUL, so the result is
>>> truncated. In addition, the newline at the end is pointless.
>>> Fix the buffer size and the format string.
>>> ---
>>> hw/display/jazz_led.c | 4 ++--
>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/hw/display/jazz_led.c b/hw/display/jazz_led.c
>>> index b72fdb1717..3c97d56434 100644
>>> --- a/hw/display/jazz_led.c
>>> +++ b/hw/display/jazz_led.c
>>> @@ -227,13 +227,13 @@ static void jazz_led_invalidate_display(void *opaque)
>>> static void jazz_led_text_update(void *opaque, console_ch_t *chardata)
>>> {
>>> LedState *s = opaque;
>>> - char buf[2];
>>> + char buf[3];
>>>
>>> dpy_text_cursor(s->con, -1, -1);
>>> qemu_console_resize(s->con, 2, 1);
>>>
>>> /* TODO: draw the segments */
>>> - snprintf(buf, 2, "%02hhx\n", s->segments);
>>> + snprintf(buf, 3, "%02hhx", s->segments);
>>> console_write_ch(chardata++, ATTR2CHTYPE(buf[0], QEMU_COLOR_BLUE,
>>> QEMU_COLOR_BLACK, 1));
>>> console_write_ch(chardata++, ATTR2CHTYPE(buf[1], QEMU_COLOR_BLUE,
>>
>> Since we're only every interested in the first two characters, the
>> truncation is totally harmless. Thus, your patch cleans doesn't really
>> "fix bad snprintf", it cleans up an unclean one. Consider rewording the
>> commit message accordingly.
>
> My reading is that buf[1] is always '\0' in the current code: "snprintf
> writes at most 2 bytes here including the terminating NUL, so the result
> is truncated".
I agree, from printf(3):
"int snprintf(char *str, size_t size, const char *format, ...);
...
The functions snprintf() and vsnprintf() write at most size bytes
(including the terminating null byte ('\0')) to str."
Laurent
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Qemu-devel] [PATCH] jazz_led: fix bad snprintf
2017-05-03 11:54 ` Paolo Bonzini
2017-05-03 12:12 ` [Qemu-devel] [Qemu-trivial] " Laurent Vivier
@ 2017-05-03 12:56 ` Markus Armbruster
2017-05-03 13:10 ` Paolo Bonzini
1 sibling, 1 reply; 11+ messages in thread
From: Markus Armbruster @ 2017-05-03 12:56 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: qemu-trivial, leon.alrae, qemu-devel
Paolo Bonzini <pbonzini@redhat.com> writes:
> On 03/05/2017 13:38, Markus Armbruster wrote:
>> Paolo Bonzini <pbonzini@redhat.com> writes:
>>
>>> Detected by GCC 7's -Wformat-truncation. snprintf writes at most
>>> 2 bytes here including the terminating NUL, so the result is
>>> truncated. In addition, the newline at the end is pointless.
>>> Fix the buffer size and the format string.
>>> ---
>>> hw/display/jazz_led.c | 4 ++--
>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/hw/display/jazz_led.c b/hw/display/jazz_led.c
>>> index b72fdb1717..3c97d56434 100644
>>> --- a/hw/display/jazz_led.c
>>> +++ b/hw/display/jazz_led.c
>>> @@ -227,13 +227,13 @@ static void jazz_led_invalidate_display(void *opaque)
>>> static void jazz_led_text_update(void *opaque, console_ch_t *chardata)
>>> {
>>> LedState *s = opaque;
>>> - char buf[2];
>>> + char buf[3];
>>>
>>> dpy_text_cursor(s->con, -1, -1);
>>> qemu_console_resize(s->con, 2, 1);
>>>
>>> /* TODO: draw the segments */
>>> - snprintf(buf, 2, "%02hhx\n", s->segments);
>>> + snprintf(buf, 3, "%02hhx", s->segments);
>>> console_write_ch(chardata++, ATTR2CHTYPE(buf[0], QEMU_COLOR_BLUE,
>>> QEMU_COLOR_BLACK, 1));
>>> console_write_ch(chardata++, ATTR2CHTYPE(buf[1], QEMU_COLOR_BLUE,
>>
>> Since we're only every interested in the first two characters, the
>> truncation is totally harmless. Thus, your patch cleans doesn't really
>> "fix bad snprintf", it cleans up an unclean one. Consider rewording the
>> commit message accordingly.
>
> My reading is that buf[1] is always '\0' in the current code: "snprintf
> writes at most 2 bytes here including the terminating NUL, so the result
> is truncated".
You're right; I forgot that snprintf() always adds a NUL. So this *is*
broken: we write NUL instead of the second digit. Mentioning this in
the commit message wouldn't hurt.
>
> Paolo
>
>> Regardless,
>> Reviewed-by: Markus Armbruster <armbru@redhat.com>
>>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Qemu-devel] [PATCH] jazz_led: fix bad snprintf
2017-05-03 12:56 ` [Qemu-devel] " Markus Armbruster
@ 2017-05-03 13:10 ` Paolo Bonzini
2017-05-03 13:33 ` Markus Armbruster
0 siblings, 1 reply; 11+ messages in thread
From: Paolo Bonzini @ 2017-05-03 13:10 UTC (permalink / raw)
To: Markus Armbruster; +Cc: qemu-trivial, leon.alrae, qemu-devel
On 03/05/2017 14:56, Markus Armbruster wrote:
>> snprintf writes at most 2 bytes here including the terminating NUL, so
>> the result is truncated".
>
> You're right; I forgot that snprintf() always adds a NUL. So this *is*
> broken: we write NUL instead of the second digit. Mentioning this in
> the commit message wouldn't hurt.
Well, it does, see the quote. :)
Paolo
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Qemu-devel] [PATCH] jazz_led: fix bad snprintf
2017-05-03 13:10 ` Paolo Bonzini
@ 2017-05-03 13:33 ` Markus Armbruster
0 siblings, 0 replies; 11+ messages in thread
From: Markus Armbruster @ 2017-05-03 13:33 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: qemu-trivial, leon.alrae, qemu-devel
Paolo Bonzini <pbonzini@redhat.com> writes:
> On 03/05/2017 14:56, Markus Armbruster wrote:
>>> snprintf writes at most 2 bytes here including the terminating NUL, so
>>> the result is truncated".
>>
>> You're right; I forgot that snprintf() always adds a NUL. So this *is*
>> broken: we write NUL instead of the second digit. Mentioning this in
>> the commit message wouldn't hurt.
>
> Well, it does, see the quote. :)
Yes, snprintf() truncates, but that's *internal* to
jazz_led_text_update(). The *external* effect isn't quite truncation,
it's writing NUL to the console instead of the second digit. That's
truncation only if the console ignores NUL. It might; I don't know.
Anyway, no big deal.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Qemu-devel] [PATCH] jazz_led: fix bad snprintf
2017-05-03 10:44 [Qemu-devel] [PATCH] jazz_led: fix bad snprintf Paolo Bonzini
2017-05-03 10:51 ` [Qemu-devel] [Qemu-trivial] " Laurent Vivier
2017-05-03 11:38 ` [Qemu-devel] " Markus Armbruster
@ 2017-05-05 6:24 ` Michael Tokarev
2017-05-05 7:22 ` Paolo Bonzini
2017-05-05 9:47 ` Michael Tokarev
3 siblings, 1 reply; 11+ messages in thread
From: Michael Tokarev @ 2017-05-05 6:24 UTC (permalink / raw)
To: Paolo Bonzini, qemu-devel; +Cc: qemu-trivial, leon.alrae
03.05.2017 13:44, Paolo Bonzini wrote:
> Detected by GCC 7's -Wformat-truncation. snprintf writes at most
> 2 bytes here including the terminating NUL, so the result is
> truncated. In addition, the newline at the end is pointless.
> Fix the buffer size and the format string.
Polo, that's quite a bit too bureaucratic,
but where's your s-o-b for this patch? :)
Thanks,
/mjt
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Qemu-devel] [PATCH] jazz_led: fix bad snprintf
2017-05-05 6:24 ` Michael Tokarev
@ 2017-05-05 7:22 ` Paolo Bonzini
0 siblings, 0 replies; 11+ messages in thread
From: Paolo Bonzini @ 2017-05-05 7:22 UTC (permalink / raw)
To: Michael Tokarev, qemu-devel; +Cc: qemu-trivial, leon.alrae
On 05/05/2017 08:24, Michael Tokarev wrote:
> 03.05.2017 13:44, Paolo Bonzini wrote:
>> Detected by GCC 7's -Wformat-truncation. snprintf writes at most
>> 2 bytes here including the terminating NUL, so the result is
>> truncated. In addition, the newline at the end is pointless.
>> Fix the buffer size and the format string.
>
> Polo, that's quite a bit too bureaucratic,
> but where's your s-o-b for this patch? :)
Oops, here:
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo
>
> Thanks,
>
> /mjt
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Qemu-devel] [PATCH] jazz_led: fix bad snprintf
2017-05-03 10:44 [Qemu-devel] [PATCH] jazz_led: fix bad snprintf Paolo Bonzini
` (2 preceding siblings ...)
2017-05-05 6:24 ` Michael Tokarev
@ 2017-05-05 9:47 ` Michael Tokarev
3 siblings, 0 replies; 11+ messages in thread
From: Michael Tokarev @ 2017-05-05 9:47 UTC (permalink / raw)
To: Paolo Bonzini, qemu-devel; +Cc: qemu-trivial, leon.alrae
03.05.2017 13:44, Paolo Bonzini wrote:
> Detected by GCC 7's -Wformat-truncation. snprintf writes at most
> 2 bytes here including the terminating NUL, so the result is
> truncated. In addition, the newline at the end is pointless.
> Fix the buffer size and the format string.
Applied to -trivial, thanks!
/mjt
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2017-05-05 9:47 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-03 10:44 [Qemu-devel] [PATCH] jazz_led: fix bad snprintf Paolo Bonzini
2017-05-03 10:51 ` [Qemu-devel] [Qemu-trivial] " Laurent Vivier
2017-05-03 11:38 ` [Qemu-devel] " Markus Armbruster
2017-05-03 11:54 ` Paolo Bonzini
2017-05-03 12:12 ` [Qemu-devel] [Qemu-trivial] " Laurent Vivier
2017-05-03 12:56 ` [Qemu-devel] " Markus Armbruster
2017-05-03 13:10 ` Paolo Bonzini
2017-05-03 13:33 ` Markus Armbruster
2017-05-05 6:24 ` Michael Tokarev
2017-05-05 7:22 ` Paolo Bonzini
2017-05-05 9:47 ` Michael Tokarev
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.