All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] firmware: tegra: fix strncpy()/strncat() confusion
@ 2020-10-26 16:10 Arnd Bergmann
  2020-10-26 16:35 ` Arvind Sankar
  0 siblings, 1 reply; 4+ messages in thread
From: Arnd Bergmann @ 2020-10-26 16:10 UTC (permalink / raw)
  To: Thierry Reding, Jonathan Hunter
  Cc: Arnd Bergmann, Thierry Reding, Timo Alho, linux-tegra, linux-kernel

From: Arnd Bergmann <arnd@arndb.de>

The way that bpmp_populate_debugfs_inband() uses strncpy()
and strncat() makes no sense since the size argument for
the first is insufficient to contain the trailing '/'
and the second passes the length of the input rather than
the output, which triggers a warning:

In function 'strncat',
    inlined from 'bpmp_populate_debugfs_inband' at ../drivers/firmware/tegra/bpmp-debugfs.c:422:4:
include/linux/string.h:289:30: warning: '__builtin_strncat' specified bound depends on the length of the source argument [-Wstringop-overflow=]
  289 | #define __underlying_strncat __builtin_strncat
      |                              ^
include/linux/string.h:367:10: note: in expansion of macro '__underlying_strncat'
  367 |   return __underlying_strncat(p, q, count);
      |          ^~~~~~~~~~~~~~~~~~~~
drivers/firmware/tegra/bpmp-debugfs.c: In function 'bpmp_populate_debugfs_inband':
include/linux/string.h:288:29: note: length computed here
  288 | #define __underlying_strlen __builtin_strlen
      |                             ^
include/linux/string.h:321:10: note: in expansion of macro '__underlying_strlen'
  321 |   return __underlying_strlen(p);

Simplify this to use an snprintf() instead.

Fixes: 5e37b9c137ee ("firmware: tegra: Add support for in-band debug")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 drivers/firmware/tegra/bpmp-debugfs.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/drivers/firmware/tegra/bpmp-debugfs.c b/drivers/firmware/tegra/bpmp-debugfs.c
index c1bbba9ee93a..9ec20ddc9a6b 100644
--- a/drivers/firmware/tegra/bpmp-debugfs.c
+++ b/drivers/firmware/tegra/bpmp-debugfs.c
@@ -412,16 +412,12 @@ static int bpmp_populate_debugfs_inband(struct tegra_bpmp *bpmp,
 				goto out;
 			}
 
-			len = strlen(ppath) + strlen(name) + 1;
+			len = snprintf("%s%s/", pathlen, ppath, name);
 			if (len >= pathlen) {
 				err = -EINVAL;
 				goto out;
 			}
 
-			strncpy(pathbuf, ppath, pathlen);
-			strncat(pathbuf, name, strlen(name));
-			strcat(pathbuf, "/");
-
 			err = bpmp_populate_debugfs_inband(bpmp, dentry,
 							   pathbuf);
 			if (err < 0)
-- 
2.27.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] firmware: tegra: fix strncpy()/strncat() confusion
  2020-10-26 16:10 [PATCH] firmware: tegra: fix strncpy()/strncat() confusion Arnd Bergmann
@ 2020-10-26 16:35 ` Arvind Sankar
  2020-10-26 16:40   ` Arnd Bergmann
  0 siblings, 1 reply; 4+ messages in thread
From: Arvind Sankar @ 2020-10-26 16:35 UTC (permalink / raw)
  To: Arnd Bergmann
  Cc: Thierry Reding, Jonathan Hunter, Arnd Bergmann, Thierry Reding,
	Timo Alho, linux-tegra, linux-kernel

On Mon, Oct 26, 2020 at 05:10:19PM +0100, Arnd Bergmann wrote:
> From: Arnd Bergmann <arnd@arndb.de>
> 
> The way that bpmp_populate_debugfs_inband() uses strncpy()
> and strncat() makes no sense since the size argument for
> the first is insufficient to contain the trailing '/'
> and the second passes the length of the input rather than
> the output, which triggers a warning:
> 
> In function 'strncat',
>     inlined from 'bpmp_populate_debugfs_inband' at ../drivers/firmware/tegra/bpmp-debugfs.c:422:4:
> include/linux/string.h:289:30: warning: '__builtin_strncat' specified bound depends on the length of the source argument [-Wstringop-overflow=]
>   289 | #define __underlying_strncat __builtin_strncat
>       |                              ^
> include/linux/string.h:367:10: note: in expansion of macro '__underlying_strncat'
>   367 |   return __underlying_strncat(p, q, count);
>       |          ^~~~~~~~~~~~~~~~~~~~
> drivers/firmware/tegra/bpmp-debugfs.c: In function 'bpmp_populate_debugfs_inband':
> include/linux/string.h:288:29: note: length computed here
>   288 | #define __underlying_strlen __builtin_strlen
>       |                             ^
> include/linux/string.h:321:10: note: in expansion of macro '__underlying_strlen'
>   321 |   return __underlying_strlen(p);
> 
> Simplify this to use an snprintf() instead.
> 
> Fixes: 5e37b9c137ee ("firmware: tegra: Add support for in-band debug")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> ---
>  drivers/firmware/tegra/bpmp-debugfs.c | 6 +-----
>  1 file changed, 1 insertion(+), 5 deletions(-)
> 
> diff --git a/drivers/firmware/tegra/bpmp-debugfs.c b/drivers/firmware/tegra/bpmp-debugfs.c
> index c1bbba9ee93a..9ec20ddc9a6b 100644
> --- a/drivers/firmware/tegra/bpmp-debugfs.c
> +++ b/drivers/firmware/tegra/bpmp-debugfs.c
> @@ -412,16 +412,12 @@ static int bpmp_populate_debugfs_inband(struct tegra_bpmp *bpmp,
>  				goto out;
>  			}
>  
> -			len = strlen(ppath) + strlen(name) + 1;
> +			len = snprintf("%s%s/", pathlen, ppath, name);

Didn't you get any warnings with this? It should be
			len = snprintf(pathbuf, pathlen, "%s%s/", ppath, name);
right?

>  			if (len >= pathlen) {
>  				err = -EINVAL;
>  				goto out;
>  			}
>  
> -			strncpy(pathbuf, ppath, pathlen);
> -			strncat(pathbuf, name, strlen(name));
> -			strcat(pathbuf, "/");
> -
>  			err = bpmp_populate_debugfs_inband(bpmp, dentry,
>  							   pathbuf);
>  			if (err < 0)
> -- 
> 2.27.0
> 

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] firmware: tegra: fix strncpy()/strncat() confusion
  2020-10-26 16:35 ` Arvind Sankar
@ 2020-10-26 16:40   ` Arnd Bergmann
  2020-10-26 16:48     ` Arnd Bergmann
  0 siblings, 1 reply; 4+ messages in thread
From: Arnd Bergmann @ 2020-10-26 16:40 UTC (permalink / raw)
  To: Arvind Sankar
  Cc: Thierry Reding, Jonathan Hunter, Thierry Reding, Timo Alho,
	open list:TEGRA ARCHITECTURE SUPPORT, linux-kernel

On Mon, Oct 26, 2020 at 5:35 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:

> > diff --git a/drivers/firmware/tegra/bpmp-debugfs.c b/drivers/firmware/tegra/bpmp-debugfs.c
> > index c1bbba9ee93a..9ec20ddc9a6b 100644
> > --- a/drivers/firmware/tegra/bpmp-debugfs.c
> > +++ b/drivers/firmware/tegra/bpmp-debugfs.c
> > @@ -412,16 +412,12 @@ static int bpmp_populate_debugfs_inband(struct tegra_bpmp *bpmp,
> >                               goto out;
> >                       }
> >
> > -                     len = strlen(ppath) + strlen(name) + 1;
> > +                     len = snprintf("%s%s/", pathlen, ppath, name);
>
> Didn't you get any warnings with this? It should be
>                         len = snprintf(pathbuf, pathlen, "%s%s/", ppath, name);
> right?
>

Eek, I did get a warning about a different issue in that one-line change and
fixed it up in the wrong way without testing again. Sorry about that.

I'll retest and resend.

      Arnd

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] firmware: tegra: fix strncpy()/strncat() confusion
  2020-10-26 16:40   ` Arnd Bergmann
@ 2020-10-26 16:48     ` Arnd Bergmann
  0 siblings, 0 replies; 4+ messages in thread
From: Arnd Bergmann @ 2020-10-26 16:48 UTC (permalink / raw)
  To: Arvind Sankar
  Cc: Thierry Reding, Jonathan Hunter, Thierry Reding, Timo Alho,
	open list:TEGRA ARCHITECTURE SUPPORT, linux-kernel

On Mon, Oct 26, 2020 at 5:40 PM Arnd Bergmann <arnd@kernel.org> wrote:
> On Mon, Oct 26, 2020 at 5:35 PM Arvind Sankar <nivedita@alum.mit.edu> wrote:
> > > diff --git a/drivers/firmware/tegra/bpmp-debugfs.c b/drivers/firmware/tegra/bpmp-debugfs.c
> > > index c1bbba9ee93a..9ec20ddc9a6b 100644
> > > --- a/drivers/firmware/tegra/bpmp-debugfs.c
> > > +++ b/drivers/firmware/tegra/bpmp-debugfs.c
> > > @@ -412,16 +412,12 @@ static int bpmp_populate_debugfs_inband(struct tegra_bpmp *bpmp,
> > >                               goto out;
> > >                       }
> > >
> > > -                     len = strlen(ppath) + strlen(name) + 1;
> > > +                     len = snprintf("%s%s/", pathlen, ppath, name);
> >
> > Didn't you get any warnings with this? It should be
> >                         len = snprintf(pathbuf, pathlen, "%s%s/", ppath, name);
> > right?
> >
>
> Eek, I did get a warning about a different issue in that one-line change and
> fixed it up in the wrong way without testing again. Sorry about that.

Actually it turns out that gcc did not warn about my broken version.
The argument types are (roughly) correct and as the third argument
is not a constant string it could not verify the format string. Maybe it
should have complained about the constant string used as an output,
but it doesn't seem to care about that.

       Arnd

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-10-26 16:50 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-26 16:10 [PATCH] firmware: tegra: fix strncpy()/strncat() confusion Arnd Bergmann
2020-10-26 16:35 ` Arvind Sankar
2020-10-26 16:40   ` Arnd Bergmann
2020-10-26 16:48     ` Arnd Bergmann

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.