* [PATCH nft] src: osf: fix snprintf -Wformat-truncation warning
@ 2019-07-18 11:01 Fernando Fernandez Mancera
2019-07-20 20:21 ` Phil Sutter
0 siblings, 1 reply; 4+ messages in thread
From: Fernando Fernandez Mancera @ 2019-07-18 11:01 UTC (permalink / raw)
To: netfilter-devel; +Cc: Fernando Fernandez Mancera, Florian Westphal
Fedora 30 uses very recent gcc (version 9.1.1 20190503 (Red Hat 9.1.1-1)),
osf produces following warnings:
-Wformat-truncation warning have been introduced in the version 7.1 of gcc.
Also, remove a unneeded address check of "tmp + 1" in nf_osf_strchr().
nfnl_osf.c: In function ‘nfnl_osf_load_fingerprints’:
nfnl_osf.c:292:39: warning: ‘%s’ directive output may be truncated writing
up to 1023 bytes into a region of size 128 [-Wformat-truncation=]
292 | cnt = snprintf(obuf, sizeof(obuf), "%s,", pbeg);
| ^~
nfnl_osf.c:292:9: note: ‘snprintf’ output between 2 and 1025 bytes into a
destination of size 128
292 | cnt = snprintf(obuf, sizeof(obuf), "%s,", pbeg);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nfnl_osf.c:302:46: warning: ‘%s’ directive output may be truncated writing
up to 1023 bytes into a region of size 32 [-Wformat-truncation=]
302 | cnt = snprintf(f.genre, sizeof(f.genre), "%s", pbeg);
| ^~
nfnl_osf.c:302:10: note: ‘snprintf’ output between 1 and 1024 bytes into a
destination of size 32
302 | cnt = snprintf(f.genre, sizeof(f.genre), "%s", pbeg);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nfnl_osf.c:309:49: warning: ‘%s’ directive output may be truncated writing
up to 1023 bytes into a region of size 32 [-Wformat-truncation=]
309 | cnt = snprintf(f.version, sizeof(f.version), "%s", pbeg);
| ^~
nfnl_osf.c:309:9: note: ‘snprintf’ output between 1 and 1024 bytes into a
destination of size 32
309 | cnt = snprintf(f.version, sizeof(f.version), "%s", pbeg);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nfnl_osf.c:317:47: warning: ‘%s’ directive output may be truncated writing
up to 1023 bytes into a region of size 32 [-Wformat-truncation=]
317 | snprintf(f.subtype, sizeof(f.subtype), "%s", pbeg);
| ^~
nfnl_osf.c:317:7: note: ‘snprintf’ output between 1 and 1024 bytes into a
destination of size 32
317 | snprintf(f.subtype, sizeof(f.subtype), "%s", pbeg);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reported-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
---
src/nfnl_osf.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/nfnl_osf.c b/src/nfnl_osf.c
index be3fd81..c99f8f3 100644
--- a/src/nfnl_osf.c
+++ b/src/nfnl_osf.c
@@ -81,7 +81,7 @@ static char *nf_osf_strchr(char *ptr, char c)
if (tmp)
*tmp = '\0';
- while (tmp && tmp + 1 && isspace(*(tmp + 1)))
+ while (tmp && isspace(*(tmp + 1)))
tmp++;
return tmp;
@@ -212,7 +212,7 @@ static int osf_load_line(char *buffer, int len, int del,
struct netlink_ctx *ctx)
{
int i, cnt = 0;
- char obuf[MAXOPTSTRLEN];
+ char obuf[MAXOPTSTRLEN + 1];
struct nf_osf_user_finger f;
char *pbeg, *pend;
struct nlmsghdr *nlh;
@@ -289,7 +289,7 @@ static int osf_load_line(char *buffer, int len, int del,
pend = nf_osf_strchr(pbeg, OSFPDEL);
if (pend) {
*pend = '\0';
- cnt = snprintf(obuf, sizeof(obuf), "%s,", pbeg);
+ cnt = snprintf(obuf, sizeof(obuf), "%.128s", pbeg);
pbeg = pend + 1;
}
@@ -297,16 +297,16 @@ static int osf_load_line(char *buffer, int len, int del,
if (pend) {
*pend = '\0';
if (pbeg[0] == '@' || pbeg[0] == '*')
- cnt = snprintf(f.genre, sizeof(f.genre), "%s", pbeg + 1);
+ cnt = snprintf(f.genre, sizeof(f.genre), "%.31s", pbeg + 1);
else
- cnt = snprintf(f.genre, sizeof(f.genre), "%s", pbeg);
+ cnt = snprintf(f.genre, sizeof(f.genre), "%.31s", pbeg);
pbeg = pend + 1;
}
pend = nf_osf_strchr(pbeg, OSFPDEL);
if (pend) {
*pend = '\0';
- cnt = snprintf(f.version, sizeof(f.version), "%s", pbeg);
+ cnt = snprintf(f.version, sizeof(f.version), "%.31s", pbeg);
pbeg = pend + 1;
}
@@ -314,7 +314,7 @@ static int osf_load_line(char *buffer, int len, int del,
if (pend) {
*pend = '\0';
cnt =
- snprintf(f.subtype, sizeof(f.subtype), "%s", pbeg);
+ snprintf(f.subtype, sizeof(f.subtype), "%.31s", pbeg);
pbeg = pend + 1;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH nft] src: osf: fix snprintf -Wformat-truncation warning
2019-07-18 11:01 [PATCH nft] src: osf: fix snprintf -Wformat-truncation warning Fernando Fernandez Mancera
@ 2019-07-20 20:21 ` Phil Sutter
2019-07-21 9:59 ` Fernando Fernandez Mancera
0 siblings, 1 reply; 4+ messages in thread
From: Phil Sutter @ 2019-07-20 20:21 UTC (permalink / raw)
To: Fernando Fernandez Mancera; +Cc: netfilter-devel, Florian Westphal
Hi Fernando,
On Thu, Jul 18, 2019 at 01:01:46PM +0200, Fernando Fernandez Mancera wrote:
> Fedora 30 uses very recent gcc (version 9.1.1 20190503 (Red Hat 9.1.1-1)),
> osf produces following warnings:
>
> -Wformat-truncation warning have been introduced in the version 7.1 of gcc.
> Also, remove a unneeded address check of "tmp + 1" in nf_osf_strchr().
>
> nfnl_osf.c: In function ‘nfnl_osf_load_fingerprints’:
> nfnl_osf.c:292:39: warning: ‘%s’ directive output may be truncated writing
> up to 1023 bytes into a region of size 128 [-Wformat-truncation=]
> 292 | cnt = snprintf(obuf, sizeof(obuf), "%s,", pbeg);
> | ^~
> nfnl_osf.c:292:9: note: ‘snprintf’ output between 2 and 1025 bytes into a
> destination of size 128
> 292 | cnt = snprintf(obuf, sizeof(obuf), "%s,", pbeg);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> nfnl_osf.c:302:46: warning: ‘%s’ directive output may be truncated writing
> up to 1023 bytes into a region of size 32 [-Wformat-truncation=]
> 302 | cnt = snprintf(f.genre, sizeof(f.genre), "%s", pbeg);
> | ^~
> nfnl_osf.c:302:10: note: ‘snprintf’ output between 1 and 1024 bytes into a
> destination of size 32
> 302 | cnt = snprintf(f.genre, sizeof(f.genre), "%s", pbeg);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> nfnl_osf.c:309:49: warning: ‘%s’ directive output may be truncated writing
> up to 1023 bytes into a region of size 32 [-Wformat-truncation=]
> 309 | cnt = snprintf(f.version, sizeof(f.version), "%s", pbeg);
> | ^~
> nfnl_osf.c:309:9: note: ‘snprintf’ output between 1 and 1024 bytes into a
> destination of size 32
> 309 | cnt = snprintf(f.version, sizeof(f.version), "%s", pbeg);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> nfnl_osf.c:317:47: warning: ‘%s’ directive output may be truncated writing
> up to 1023 bytes into a region of size 32 [-Wformat-truncation=]
> 317 | snprintf(f.subtype, sizeof(f.subtype), "%s", pbeg);
> | ^~
> nfnl_osf.c:317:7: note: ‘snprintf’ output between 1 and 1024 bytes into a
> destination of size 32
> 317 | snprintf(f.subtype, sizeof(f.subtype), "%s", pbeg);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Reported-by: Florian Westphal <fw@strlen.de>
> Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
> ---
> src/nfnl_osf.c | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/src/nfnl_osf.c b/src/nfnl_osf.c
> index be3fd81..c99f8f3 100644
> --- a/src/nfnl_osf.c
> +++ b/src/nfnl_osf.c
> @@ -81,7 +81,7 @@ static char *nf_osf_strchr(char *ptr, char c)
> if (tmp)
> *tmp = '\0';
>
> - while (tmp && tmp + 1 && isspace(*(tmp + 1)))
> + while (tmp && isspace(*(tmp + 1)))
> tmp++;
>
> return tmp;
> @@ -212,7 +212,7 @@ static int osf_load_line(char *buffer, int len, int del,
> struct netlink_ctx *ctx)
> {
> int i, cnt = 0;
> - char obuf[MAXOPTSTRLEN];
> + char obuf[MAXOPTSTRLEN + 1];
> struct nf_osf_user_finger f;
> char *pbeg, *pend;
> struct nlmsghdr *nlh;
> @@ -289,7 +289,7 @@ static int osf_load_line(char *buffer, int len, int del,
> pend = nf_osf_strchr(pbeg, OSFPDEL);
> if (pend) {
> *pend = '\0';
> - cnt = snprintf(obuf, sizeof(obuf), "%s,", pbeg);
> + cnt = snprintf(obuf, sizeof(obuf), "%.128s", pbeg);
Not a big deal, but sizeof() and hard-coding the "precision" doesn't mix
well in my opinion. I've solved this like so:
i = sizeof(obuf);
cnt = snprintf(obuf, i, "%.*s,", i - 2, pbeg);
(i - 2) to leave space for the trailing comma and nul-char. Also note
that your patch drops the trailing comma, I guess that's a bug.
Maybe you want to have a look at my patch (Message-ID
20190720185226.8876-2-phil@nwl.cc) and incorporate what's useful into
yours? It's your code, so you should know better how to fix things. :)
Thanks, Phil
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH nft] src: osf: fix snprintf -Wformat-truncation warning
2019-07-20 20:21 ` Phil Sutter
@ 2019-07-21 9:59 ` Fernando Fernandez Mancera
2019-07-21 10:43 ` Phil Sutter
0 siblings, 1 reply; 4+ messages in thread
From: Fernando Fernandez Mancera @ 2019-07-21 9:59 UTC (permalink / raw)
To: Phil Sutter; +Cc: netfilter-devel, Florian Westphal
Hi Phil,
On 7/20/19 10:21 PM, Phil Sutter wrote:
> Hi Fernando,
>
> On Thu, Jul 18, 2019 at 01:01:46PM +0200, Fernando Fernandez Mancera wrote:
>> Fedora 30 uses very recent gcc (version 9.1.1 20190503 (Red Hat 9.1.1-1)),
>> osf produces following warnings:
>>
>> -Wformat-truncation warning have been introduced in the version 7.1 of gcc.
>> Also, remove a unneeded address check of "tmp + 1" in nf_osf_strchr().
>>
>> nfnl_osf.c: In function ‘nfnl_osf_load_fingerprints’:
>> nfnl_osf.c:292:39: warning: ‘%s’ directive output may be truncated writing
>> up to 1023 bytes into a region of size 128 [-Wformat-truncation=]
>> 292 | cnt = snprintf(obuf, sizeof(obuf), "%s,", pbeg);
>> | ^~
>> nfnl_osf.c:292:9: note: ‘snprintf’ output between 2 and 1025 bytes into a
>> destination of size 128
>> 292 | cnt = snprintf(obuf, sizeof(obuf), "%s,", pbeg);
>> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> nfnl_osf.c:302:46: warning: ‘%s’ directive output may be truncated writing
>> up to 1023 bytes into a region of size 32 [-Wformat-truncation=]
>> 302 | cnt = snprintf(f.genre, sizeof(f.genre), "%s", pbeg);
>> | ^~
>> nfnl_osf.c:302:10: note: ‘snprintf’ output between 1 and 1024 bytes into a
>> destination of size 32
>> 302 | cnt = snprintf(f.genre, sizeof(f.genre), "%s", pbeg);
>> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> nfnl_osf.c:309:49: warning: ‘%s’ directive output may be truncated writing
>> up to 1023 bytes into a region of size 32 [-Wformat-truncation=]
>> 309 | cnt = snprintf(f.version, sizeof(f.version), "%s", pbeg);
>> | ^~
>> nfnl_osf.c:309:9: note: ‘snprintf’ output between 1 and 1024 bytes into a
>> destination of size 32
>> 309 | cnt = snprintf(f.version, sizeof(f.version), "%s", pbeg);
>> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> nfnl_osf.c:317:47: warning: ‘%s’ directive output may be truncated writing
>> up to 1023 bytes into a region of size 32 [-Wformat-truncation=]
>> 317 | snprintf(f.subtype, sizeof(f.subtype), "%s", pbeg);
>> | ^~
>> nfnl_osf.c:317:7: note: ‘snprintf’ output between 1 and 1024 bytes into a
>> destination of size 32
>> 317 | snprintf(f.subtype, sizeof(f.subtype), "%s", pbeg);
>> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> Reported-by: Florian Westphal <fw@strlen.de>
>> Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
>> ---
>> src/nfnl_osf.c | 14 +++++++-------
>> 1 file changed, 7 insertions(+), 7 deletions(-)
>>
>> diff --git a/src/nfnl_osf.c b/src/nfnl_osf.c
>> index be3fd81..c99f8f3 100644
>> --- a/src/nfnl_osf.c
>> +++ b/src/nfnl_osf.c
>> @@ -81,7 +81,7 @@ static char *nf_osf_strchr(char *ptr, char c)
>> if (tmp)
>> *tmp = '\0';
>>
>> - while (tmp && tmp + 1 && isspace(*(tmp + 1)))
>> + while (tmp && isspace(*(tmp + 1)))
>> tmp++;
>>
>> return tmp;
>> @@ -212,7 +212,7 @@ static int osf_load_line(char *buffer, int len, int del,
>> struct netlink_ctx *ctx)
>> {
>> int i, cnt = 0;
>> - char obuf[MAXOPTSTRLEN];
>> + char obuf[MAXOPTSTRLEN + 1];
>> struct nf_osf_user_finger f;
>> char *pbeg, *pend;
>> struct nlmsghdr *nlh;
>> @@ -289,7 +289,7 @@ static int osf_load_line(char *buffer, int len, int del,
>> pend = nf_osf_strchr(pbeg, OSFPDEL);
>> if (pend) {
>> *pend = '\0';
>> - cnt = snprintf(obuf, sizeof(obuf), "%s,", pbeg);
>> + cnt = snprintf(obuf, sizeof(obuf), "%.128s", pbeg);
>
> Not a big deal, but sizeof() and hard-coding the "precision" doesn't mix
> well in my opinion. I've solved this like so:
>
> i = sizeof(obuf);
> cnt = snprintf(obuf, i, "%.*s,", i - 2, pbeg);
>
> (i - 2) to leave space for the trailing comma and nul-char. Also note
> that your patch drops the trailing comma, I guess that's a bug.
>
Oh! I am really happy that you spotted the missing trailing comma,
thanks! :-)
> Maybe you want to have a look at my patch (Message-ID
> 20190720185226.8876-2-phil@nwl.cc) and incorporate what's useful into
> yours? It's your code, so you should know better how to fix things. :)
>
> Thanks, Phil
>
I think your code is more readable than mine. I am going to send a v2
patch with your code but also adding the following fix.
- while (tmp && tmp + 1 && isspace(*(tmp + 1)))
+ while (tmp && isspace(*(tmp + 1)))
I am going to send a similar patch for the iptables tree because this
file was imported from iptables.git/utils/nfnl_osf.c.
Thanks!
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH nft] src: osf: fix snprintf -Wformat-truncation warning
2019-07-21 9:59 ` Fernando Fernandez Mancera
@ 2019-07-21 10:43 ` Phil Sutter
0 siblings, 0 replies; 4+ messages in thread
From: Phil Sutter @ 2019-07-21 10:43 UTC (permalink / raw)
To: Fernando Fernandez Mancera; +Cc: netfilter-devel, Florian Westphal
Hi,
On Sun, Jul 21, 2019 at 11:59:14AM +0200, Fernando Fernandez Mancera wrote:
[...]
> I think your code is more readable than mine. I am going to send a v2
> patch with your code but also adding the following fix.
>
> - while (tmp && tmp + 1 && isspace(*(tmp + 1)))
> + while (tmp && isspace(*(tmp + 1)))
>
> I am going to send a similar patch for the iptables tree because this
> file was imported from iptables.git/utils/nfnl_osf.c.
Sounds great, thanks a lot!
Cheers, Phil
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-07-21 10:43 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-18 11:01 [PATCH nft] src: osf: fix snprintf -Wformat-truncation warning Fernando Fernandez Mancera
2019-07-20 20:21 ` Phil Sutter
2019-07-21 9:59 ` Fernando Fernandez Mancera
2019-07-21 10:43 ` Phil Sutter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).