qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [PATCH-for-7.2 v2] libvduse: Avoid warning about dangerous use of strncpy()
@ 2022-11-11 12:45 Philippe Mathieu-Daudé
  2022-11-11 15:00 ` Bin Meng
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Philippe Mathieu-Daudé @ 2022-11-11 12:45 UTC (permalink / raw)
  To: qemu-devel
  Cc: Xie Yongji, Stefan Hajnoczi, Bin Meng,
	Philippe Mathieu-Daudé,
	Markus Armbruster, Philippe Mathieu-Daudé,
	Kevin Wolf

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

GCC 8 added a -Wstringop-truncation warning:

  The -Wstringop-truncation warning added in GCC 8.0 via r254630 for
  bug 81117 is specifically intended to highlight likely unintended
  uses of the strncpy function that truncate the terminating NUL
  character from the source string.

Here the next line indeed unconditionally zeroes the last byte, but
1/ the buffer has been calloc'd, so we don't need to add an extra
byte, and 2/ we called vduse_name_is_invalid() which checked the
string length, so we can simply call strcpy().

This fixes when using gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0:

  [42/666] Compiling C object subprojects/libvduse/libvduse.a.p/libvduse.c.o
  FAILED: subprojects/libvduse/libvduse.a.p/libvduse.c.o
  cc -m64 -mcx16 -Isubprojects/libvduse/libvduse.a.p -Isubprojects/libvduse -I../../subprojects/libvduse [...] -o subprojects/libvduse/libvduse.a.p/libvduse.c.o -c ../../subprojects/libvduse/libvduse.c
  In file included from /usr/include/string.h:495,
                   from ../../subprojects/libvduse/libvduse.c:24:
  In function ‘strncpy’,
      inlined from ‘vduse_dev_create’ at ../../subprojects/libvduse/libvduse.c:1312:5:
  /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 256 equals destination size [-Werror=stringop-truncation]
    106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
        |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  cc1: all warnings being treated as errors
  ninja: build stopped: cannot make progress due to previous errors.

Fixes: d9cf16c0be ("libvduse: Replace strcpy() with strncpy()")
Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
Supersedes: <20220919192306.52729-1-f4bug@amsat.org>
Cc: Xie Yongji <xieyongji@bytedance.com>
Cc: Kevin Wolf <kwolf@redhat.com>
---
 subprojects/libvduse/libvduse.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/subprojects/libvduse/libvduse.c b/subprojects/libvduse/libvduse.c
index 1a5981445c..e089d4d546 100644
--- a/subprojects/libvduse/libvduse.c
+++ b/subprojects/libvduse/libvduse.c
@@ -1309,8 +1309,8 @@ VduseDev *vduse_dev_create(const char *name, uint32_t device_id,
         goto err_dev;
     }
 
-    strncpy(dev_config->name, name, VDUSE_NAME_MAX);
-    dev_config->name[VDUSE_NAME_MAX - 1] = '\0';
+    assert(!vduse_name_is_invalid(name));
+    strcpy(dev_config->name, name);
     dev_config->device_id = device_id;
     dev_config->vendor_id = vendor_id;
     dev_config->features = features;
-- 
2.38.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH-for-7.2 v2] libvduse: Avoid warning about dangerous use of strncpy()
  2022-11-11 12:45 [PATCH-for-7.2 v2] libvduse: Avoid warning about dangerous use of strncpy() Philippe Mathieu-Daudé
@ 2022-11-11 15:00 ` Bin Meng
  2022-11-11 16:50 ` Stefan Hajnoczi
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Bin Meng @ 2022-11-11 15:00 UTC (permalink / raw)
  To: philmd; +Cc: armbru, bin.meng, f4bug, kwolf, qemu-devel, stefanha, xieyongji

> From: Philippe Mathieu-Daudé <f4bug@amsat.org>
> 
> GCC 8 added a -Wstringop-truncation warning:
> 
>   The -Wstringop-truncation warning added in GCC 8.0 via r254630 for
>   bug 81117 is specifically intended to highlight likely unintended
>   uses of the strncpy function that truncate the terminating NUL
>   character from the source string.
> 
> Here the next line indeed unconditionally zeroes the last byte, but
> 1/ the buffer has been calloc'd, so we don't need to add an extra
> byte, and 2/ we called vduse_name_is_invalid() which checked the
> string length, so we can simply call strcpy().
> 
> This fixes when using gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0:
> 
>   [42/666] Compiling C object subprojects/libvduse/libvduse.a.p/libvduse.c.o
>   FAILED: subprojects/libvduse/libvduse.a.p/libvduse.c.o
>   cc -m64 -mcx16 -Isubprojects/libvduse/libvduse.a.p -Isubprojects/libvduse -I../../subprojects/libvduse [...] -o subprojects/libvduse/libvduse.a.p/libvduse.c.o -c ../../subprojects/libvduse/libvduse.c
>   In file included from /usr/include/string.h:495,
>                    from ../../subprojects/libvduse/libvduse.c:24:
>   In function ‘strncpy’,
>       inlined from ‘vduse_dev_create’ at ../../subprojects/libvduse/libvduse.c:1312:5:
>   /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 256 equals destination size [-Werror=stringop-truncation]
>     106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
>         |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   cc1: all warnings being treated as errors
>   ninja: build stopped: cannot make progress due to previous errors.
> 
> Fixes: d9cf16c0be ("libvduse: Replace strcpy() with strncpy()")
> Suggested-by: Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> ---
> Supersedes: <20220919192306.52729-1-f4bug@amsat.org>
> Cc: Xie Yongji <xieyongji@bytedance.com>
> Cc: Kevin Wolf <kwolf@redhat.com>
> ---
>  subprojects/libvduse/libvduse.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

Tested-by: Bin Meng <bmeng@tinylab.org>


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH-for-7.2 v2] libvduse: Avoid warning about dangerous use of strncpy()
  2022-11-11 12:45 [PATCH-for-7.2 v2] libvduse: Avoid warning about dangerous use of strncpy() Philippe Mathieu-Daudé
  2022-11-11 15:00 ` Bin Meng
@ 2022-11-11 16:50 ` Stefan Hajnoczi
  2022-11-12  7:53 ` Yongji Xie
  2022-11-13 11:31 ` Stefan Hajnoczi
  3 siblings, 0 replies; 5+ messages in thread
From: Stefan Hajnoczi @ 2022-11-11 16:50 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé
  Cc: qemu-devel, Xie Yongji, Stefan Hajnoczi, Bin Meng,
	Philippe Mathieu-Daudé,
	Markus Armbruster, Kevin Wolf

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH-for-7.2 v2] libvduse: Avoid warning about dangerous use of strncpy()
  2022-11-11 12:45 [PATCH-for-7.2 v2] libvduse: Avoid warning about dangerous use of strncpy() Philippe Mathieu-Daudé
  2022-11-11 15:00 ` Bin Meng
  2022-11-11 16:50 ` Stefan Hajnoczi
@ 2022-11-12  7:53 ` Yongji Xie
  2022-11-13 11:31 ` Stefan Hajnoczi
  3 siblings, 0 replies; 5+ messages in thread
From: Yongji Xie @ 2022-11-12  7:53 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé
  Cc: qemu devel list, Stefan Hajnoczi, Bin Meng,
	Philippe Mathieu-Daudé,
	Markus Armbruster, Kevin Wolf

On Fri, Nov 11, 2022 at 8:45 PM Philippe Mathieu-Daudé
<philmd@linaro.org> wrote:
>
> From: Philippe Mathieu-Daudé <f4bug@amsat.org>
>
> GCC 8 added a -Wstringop-truncation warning:
>
>   The -Wstringop-truncation warning added in GCC 8.0 via r254630 for
>   bug 81117 is specifically intended to highlight likely unintended
>   uses of the strncpy function that truncate the terminating NUL
>   character from the source string.
>
> Here the next line indeed unconditionally zeroes the last byte, but
> 1/ the buffer has been calloc'd, so we don't need to add an extra
> byte, and 2/ we called vduse_name_is_invalid() which checked the
> string length, so we can simply call strcpy().
>
> This fixes when using gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0:
>
>   [42/666] Compiling C object subprojects/libvduse/libvduse.a.p/libvduse.c.o
>   FAILED: subprojects/libvduse/libvduse.a.p/libvduse.c.o
>   cc -m64 -mcx16 -Isubprojects/libvduse/libvduse.a.p -Isubprojects/libvduse -I../../subprojects/libvduse [...] -o subprojects/libvduse/libvduse.a.p/libvduse.c.o -c ../../subprojects/libvduse/libvduse.c
>   In file included from /usr/include/string.h:495,
>                    from ../../subprojects/libvduse/libvduse.c:24:
>   In function ‘strncpy’,
>       inlined from ‘vduse_dev_create’ at ../../subprojects/libvduse/libvduse.c:1312:5:
>   /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 256 equals destination size [-Werror=stringop-truncation]
>     106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
>         |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   cc1: all warnings being treated as errors
>   ninja: build stopped: cannot make progress due to previous errors.
>
> Fixes: d9cf16c0be ("libvduse: Replace strcpy() with strncpy()")
> Suggested-by: Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> ---
> Supersedes: <20220919192306.52729-1-f4bug@amsat.org>
> Cc: Xie Yongji <xieyongji@bytedance.com>
> Cc: Kevin Wolf <kwolf@redhat.com>
> ---
>  subprojects/libvduse/libvduse.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>

Reviewed-by: Xie Yongji <xieyongji@bytedance.com>


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH-for-7.2 v2] libvduse: Avoid warning about dangerous use of strncpy()
  2022-11-11 12:45 [PATCH-for-7.2 v2] libvduse: Avoid warning about dangerous use of strncpy() Philippe Mathieu-Daudé
                   ` (2 preceding siblings ...)
  2022-11-12  7:53 ` Yongji Xie
@ 2022-11-13 11:31 ` Stefan Hajnoczi
  3 siblings, 0 replies; 5+ messages in thread
From: Stefan Hajnoczi @ 2022-11-13 11:31 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé
  Cc: qemu-devel, Xie Yongji, Stefan Hajnoczi, Bin Meng,
	Philippe Mathieu-Daudé,
	Markus Armbruster, Kevin Wolf

On Fri, 11 Nov 2022 at 07:46, Philippe Mathieu-Daudé <philmd@linaro.org> wrote:
>
> From: Philippe Mathieu-Daudé <f4bug@amsat.org>
>
> GCC 8 added a -Wstringop-truncation warning:
>
>   The -Wstringop-truncation warning added in GCC 8.0 via r254630 for
>   bug 81117 is specifically intended to highlight likely unintended
>   uses of the strncpy function that truncate the terminating NUL
>   character from the source string.
>
> Here the next line indeed unconditionally zeroes the last byte, but
> 1/ the buffer has been calloc'd, so we don't need to add an extra
> byte, and 2/ we called vduse_name_is_invalid() which checked the
> string length, so we can simply call strcpy().
>
> This fixes when using gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0:
>
>   [42/666] Compiling C object subprojects/libvduse/libvduse.a.p/libvduse.c.o
>   FAILED: subprojects/libvduse/libvduse.a.p/libvduse.c.o
>   cc -m64 -mcx16 -Isubprojects/libvduse/libvduse.a.p -Isubprojects/libvduse -I../../subprojects/libvduse [...] -o subprojects/libvduse/libvduse.a.p/libvduse.c.o -c ../../subprojects/libvduse/libvduse.c
>   In file included from /usr/include/string.h:495,
>                    from ../../subprojects/libvduse/libvduse.c:24:
>   In function ‘strncpy’,
>       inlined from ‘vduse_dev_create’ at ../../subprojects/libvduse/libvduse.c:1312:5:
>   /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 256 equals destination size [-Werror=stringop-truncation]
>     106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
>         |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   cc1: all warnings being treated as errors
>   ninja: build stopped: cannot make progress due to previous errors.
>
> Fixes: d9cf16c0be ("libvduse: Replace strcpy() with strncpy()")
> Suggested-by: Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> ---
> Supersedes: <20220919192306.52729-1-f4bug@amsat.org>
> Cc: Xie Yongji <xieyongji@bytedance.com>
> Cc: Kevin Wolf <kwolf@redhat.com>
> ---
>  subprojects/libvduse/libvduse.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

Applied to qemu.git/master.

Thanks,
Stefan


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2022-11-13 11:32 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-11 12:45 [PATCH-for-7.2 v2] libvduse: Avoid warning about dangerous use of strncpy() Philippe Mathieu-Daudé
2022-11-11 15:00 ` Bin Meng
2022-11-11 16:50 ` Stefan Hajnoczi
2022-11-12  7:53 ` Yongji Xie
2022-11-13 11:31 ` Stefan Hajnoczi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).