From: andy at warmcat.com (Andy Green)
Subject: [PATCH 1/2] gcc8.1: fix strncpy bounds warnings
Date: Sat, 16 Jun 2018 21:12:08 +0800 [thread overview]
Message-ID: <14FAB8D8-6EAD-4EB1-B574-92FC5C6808CC@warmcat.com> (raw)
In-Reply-To: <20180616130448.GO1922@john.keeping.me.uk>
On June 16, 2018 9:04:48 PM GMT+08:00, John Keeping <john at keeping.me.uk> wrote:
>On Wed, Jun 13, 2018 at 07:33:59AM +0800, Andy Green wrote:
>> These warnings are coming on default Fedora 28 build and probably
>others using gcc 8.1
>>
>> ../shared.c: In function ?expand_macro?:
>> ../shared.c:483:3: warning: ?strncpy? specified bound depends on the
>length of the source argument [-Wstringop-overflow=]
>> strncpy(name, value, len);
>> ^~~~~~~~~~~~~~~~~~~~~~~~~
>> ../shared.c:480:9: note: length computed here
>> len = strlen(value);
>> ^~~~~~~~~~~~~
>>
>> strncpy with a computed length via strlen is usually
>> not the right thing.
>>
>> ../ui-shared.c: In function ?cgit_repobasename?:
>> ../ui-shared.c:135:2: warning: ?strncpy? specified bound 1024 equals
>destination size [-Wstringop-truncation]
>> strncpy(rvbuf, reponame, sizeof(rvbuf));
>> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> add one char of padding and adjust so the code does the same.
>>
>> Signed-off-by: Andy Green <andy at warmcat.com>
>> ---
>> shared.c | 2 +-
>> ui-shared.c | 7 ++++---
>> 2 files changed, 5 insertions(+), 4 deletions(-)
>>
>> diff --git a/shared.c b/shared.c
>> index 21ac8f4..477db0a 100644
>> --- a/shared.c
>> +++ b/shared.c
>> @@ -480,7 +480,7 @@ static char *expand_macro(char *name, int
>maxlength)
>> len = strlen(value);
>> if (len > maxlength)
>> len = maxlength;
>> - strncpy(name, value, len);
>> + memcpy(name, value, len);
>
>This is a change in behaviour because strncpy is guaranteed to null
>terminate the output (even writing one beyond len if necessary) whereas
>memcpy does not.
Eh... are you sure about that? It's not my understanding, and --->
https://linux.die.net/man/3/strncpy
The strncpy() function is similar, except that at most n bytes of src are copied. Warning: If there is no null byte among the first n bytes of src, the string placed in dest will not be null-terminated.
>But I think we can improve this by removing the fixed buffer completely
>and using struct strbuf to build the value (then return the allocated
>buffer and rely on the caller to free it). I'll follow up with a
>couple
>of patches that make this change.
I just did the minimal change to resolve the warning. If that's solution's better for larger reasons by all means.
>> }
>> return name + len;
>> }
>> diff --git a/ui-shared.c b/ui-shared.c
>> index 9d8f66b..6656bd5 100644
>> --- a/ui-shared.c
>> +++ b/ui-shared.c
>> @@ -129,11 +129,12 @@ char *cgit_pageurl(const char *reponame, const
>char *pagename,
>> const char *cgit_repobasename(const char *reponame)
>> {
>> /* I assume we don't need to store more than one repo basename */
>> - static char rvbuf[1024];
>> + static char rvbuf[1025];
>
>This is just an arbitrary size, so I think it can stay at 1024.
>
>However, again, I think there's a better way to do this! We don't need
>to copy the full reponame and modify it, why not figure out the start
>and end of the basename in reponame and then strncpy the relevant
>substring into rvbuf?
Same as above, if you prefer a larger refactor rather than just fix the warning, no worries.
-Andy
>> int p;
>> const char *rv;
>> - strncpy(rvbuf, reponame, sizeof(rvbuf));
>> - if (rvbuf[sizeof(rvbuf)-1])
>> +
>> + strncpy(rvbuf, reponame, sizeof(rvbuf) - 1);
>> + if (rvbuf[sizeof(rvbuf) - 2])
>> die("cgit_repobasename: truncated repository name '%s'",
>reponame);
>> p = strlen(rvbuf)-1;
>> /* strip trailing slashes */
>>
>> _______________________________________________
>> CGit mailing list
>> CGit at lists.zx2c4.com
>> https://lists.zx2c4.com/mailman/listinfo/cgit
next prev parent reply other threads:[~2018-06-16 13:12 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-12 23:33 andy
2018-06-12 23:34 ` [PATCH 2/2] gcc8.1: fix strcat warning andy
2018-06-16 13:11 ` john
2018-06-16 21:52 ` list
2018-06-17 2:28 ` andy
2018-06-16 13:04 ` [PATCH 1/2] gcc8.1: fix strncpy bounds warnings john
2018-06-16 13:07 ` [PATCH 1/2] shared: allocate return value from expand_macros() john
2018-06-16 13:07 ` [PATCH 2/2] shared: use strbuf for expanding macros john
2018-06-16 13:12 ` andy [this message]
2018-06-16 14:14 ` [PATCH 1/2] gcc8.1: fix strncpy bounds warnings john
2018-06-26 11:36 ` [PATCH v2 0/2] " andy
2018-06-26 11:36 ` [PATCH v2 1/2] " andy
2018-06-26 11:36 ` [PATCH v2 2/2] cgit_repobasename: convert to allocated result andy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=14FAB8D8-6EAD-4EB1-B574-92FC5C6808CC@warmcat.com \
--to=cgit@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).