* [musl] [PATCH 0/3] mntent: fix parsing lines with optional fields @ 2021-08-21 8:54 Alyssa Ross 2021-08-21 8:54 ` [musl] [PATCH libc-test 1/3] functional: add mntent test Alyssa Ross ` (2 more replies) 0 siblings, 3 replies; 7+ messages in thread From: Alyssa Ross @ 2021-08-21 8:54 UTC (permalink / raw) To: musl; +Cc: Alyssa Ross This series introduces tests for libc-test that demonstrate a Musl bug, and follows them with a fix for that bug. I hope I've done this right! I wasn't sure where to send libc-test patches, and I hope combining the libc-test and musl patches into a single series like this isn't confusing. -- 2.32.0 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [musl] [PATCH libc-test 1/3] functional: add mntent test 2021-08-21 8:54 [musl] [PATCH 0/3] mntent: fix parsing lines with optional fields Alyssa Ross @ 2021-08-21 8:54 ` Alyssa Ross 2021-08-21 8:54 ` [musl] [PATCH libc-test 2/3] functional: add mntent test for single-field line Alyssa Ross 2021-08-21 8:54 ` [musl] [PATCH musl 3/3] mntent: fix parsing lines with optional fields Alyssa Ross 2 siblings, 0 replies; 7+ messages in thread From: Alyssa Ross @ 2021-08-21 8:54 UTC (permalink / raw) To: musl; +Cc: Alyssa Ross This only checks reading an fstab from an stream. I haven't written tests for either setmntent(), addmntent(), or hasmntnent(). test_getmntent exposes a bug in Musl where lines omitting the final two fields, which are supposed to be optional according to fstab(5), are not accepted. The tests all pass on Glibc. --- AUTHORS | 1 + src/functional/mntent.c | 76 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+) create mode 100644 src/functional/mntent.c diff --git a/AUTHORS b/AUTHORS index ff99471..cf2a394 100644 --- a/AUTHORS +++ b/AUTHORS @@ -5,3 +5,4 @@ John Spencer Jens Gustedt Alexander Monakov Julien Ramseier +Alyssa Ross diff --git a/src/functional/mntent.c b/src/functional/mntent.c new file mode 100644 index 0000000..59d816a --- /dev/null +++ b/src/functional/mntent.c @@ -0,0 +1,76 @@ +// SPDX-License-Identifier: MIT + +#define _DEFAULT_SOURCE // for getmntent_r + +#include <errno.h> +#include <mntent.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "test.h" + +#define ASSERT(x) do { \ + if (!(x)) { \ + t_error(#x " failed\n"); \ + exit(EXIT_FAILURE); \ + } \ + } while (0); + +#define ERR(fmt, ...) do { \ + t_error(fmt ": %s\n", ##__VA_ARGS__, strerror(errno)); \ + exit(EXIT_FAILURE); \ + } while (0) + +void test_getmntent_empty(void) +{ + char fstab[] = "\n"; + FILE *f = fmemopen((void *)fstab, sizeof fstab - 1, "r"); + if (!f) ERR("fmemopen"); + ASSERT(!getmntent(f)); + ASSERT(endmntent(f) == 1); +} + +void test_getmntent(void) +{ + // Checks that the fifth and sixth fields default to 0. + char fstab[] = "none /proc proc defaults\n"; + FILE *f = fmemopen((void *)fstab, sizeof fstab - 1, "r"); + if (!f) ERR("fmemopen"); + struct mntent *m = getmntent(f); + ASSERT(m); + ASSERT(!strcmp(m->mnt_fsname, "none")); + ASSERT(!strcmp(m->mnt_dir, "/proc")); + ASSERT(!strcmp(m->mnt_type, "proc")); + ASSERT(!strcmp(m->mnt_opts, "defaults")); + ASSERT(m->mnt_freq == 0); + ASSERT(m->mnt_passno == 0); + ASSERT(endmntent(f) == 1); +} + +void test_getmntent_r(void) +{ + struct mntent m, *r; + char fstab[] = "/dev/sda\t/\text4\trw,nosuid\t2\t1\n"; + char buf[sizeof(fstab)]; + + FILE *f = fmemopen((void *)fstab, sizeof fstab - 1, "r"); + if (!f) ERR("fmemopen"); + + r = getmntent_r(f, &m, buf, sizeof buf); + ASSERT(r == &m); + ASSERT(!strcmp(m.mnt_fsname, "/dev/sda")); + ASSERT(!strcmp(m.mnt_dir, "/")); + ASSERT(!strcmp(m.mnt_type, "ext4")); + ASSERT(!strcmp(m.mnt_opts, "rw,nosuid")); + ASSERT(m.mnt_freq == 2); + ASSERT(m.mnt_passno == 1); + ASSERT(endmntent(f) == 1); +} + +int main(void) +{ + test_getmntent_empty(); + test_getmntent(); + test_getmntent_r(); +} -- 2.32.0 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [musl] [PATCH libc-test 2/3] functional: add mntent test for single-field line 2021-08-21 8:54 [musl] [PATCH 0/3] mntent: fix parsing lines with optional fields Alyssa Ross 2021-08-21 8:54 ` [musl] [PATCH libc-test 1/3] functional: add mntent test Alyssa Ross @ 2021-08-21 8:54 ` Alyssa Ross 2021-08-21 8:54 ` [musl] [PATCH musl 3/3] mntent: fix parsing lines with optional fields Alyssa Ross 2 siblings, 0 replies; 7+ messages in thread From: Alyssa Ross @ 2021-08-21 8:54 UTC (permalink / raw) To: musl; +Cc: Alyssa Ross Glibc only requires a single field to be present in an fstab line to parse it, and will initialize all other string fields to the empty string. This test checks for that behaviour. --- I'm providing this test as a seperate patch to make it easy to pass on this test while still accepting the rest, because I'm not sure whether it's a good thing or not for Musl to allow fstab lines like this, even though Glibc does. src/functional/mntent.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/functional/mntent.c b/src/functional/mntent.c index 59d816a..caa7d33 100644 --- a/src/functional/mntent.c +++ b/src/functional/mntent.c @@ -31,6 +31,18 @@ void test_getmntent_empty(void) ASSERT(endmntent(f) == 1); } +void test_getmntent_short(void) +{ + char fstab[] = "1\n"; + FILE *f = fmemopen((void *)fstab, sizeof fstab - 1, "r"); + if (!f) ERR("fmemopen"); + struct mntent *m = getmntent(f); + ASSERT(m); + ASSERT(!strcmp(m->mnt_fsname, "1")); + ASSERT(!*m->mnt_dir); + ASSERT(endmntent(f) == 1); +} + void test_getmntent(void) { // Checks that the fifth and sixth fields default to 0. @@ -71,6 +83,7 @@ void test_getmntent_r(void) int main(void) { test_getmntent_empty(); + test_getmntent_short(); test_getmntent(); test_getmntent_r(); } -- 2.32.0 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [musl] [PATCH musl 3/3] mntent: fix parsing lines with optional fields 2021-08-21 8:54 [musl] [PATCH 0/3] mntent: fix parsing lines with optional fields Alyssa Ross 2021-08-21 8:54 ` [musl] [PATCH libc-test 1/3] functional: add mntent test Alyssa Ross 2021-08-21 8:54 ` [musl] [PATCH libc-test 2/3] functional: add mntent test for single-field line Alyssa Ross @ 2021-08-21 8:54 ` Alyssa Ross 2021-08-27 15:27 ` Érico Nogueira 2 siblings, 1 reply; 7+ messages in thread From: Alyssa Ross @ 2021-08-21 8:54 UTC (permalink / raw) To: musl; +Cc: Alyssa Ross According to fstab(5), the last two fields are optional, but this wasn't accepted by Musl. After this change, only the first field is required, which matches Glibc's behaviour. Using sscanf as before, it would have been impossible to differentiate between 0 fields and 4 fields, because sscanf would have returned 0 in both cases due to the use of assignment suppression and %n for the string fields (which is important to avoid copying any strings). So instead, before calling sscanf, initialize every string to the empty string, and then we can check which strings are empty afterwards to know how many fields were matched. --- We could also be stricter about it, and enforce that the first four fields are present, since the man page says only the last two are optional. Doing that would be a simple change of checking for the presence of mnt_opts instead of mnt_fsname at the end of my patch. src/misc/mntent.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/misc/mntent.c b/src/misc/mntent.c index eabb8200..5a68f0b9 100644 --- a/src/misc/mntent.c +++ b/src/misc/mntent.c @@ -21,7 +21,8 @@ int endmntent(FILE *f) struct mntent *getmntent_r(FILE *f, struct mntent *mnt, char *linebuf, int buflen) { - int cnt, n[8], use_internal = (linebuf == SENTINEL); + int use_internal = (linebuf == SENTINEL); + size_t len, i, n[8]; mnt->mnt_freq = 0; mnt->mnt_passno = 0; @@ -39,10 +40,14 @@ struct mntent *getmntent_r(FILE *f, struct mntent *mnt, char *linebuf, int bufle errno = ERANGE; return 0; } - cnt = sscanf(linebuf, " %n%*s%n %n%*s%n %n%*s%n %n%*s%n %d %d", - n, n+1, n+2, n+3, n+4, n+5, n+6, n+7, - &mnt->mnt_freq, &mnt->mnt_passno); - } while (cnt < 2 || linebuf[n[0]] == '#'); + + len = strlen(linebuf); + for (i = 0; i < sizeof n / sizeof *n; i++) n[i] = len; + if (sscanf(linebuf, " %n%*s%n %n%*s%n %n%*s%n %n%*s%n %d %d", + n, n+1, n+2, n+3, n+4, n+5, n+6, n+7, + &mnt->mnt_freq, &mnt->mnt_passno) == EOF && ferror(f)) + return 0; + } while (linebuf[n[0]] == '#'); linebuf[n[1]] = 0; linebuf[n[3]] = 0; @@ -54,6 +60,9 @@ struct mntent *getmntent_r(FILE *f, struct mntent *mnt, char *linebuf, int bufle mnt->mnt_type = linebuf+n[4]; mnt->mnt_opts = linebuf+n[6]; + if (!*mnt->mnt_fsname) + return 0; + return mnt; } -- 2.32.0 ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [musl] [PATCH musl 3/3] mntent: fix parsing lines with optional fields 2021-08-21 8:54 ` [musl] [PATCH musl 3/3] mntent: fix parsing lines with optional fields Alyssa Ross @ 2021-08-27 15:27 ` Érico Nogueira 2021-08-27 16:49 ` Rich Felker 0 siblings, 1 reply; 7+ messages in thread From: Érico Nogueira @ 2021-08-27 15:27 UTC (permalink / raw) To: musl; +Cc: Alyssa Ross On Sat Aug 21, 2021 at 5:54 AM -03, Alyssa Ross wrote: > According to fstab(5), the last two fields are optional, but this > wasn't accepted by Musl. After this change, only the first field is > required, which matches Glibc's behaviour. > > Using sscanf as before, it would have been impossible to differentiate > between 0 fields and 4 fields, because sscanf would have returned 0 in > both cases due to the use of assignment suppression and %n for the > string fields (which is important to avoid copying any strings). So > instead, before calling sscanf, initialize every string to the empty > string, and then we can check which strings are empty afterwards to > know how many fields were matched. Besides typing change noted below, the change sounds reasonable. If you want to fix another issue around mntent, hasmntopts has some troubles too :p > --- > > We could also be stricter about it, and enforce that the first four > fields are present, since the man page says only the last two are > optional. Doing that would be a simple change of checking for the > presence of mnt_opts instead of mnt_fsname at the end of my patch. > > src/misc/mntent.c | 18 +++++++++++++----- > 1 file changed, 13 insertions(+), 5 deletions(-) > > diff --git a/src/misc/mntent.c b/src/misc/mntent.c > index eabb8200..5a68f0b9 100644 > --- a/src/misc/mntent.c > +++ b/src/misc/mntent.c > @@ -21,7 +21,8 @@ int endmntent(FILE *f) > > struct mntent *getmntent_r(FILE *f, struct mntent *mnt, char *linebuf, > int buflen) > { > - int cnt, n[8], use_internal = (linebuf == SENTINEL); > + int use_internal = (linebuf == SENTINEL); > + size_t len, i, n[8]; Try avoiding unrelated changes in the commit, since they can introduce subtle bugs. In this case, making n size_t[] instead of int[] will lead to pointer type mismatches in the sscanf call, given that %n expects an int*. I don't know if *scanf guarantees it won't read enough to go past INT_MAX, though, so making a change to size_t[] and using %ln might make sense. Deferring to someone else to answer that. > > mnt->mnt_freq = 0; > mnt->mnt_passno = 0; > @@ -39,10 +40,14 @@ struct mntent *getmntent_r(FILE *f, struct mntent > *mnt, char *linebuf, int bufle > errno = ERANGE; > return 0; > } > - cnt = sscanf(linebuf, " %n%*s%n %n%*s%n %n%*s%n %n%*s%n %d %d", > - n, n+1, n+2, n+3, n+4, n+5, n+6, n+7, > - &mnt->mnt_freq, &mnt->mnt_passno); > - } while (cnt < 2 || linebuf[n[0]] == '#'); > + > + len = strlen(linebuf); > + for (i = 0; i < sizeof n / sizeof *n; i++) n[i] = len; > + if (sscanf(linebuf, " %n%*s%n %n%*s%n %n%*s%n %n%*s%n %d %d", > + n, n+1, n+2, n+3, n+4, n+5, n+6, n+7, > + &mnt->mnt_freq, &mnt->mnt_passno) == EOF && ferror(f)) > + return 0; > + } while (linebuf[n[0]] == '#'); > > linebuf[n[1]] = 0; > linebuf[n[3]] = 0; > @@ -54,6 +60,9 @@ struct mntent *getmntent_r(FILE *f, struct mntent > *mnt, char *linebuf, int bufle > mnt->mnt_type = linebuf+n[4]; > mnt->mnt_opts = linebuf+n[6]; > > + if (!*mnt->mnt_fsname) > + return 0; > + > return mnt; > } > > -- > 2.32.0 ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [musl] [PATCH musl 3/3] mntent: fix parsing lines with optional fields 2021-08-27 15:27 ` Érico Nogueira @ 2021-08-27 16:49 ` Rich Felker 2021-08-27 16:59 ` Rich Felker 0 siblings, 1 reply; 7+ messages in thread From: Rich Felker @ 2021-08-27 16:49 UTC (permalink / raw) To: Érico Nogueira; +Cc: musl, Alyssa Ross On Fri, Aug 27, 2021 at 12:27:36PM -0300, Érico Nogueira wrote: > On Sat Aug 21, 2021 at 5:54 AM -03, Alyssa Ross wrote: > > According to fstab(5), the last two fields are optional, but this > > wasn't accepted by Musl. After this change, only the first field is > > required, which matches Glibc's behaviour. > > > > Using sscanf as before, it would have been impossible to differentiate > > between 0 fields and 4 fields, because sscanf would have returned 0 in > > both cases due to the use of assignment suppression and %n for the > > string fields (which is important to avoid copying any strings). So > > instead, before calling sscanf, initialize every string to the empty > > string, and then we can check which strings are empty afterwards to > > know how many fields were matched. > > Besides typing change noted below, the change sounds reasonable. > > If you want to fix another issue around mntent, hasmntopts has some > troubles too :p > > > --- > > > > We could also be stricter about it, and enforce that the first four > > fields are present, since the man page says only the last two are > > optional. Doing that would be a simple change of checking for the > > presence of mnt_opts instead of mnt_fsname at the end of my patch. > > > > src/misc/mntent.c | 18 +++++++++++++----- > > 1 file changed, 13 insertions(+), 5 deletions(-) > > > > diff --git a/src/misc/mntent.c b/src/misc/mntent.c > > index eabb8200..5a68f0b9 100644 > > --- a/src/misc/mntent.c > > +++ b/src/misc/mntent.c > > @@ -21,7 +21,8 @@ int endmntent(FILE *f) > > > > struct mntent *getmntent_r(FILE *f, struct mntent *mnt, char *linebuf, > > int buflen) > > { > > - int cnt, n[8], use_internal = (linebuf == SENTINEL); > > + int use_internal = (linebuf == SENTINEL); > > + size_t len, i, n[8]; > > Try avoiding unrelated changes in the commit, since they can introduce > subtle bugs. In this case, making n size_t[] instead of int[] will lead > to pointer type mismatches in the sscanf call, given that %n expects an > int*. > > I don't know if *scanf guarantees it won't read enough to go past For *scanf in general there is no such guarantee; not even size_t is safe for fscanf. However, here you have sscanf and the number is bounded by strlen(linebuf). > INT_MAX, though, so making a change to size_t[] and using %ln might make > sense. Deferring to someone else to answer that. The conversion specifier for size_t is %zu not %ln. Since in theory strlen(linebuf) could be more than INT_MAX, I think this change should be made, but it should be a separate bugfix. Rich ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [musl] [PATCH musl 3/3] mntent: fix parsing lines with optional fields 2021-08-27 16:49 ` Rich Felker @ 2021-08-27 16:59 ` Rich Felker 0 siblings, 0 replies; 7+ messages in thread From: Rich Felker @ 2021-08-27 16:59 UTC (permalink / raw) To: Érico Nogueira; +Cc: musl, Alyssa Ross On Fri, Aug 27, 2021 at 12:49:28PM -0400, Rich Felker wrote: > On Fri, Aug 27, 2021 at 12:27:36PM -0300, Érico Nogueira wrote: > > Try avoiding unrelated changes in the commit, since they can introduce > > subtle bugs. In this case, making n size_t[] instead of int[] will lead > > to pointer type mismatches in the sscanf call, given that %n expects an > > int*. > > > > I don't know if *scanf guarantees it won't read enough to go past > > For *scanf in general there is no such guarantee; not even size_t is > safe for fscanf. However, here you have sscanf and the number is > bounded by strlen(linebuf). > > > INT_MAX, though, so making a change to size_t[] and using %ln might make > > sense. Deferring to someone else to answer that. > > The conversion specifier for size_t is %zu not %ln. Since in theory > strlen(linebuf) could be more than INT_MAX, I think this change should > be made, but it should be a separate bugfix. Sorry, that should be '%zn'. '%zu' of course is for reading an integer of type size_t not counting the bytes processed. ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-08-27 16:59 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-08-21 8:54 [musl] [PATCH 0/3] mntent: fix parsing lines with optional fields Alyssa Ross 2021-08-21 8:54 ` [musl] [PATCH libc-test 1/3] functional: add mntent test Alyssa Ross 2021-08-21 8:54 ` [musl] [PATCH libc-test 2/3] functional: add mntent test for single-field line Alyssa Ross 2021-08-21 8:54 ` [musl] [PATCH musl 3/3] mntent: fix parsing lines with optional fields Alyssa Ross 2021-08-27 15:27 ` Érico Nogueira 2021-08-27 16:49 ` Rich Felker 2021-08-27 16:59 ` Rich Felker
Code repositories for project(s) associated with this public inbox https://git.vuxu.org/mirror/musl/ This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).