| Message ID | 20181228173356.15359-2-philmd@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Fix strncpy() warnings for GCC8 new -Wstringop-truncation | expand |
On 12/29/18 4:33 AM, Philippe Mathieu-Daudé wrote: > GCC 8 introduced the -Wstringop-truncation checker to detect truncation by > the strncat and strncpy functions (closely related to -Wstringop-overflow, > which detect buffer overflow by string-modifying functions declared in > <string.h>). > > In tandem of -Wstringop-truncation, the "nonstring" attribute was added: > > The nonstring variable attribute specifies that an object or member > declaration with type array of char, signed char, or unsigned char, > or pointer to such a type is intended to store character arrays that > do not necessarily contain a terminating NUL. This is useful in detecting > uses of such arrays or pointers with functions that expect NUL-terminated > strings, and to avoid warnings when such an array or pointer is used as > an argument to a bounded string manipulation function such as strncpy. > > From the GCC manual: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-nonstring-variable-attribute > > Add the QEMU_NONSTRING macro which checks if the compiler supports this > attribute. > > Suggested-by: Michael S. Tsirkin <mst@redhat.com> > Reviewed-by: Eric Blake <eblake@redhat.com> > Reviewed-by: Michael S. Tsirkin <mst@redhat.com> > Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> > --- Reviewed-by: Richard Henderson <richard.henderson@linaro.org> r~
On 2018-12-28 18:33, Philippe Mathieu-Daudé wrote: > GCC 8 introduced the -Wstringop-truncation checker to detect truncation by > the strncat and strncpy functions (closely related to -Wstringop-overflow, > which detect buffer overflow by string-modifying functions declared in > <string.h>). > > In tandem of -Wstringop-truncation, the "nonstring" attribute was added: > > The nonstring variable attribute specifies that an object or member > declaration with type array of char, signed char, or unsigned char, > or pointer to such a type is intended to store character arrays that > do not necessarily contain a terminating NUL. This is useful in detecting > uses of such arrays or pointers with functions that expect NUL-terminated > strings, and to avoid warnings when such an array or pointer is used as > an argument to a bounded string manipulation function such as strncpy. > > From the GCC manual: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-nonstring-variable-attribute > > Add the QEMU_NONSTRING macro which checks if the compiler supports this > attribute. > > Suggested-by: Michael S. Tsirkin <mst@redhat.com> > Reviewed-by: Eric Blake <eblake@redhat.com> > Reviewed-by: Michael S. Tsirkin <mst@redhat.com> > Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h index 261842beae..2d8f507c73 100644 --- a/include/qemu/compiler.h +++ b/include/qemu/compiler.h @@ -151,6 +151,21 @@ # define QEMU_ERROR(X) #endif +/* + * The nonstring variable attribute specifies that an object or member + * declaration with type array of char or pointer to char is intended + * to store character arrays that do not necessarily contain a terminating + * NUL character. This is useful in detecting uses of such arrays or pointers + * with functions that expect NUL-terminated strings, and to avoid warnings + * when such an array or pointer is used as an argument to a bounded string + * manipulation function such as strncpy. + */ +#if __has_attribute(nonstring) +# define QEMU_NONSTRING __attribute__((nonstring)) +#else +# define QEMU_NONSTRING +#endif + /* Implement C11 _Generic via GCC builtins. Example: * * QEMU_GENERIC(x, (float, sinf), (long double, sinl), sin) (x)