[v2,2/5] linux-user: avoid string truncation warnings in elf field copying
diff mbox series

Message ID 20190412121626.19829-3-berrange@redhat.com
State New
Headers show
Series
  • misc set of fixes for warnings under GCC 9
Related show

Commit Message

Daniel P. Berrangé April 12, 2019, 12:16 p.m. UTC
In file included from /usr/include/string.h:494,
                 from include/qemu/osdep.h:101,
                 from linux-user/elfload.c:2:
In function ‘strncpy’,
    inlined from ‘fill_psinfo’ at linux-user/elfload.c:3208:12,
    inlined from ‘fill_note_info’ at linux-user/elfload.c:3390:5,
    inlined from ‘elf_core_dump’ at linux-user/elfload.c:3539:9:
/usr/include/bits/string_fortified.h:106:10: warning: ‘__builtin_strncpy’ specified bound 16 equals destination size [-Wstringop-truncation]
  106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We don't require the field to be NUL terminated, so can just
copy the lower of the string length and the target field size
using memcpy.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 linux-user/elfload.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

Comments

Laurent Vivier April 12, 2019, 12:32 p.m. UTC | #1
On 12/04/2019 14:16, Daniel P. Berrangé wrote:
> In file included from /usr/include/string.h:494,
>                  from include/qemu/osdep.h:101,
>                  from linux-user/elfload.c:2:
> In function ‘strncpy’,
>     inlined from ‘fill_psinfo’ at linux-user/elfload.c:3208:12,
>     inlined from ‘fill_note_info’ at linux-user/elfload.c:3390:5,
>     inlined from ‘elf_core_dump’ at linux-user/elfload.c:3539:9:
> /usr/include/bits/string_fortified.h:106:10: warning: ‘__builtin_strncpy’ specified bound 16 equals destination size [-Wstringop-truncation]
>   106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
>       |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> We don't require the field to be NUL terminated, so can just
> copy the lower of the string length and the target field size
> using memcpy.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  linux-user/elfload.c | 10 ++++------
>  1 file changed, 4 insertions(+), 6 deletions(-)
> 
> diff --git a/linux-user/elfload.c b/linux-user/elfload.c
> index c1a26021f8..caa060f7b7 100644
> --- a/linux-user/elfload.c
> +++ b/linux-user/elfload.c
> @@ -3180,6 +3180,7 @@ static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts)
>  {
>      char *base_filename;
>      unsigned int i, len;
> +    size_t pathlen;
>  
>      (void) memset(psinfo, 0, sizeof (*psinfo));
>  
> @@ -3201,12 +3202,9 @@ static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts)
>      psinfo->pr_gid = getgid();
>  
>      base_filename = g_path_get_basename(ts->bprm->filename);
> -    /*
> -     * Using strncpy here is fine: at max-length,
> -     * this field is not NUL-terminated.
> -     */

Keep and update the comment, it explains why we don't need to add the
NUL at the end when MIN() is sizeof(psinfo->pr_fname).

> -    (void) strncpy(psinfo->pr_fname, base_filename,
> -                   sizeof(psinfo->pr_fname));
> +    pathlen = strlen(base_filename) + 1;
> +    pathlen = MIN(pathlen, sizeof(psinfo->pr_fname));
> +    memcpy(psinfo->pr_fname, base_filename, pathlen);
>  
>      g_free(base_filename);
>      bswap_psinfo(psinfo);
> 

Thanks,
Laurent

Patch
diff mbox series

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index c1a26021f8..caa060f7b7 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -3180,6 +3180,7 @@  static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts)
 {
     char *base_filename;
     unsigned int i, len;
+    size_t pathlen;
 
     (void) memset(psinfo, 0, sizeof (*psinfo));
 
@@ -3201,12 +3202,9 @@  static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts)
     psinfo->pr_gid = getgid();
 
     base_filename = g_path_get_basename(ts->bprm->filename);
-    /*
-     * Using strncpy here is fine: at max-length,
-     * this field is not NUL-terminated.
-     */
-    (void) strncpy(psinfo->pr_fname, base_filename,
-                   sizeof(psinfo->pr_fname));
+    pathlen = strlen(base_filename) + 1;
+    pathlen = MIN(pathlen, sizeof(psinfo->pr_fname));
+    memcpy(psinfo->pr_fname, base_filename, pathlen);
 
     g_free(base_filename);
     bswap_psinfo(psinfo);