| Message ID | 20210318133305.316564-4-shreeya.patel@collabora.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Make UTF-8 encoding loadable | expand |
On 18/03/21 7:03 pm, Shreeya Patel wrote: > Following warning was reported by Kernel Test Robot. > > In function 'utf8_parse_version', > inlined from 'utf8_load' at fs/unicode/utf8mod.c:195:7: >>> fs/unicode/utf8mod.c:175:2: warning: 'strncpy' specified bound 12 equals > destination size [-Wstringop-truncation] > 175 | strncpy(version_string, version, sizeof(version_string)); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > The -Wstringop-truncation warning highlights the unintended > uses of the strncpy function that truncate the terminating NULL > character from the source string. > Unlike strncpy(), strscpy() always null-terminates the destination string, > hence use strscpy() instead of strncpy(). Not sure if strscpy is preferable. Just found this article https://lwn.net/Articles/659214/ Should I go for memcpy instead? > > Signed-off-by: Shreeya Patel <shreeya.patel@collabora.com> > Reported-by: kernel test robot <lkp@intel.com> > --- > Changes in v2 > - Resolve warning of -Wstringop-truncation reported by > kernel test robot. > > fs/unicode/unicode-core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/unicode/unicode-core.c b/fs/unicode/unicode-core.c > index d5f09e022ac5..287a8a48836c 100644 > --- a/fs/unicode/unicode-core.c > +++ b/fs/unicode/unicode-core.c > @@ -179,7 +179,7 @@ static int unicode_parse_version(const char *version, unsigned int *maj, > {0, NULL} > }; > > - strncpy(version_string, version, sizeof(version_string)); > + strscpy(version_string, version, sizeof(version_string)); > > if (match_token(version_string, token, args) != 1) > return -EINVAL;
From: Shreeya Patel > Sent: 18 March 2021 14:13 > > On 18/03/21 7:03 pm, Shreeya Patel wrote: > > Following warning was reported by Kernel Test Robot. > > > > In function 'utf8_parse_version', > > inlined from 'utf8_load' at fs/unicode/utf8mod.c:195:7: > >>> fs/unicode/utf8mod.c:175:2: warning: 'strncpy' specified bound 12 equals > > destination size [-Wstringop-truncation] > > 175 | strncpy(version_string, version, sizeof(version_string)); > > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > The -Wstringop-truncation warning highlights the unintended > > uses of the strncpy function that truncate the terminating NULL > > character from the source string. > > Unlike strncpy(), strscpy() always null-terminates the destination string, > > hence use strscpy() instead of strncpy(). > > > Not sure if strscpy is preferable. Just found this article > https://lwn.net/Articles/659214/ > Should I go for memcpy instead? Which length would you give memcpy() ? The compiler will moan if you try to read beyond the end of the input string. strscpy() is about the best of a bad lot. I think (I'm not sure!) that a good string copy function should return the number of bytes copies or the buffer length is truncated. Then you can do repeated: off += xxxcpy(buf + off, buflen - off, xxxxx); without any danger of writing beyond the buffer end, always getting a '\0' terminated string, and being able to detect overflow right at the end. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
On Thu, Mar 18, 2021 at 07:03:04PM +0530, Shreeya Patel wrote: > Following warning was reported by Kernel Test Robot. > > In function 'utf8_parse_version', > inlined from 'utf8_load' at fs/unicode/utf8mod.c:195:7: > >> fs/unicode/utf8mod.c:175:2: warning: 'strncpy' specified bound 12 equals > destination size [-Wstringop-truncation] > 175 | strncpy(version_string, version, sizeof(version_string)); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > The -Wstringop-truncation warning highlights the unintended > uses of the strncpy function that truncate the terminating NULL > character from the source string. > Unlike strncpy(), strscpy() always null-terminates the destination string, > hence use strscpy() instead of strncpy(). > > Signed-off-by: Shreeya Patel <shreeya.patel@collabora.com> > Reported-by: kernel test robot <lkp@intel.com> > --- > Changes in v2 > - Resolve warning of -Wstringop-truncation reported by > kernel test robot. > > fs/unicode/unicode-core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/unicode/unicode-core.c b/fs/unicode/unicode-core.c > index d5f09e022ac5..287a8a48836c 100644 > --- a/fs/unicode/unicode-core.c > +++ b/fs/unicode/unicode-core.c > @@ -179,7 +179,7 @@ static int unicode_parse_version(const char *version, unsigned int *maj, > {0, NULL} > }; > > - strncpy(version_string, version, sizeof(version_string)); > + strscpy(version_string, version, sizeof(version_string)); > Shouldn't unicode_parse_version() return an error if the string gets truncated here? I.e. check if strscpy() returns < 0. Also, this is a "fix" (though one that doesn't currently matter, since 'version' is currently always shorter than sizeof(version_string)), so it should go first in the series and have a Fixes tag. - Eric
On 19/03/21 2:33 am, Eric Biggers wrote: > On Thu, Mar 18, 2021 at 07:03:04PM +0530, Shreeya Patel wrote: >> Following warning was reported by Kernel Test Robot. >> >> In function 'utf8_parse_version', >> inlined from 'utf8_load' at fs/unicode/utf8mod.c:195:7: >>>> fs/unicode/utf8mod.c:175:2: warning: 'strncpy' specified bound 12 equals >> destination size [-Wstringop-truncation] >> 175 | strncpy(version_string, version, sizeof(version_string)); >> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> >> The -Wstringop-truncation warning highlights the unintended >> uses of the strncpy function that truncate the terminating NULL >> character from the source string. >> Unlike strncpy(), strscpy() always null-terminates the destination string, >> hence use strscpy() instead of strncpy(). >> >> Signed-off-by: Shreeya Patel <shreeya.patel@collabora.com> >> Reported-by: kernel test robot <lkp@intel.com> >> --- >> Changes in v2 >> - Resolve warning of -Wstringop-truncation reported by >> kernel test robot. >> >> fs/unicode/unicode-core.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/fs/unicode/unicode-core.c b/fs/unicode/unicode-core.c >> index d5f09e022ac5..287a8a48836c 100644 >> --- a/fs/unicode/unicode-core.c >> +++ b/fs/unicode/unicode-core.c >> @@ -179,7 +179,7 @@ static int unicode_parse_version(const char *version, unsigned int *maj, >> {0, NULL} >> }; >> >> - strncpy(version_string, version, sizeof(version_string)); >> + strscpy(version_string, version, sizeof(version_string)); >> > Shouldn't unicode_parse_version() return an error if the string gets truncated > here? I.e. check if strscpy() returns < 0. > > Also, this is a "fix" (though one that doesn't currently matter, since 'version' > is currently always shorter than sizeof(version_string)), so it should go first > in the series and have a Fixes tag. Thanks Eric, will send v3 for it. > > - Eric
diff --git a/fs/unicode/unicode-core.c b/fs/unicode/unicode-core.c index d5f09e022ac5..287a8a48836c 100644 --- a/fs/unicode/unicode-core.c +++ b/fs/unicode/unicode-core.c @@ -179,7 +179,7 @@ static int unicode_parse_version(const char *version, unsigned int *maj, {0, NULL} }; - strncpy(version_string, version, sizeof(version_string)); + strscpy(version_string, version, sizeof(version_string)); if (match_token(version_string, token, args) != 1) return -EINVAL;