RFR: 8307855: update for deprecated sprintf for src/utils [v2]
Kim Barrett
kbarrett at openjdk.org
Sun May 14 00:49:55 UTC 2023
On Fri, 12 May 2023 14:52:59 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> Hi,
>>
>> May I have this update reviewed?
>>
>> The sprintf is deprecated in Xcode 14, and Microsoft Virtual Studio, because of security concerns. The issue was addressed in [JDK-8296812](https://bugs.openjdk.org/browse/JDK-8296812) for building failure, and [JDK-8299378](https://bugs.openjdk.org/browse/JDK-8299378)/[JDK-8299635](https://bugs.openjdk.org/browse/JDK-8299635)/[JDK-8301132](https://bugs.openjdk.org/browse/JDK-8301132) for testing issues . This is a break-down update for sprintf uses in the src/utils directory.
>>
>> Thanks,
>> Xuelei
>
> Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision:
>
> update typo in copyright statement
A couple of issues noticed after this PR has been integrated.
src/utils/hsdis/binutils/hsdis-binutils.c line 222:
> 220: const decode_func_stype decode_func_address = &decode_instructions;
> 221:
> 222: #define remaining_buflen(buf, bufsize, p) ((bufsize) - ((p) - (buf)))
This shouldn't be a macro. Among other reasons, see the style guide.
src/utils/hsdis/binutils/hsdis-binutils.c line 251:
> 249: if (type) snprintf(p += strlen(p), remaining_buflen(buf, bufsize, p), " type='%s'", type);
> 250: if (dsize) snprintf(p += strlen(p), remaining_buflen(buf, bufsize, p), " dsize='%d'", dsize);
> 251: if (delays) snprintf(p += strlen(p), remaining_buflen(buf, bufsize, p), " delay='%d'", delays);
What is the value for p that is used in the call to remaining_buflen?
It is being assumed to be the value after the assignment by the first
argument. However, according to the standard, it is unspecified, and
the whole snprintf call invokes UB. This is because there aren't any
sequence points between the update of p in the first argument and that
reference. (C++17 changes this, but we aren't using C++17 yet.)
-------------
PR Review: https://git.openjdk.org/jdk/pull/13915#pullrequestreview-1425474314
PR Review Comment: https://git.openjdk.org/jdk/pull/13915#discussion_r1193056435
PR Review Comment: https://git.openjdk.org/jdk/pull/13915#discussion_r1193056453
More information about the build-dev
mailing list