RFR(S): 8252407: Build failure with gcc-8+ and asan
Florian Weimer
fweimer at redhat.com
Sun Sep 6 17:03:55 UTC 2020
* Kim Barrett:
>> On Sep 4, 2020, at 7:50 AM, Florian Weimer <fweimer at redhat.com> wrote:
>>
>> * Daniel Fuchs:
>>
>>> Hi,
>>>
>>> On 02/09/2020 08:19, Florian Weimer wrote:
>>>> At least one of the bugs was in theory user-visible: the network
>>>> interface code would return data for an interface that does not actually
>>>> exist on the system.
>>>
>>> WRT NetworkInterface.c, I might support using `strnlen` to check
>>> the length before hand, if that solves both cases (gcc8 and gcc10).
>>> I'm always a bit nervous of changing the behavior in this library
>>> as it's hard to verify that no regression is introduced.
>>
>> I think you should use strlen. If the string is longer than the buffer
>> sent to the kernel, it cannot match an existing interface because all
>> the names are shorter. So some sort of “not found” error needs to
>> reported.
>
> That may be, but I think doing so probably won't do anything to
> address the -Wstringop-truncation warnings.
There is no reason to use strncpy. At least on Linux, the struct field
needs to be null-terminated, and you need to compute the length for the
length check. So you might as well use memcpy with the length plus one
(to copy the null terminator). You can keep using strncpy, and the
warning should be gone (because GCC will recognize a dominating strlen
check), but it's not necessary.
On current GNU/Linux, the most common structs now have the appropriate
annotations, so you get the strncpy warnings only in cases where there
is an actual truncation bug.
Thanks,
Florian
More information about the core-libs-dev
mailing list