RFR(S): 8214854: JDWP: Unforseen output truncation in logging

Chris Plummer chris.plummer at oracle.com
Fri Mar 1 19:07:02 UTC 2019 

On 2/28/19 11:12 PM, Dmitry Chuyko wrote:
> On 3/1/19 6:36 AM, Chris Plummer wrote:
>> On 2/28/19 5:07 PM, David Holmes wrote:
>>> Hi Dmitry,
>>>
>>> On 1/03/2019 6:15 am, Dmitry Chuyko wrote:
>>>> Hello,
>>>>
>>>> Please review a small fix for GCC 8.x warning in log_messages.c. 
>>>> Buffer sizes for parts of timestamp string can be adjusted to not 
>>>> exceed maximum buffer size when combined, while being able to hold 
>>>> necessary information.
>>>>
>>>> webrev: http://cr.openjdk.java.net/~dchuyko/8214854/webrev.00/
>>>> bug: https://bugs.openjdk.java.net/browse/JDK-8214854
>>>> testing: after the fix GCC 8 compiles working OpenJDK on Linux. 
>>>> Dev-submit job started.
>>>
>>> This looks good.
>>>
>>> One query:
>>>
>>>  51 typedef char timestamp_buffer[TIMESTAMP_SIZE];
>>>
>>> Is this needed so that the size of the buffer is known by gcc inside 
>>> get_time_stamp? (Generally I prefer to see explicitly when an array 
>>> is being stack allocated, not have it hidden behind a typedef.)
>> This also caught my attention and then got me thinking on what basis 
>> is gcc producing the warning in the first place. The warning is:
>>
>>  src/jdk.jdwp.agent/share/native/libjdwp/log_messages.c:75:24: error: 
>> '%.3d' directive output may be truncated writing between 3 and 11 
>> bytes into a region of size between 0 and 80 
>> [-Werror=format-truncation=]
>>                     "%s.%.3d %s", timestamp_prefix,
>>                         ^~~~
>>
>> I think it deduced this by seeing that the call to get_time_stamp() 
>> is passing in a char[80] for the tbuf argument. It then also sees 
>> that the argument for the first %s is also a char[80] array, so is 
>> pointing out that this first %s might fill (or nearly fill) tbuf, not 
>> leaving room for the %.3d argument. If this is the case, there is no 
>> need for the timestamp_buffer typedef. The real fix was making 
>> timestamp_date_time and timestamp_timezone smaller so gcc doesn't 
>> think they can overflow tbuf.
>>
>> Chris
>
> Current signature of helper function is get_time_stamp(char *tbuf, 
> size_t ltbuf). If we drop typedef change, this function either 
> logically needs ltbuf parameter or it internally assumes it to be 
> somewhat (TIMESTAMP_SIZE+1).
Hi Dmitry,

Ok, but that's unrelated to the compiler warning and not needed for the 
fix. Using a typedef hides the fact that we are dealing with a char* so 
makes the code less readable. I actually prefer the way it was with a 
char* and size_t arguments. My next preference would be:

      get_time_stamp(char tbuf[MAXLEN_TIMESTAMP+1])

Although I think it's also a bit odd. I don't recall seeing array sizes 
in function prototypes before.

thanks,

Chris

> In first case we in general should care about arbitrary ltbuf size. 
> Like 5 or 2. In second case there are no static checks/hints that we 
> don't pass tbuf of diferent size. So I preferred to have this 
> information in the function signature and to use known lengths of 
> parts: get_time_stamp(timestamp_buffer tbuf).
>
> -Dmitry
>
>>
>>
>>>
>>> Thanks,
>>> David
>>>
>>>
>>>> -Dmitry
>>>>
>>
>>

More information about the serviceability-dev mailing list