RFR(S): 8214854: JDWP: Unforseen output truncation in logging
Dmitry Chuyko
dmitry.chuyko at bell-sw.com
Fri Mar 1 21:46:53 UTC 2019
Ok. typedef part removed according to review comments (not related to fix).
Updated webrev: http://cr.openjdk.java.net/~dchuyko/8214854/webrev.01/
-Dmitry
On 3/1/19 10:07 PM, Chris Plummer wrote:
> On 2/28/19 11:12 PM, Dmitry Chuyko wrote:
>> On 3/1/19 6:36 AM, Chris Plummer wrote:
>>> On 2/28/19 5:07 PM, David Holmes wrote:
>>>> Hi Dmitry,
>>>>
>>>> On 1/03/2019 6:15 am, Dmitry Chuyko wrote:
>>>>> Hello,
>>>>>
>>>>> Please review a small fix for GCC 8.x warning in log_messages.c.
>>>>> Buffer sizes for parts of timestamp string can be adjusted to not
>>>>> exceed maximum buffer size when combined, while being able to hold
>>>>> necessary information.
>>>>>
>>>>> webrev: http://cr.openjdk.java.net/~dchuyko/8214854/webrev.00/
>>>>> bug: https://bugs.openjdk.java.net/browse/JDK-8214854
>>>>> testing: after the fix GCC 8 compiles working OpenJDK on Linux.
>>>>> Dev-submit job started.
>>>>
>>>> This looks good.
>>>>
>>>> One query:
>>>>
>>>> 51 typedef char timestamp_buffer[TIMESTAMP_SIZE];
>>>>
>>>> Is this needed so that the size of the buffer is known by gcc
>>>> inside get_time_stamp? (Generally I prefer to see explicitly when
>>>> an array is being stack allocated, not have it hidden behind a
>>>> typedef.)
>>> This also caught my attention and then got me thinking on what basis
>>> is gcc producing the warning in the first place. The warning is:
>>>
>>> src/jdk.jdwp.agent/share/native/libjdwp/log_messages.c:75:24:
>>> error: '%.3d' directive output may be truncated writing between 3
>>> and 11 bytes into a region of size between 0 and 80
>>> [-Werror=format-truncation=]
>>> "%s.%.3d %s", timestamp_prefix,
>>> ^~~~
>>>
>>> I think it deduced this by seeing that the call to get_time_stamp()
>>> is passing in a char[80] for the tbuf argument. It then also sees
>>> that the argument for the first %s is also a char[80] array, so is
>>> pointing out that this first %s might fill (or nearly fill) tbuf,
>>> not leaving room for the %.3d argument. If this is the case, there
>>> is no need for the timestamp_buffer typedef. The real fix was making
>>> timestamp_date_time and timestamp_timezone smaller so gcc doesn't
>>> think they can overflow tbuf.
>>>
>>> Chris
>>
>> Current signature of helper function is get_time_stamp(char *tbuf,
>> size_t ltbuf). If we drop typedef change, this function either
>> logically needs ltbuf parameter or it internally assumes it to be
>> somewhat (TIMESTAMP_SIZE+1).
> Hi Dmitry,
>
> Ok, but that's unrelated to the compiler warning and not needed for
> the fix. Using a typedef hides the fact that we are dealing with a
> char* so makes the code less readable. I actually prefer the way it
> was with a char* and size_t arguments. My next preference would be:
>
> get_time_stamp(char tbuf[MAXLEN_TIMESTAMP+1])
>
> Although I think it's also a bit odd. I don't recall seeing array
> sizes in function prototypes before.
>
> thanks,
>
> Chris
>
>> In first case we in general should care about arbitrary ltbuf size.
>> Like 5 or 2. In second case there are no static checks/hints that we
>> don't pass tbuf of diferent size. So I preferred to have this
>> information in the function signature and to use known lengths of
>> parts: get_time_stamp(timestamp_buffer tbuf).
>>
>> -Dmitry
>>
>>>
>>>
>>>>
>>>> Thanks,
>>>> David
>>>>
>>>>
>>>>> -Dmitry
>>>>>
>>>
>>>
>
>
More information about the serviceability-dev
mailing list