From nobody Sat Sep 27 12:24:55 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 15460213813011002.8406687339277; Fri, 28 Dec 2018 10:23:01 -0800 (PST) Received: from localhost ([127.0.0.1]:32769 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gcwmh-0001ia-PS for importer@patchew.org; Fri, 28 Dec 2018 13:22:59 -0500 Received: from eggs.gnu.org ([208.118.235.92]:47710) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gcwl0-0001GL-Fa for qemu-devel@nongnu.org; Fri, 28 Dec 2018 13:22:10 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gcwkI-0006zZ-Br for qemu-devel@nongnu.org; Fri, 28 Dec 2018 13:21:14 -0500 Received: from mx1.redhat.com ([209.132.183.28]:42206) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gcw1j-0001Wc-G3 for qemu-devel@nongnu.org; Fri, 28 Dec 2018 12:34:30 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BF48A13A9B; Fri, 28 Dec 2018 17:34:18 +0000 (UTC) Received: from x1w.redhat.com (ovpn-204-58.brq.redhat.com [10.40.204.58]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C655A1001944; Fri, 28 Dec 2018 17:34:13 +0000 (UTC) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Date: Fri, 28 Dec 2018 18:33:52 +0100 Message-Id: <20181228173356.15359-2-philmd@redhat.com> In-Reply-To: <20181228173356.15359-1-philmd@redhat.com> References: <20181228173356.15359-1-philmd@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Fri, 28 Dec 2018 17:34:18 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v4 1/5] qemu/compiler: Define QEMU_NONSTRING X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas Huth , Juan Quintela , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , David Hildenbrand , "Dr. David Alan Gilbert" , Markus Armbruster , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , "Michael S. Tsirkin" , Igor Mammedov , Paolo Bonzini , David Gibson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" GCC 8 introduced the -Wstringop-truncation checker to detect truncation by the strncat and strncpy functions (closely related to -Wstringop-overflow, which detect buffer overflow by string-modifying functions declared in ). In tandem of -Wstringop-truncation, the "nonstring" attribute was added: The nonstring variable attribute specifies that an object or member declaration with type array of char, signed char, or unsigned char, or pointer to such a type is intended to store character arrays that do not necessarily contain a terminating NUL. This is useful in detecting uses of such arrays or pointers with functions that expect NUL-terminated strings, and to avoid warnings when such an array or pointer is used as an argument to a bounded string manipulation function such as strncpy. From the GCC manual: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-A= ttributes.html#index-nonstring-variable-attribute Add the QEMU_NONSTRING macro which checks if the compiler supports this attribute. Suggested-by: Michael S. Tsirkin Reviewed-by: Eric Blake Reviewed-by: Michael S. Tsirkin Signed-off-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Richard Henderson Reviewed-by: Thomas Huth --- v4: reordered the commit description to make sens (eblake) Note this trigger the following checkpatch warning (patchew): WARNING: architecture specific defines should be avoided #50: FILE: include/qemu/compiler.h:163: +#if __has_attribute(nonstring) --- include/qemu/compiler.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h index 261842beae..2d8f507c73 100644 --- a/include/qemu/compiler.h +++ b/include/qemu/compiler.h @@ -151,6 +151,21 @@ # define QEMU_ERROR(X) #endif =20 +/* + * The nonstring variable attribute specifies that an object or member + * declaration with type array of char or pointer to char is intended + * to store character arrays that do not necessarily contain a terminating + * NUL character. This is useful in detecting uses of such arrays or point= ers + * with functions that expect NUL-terminated strings, and to avoid warnings + * when such an array or pointer is used as an argument to a bounded string + * manipulation function such as strncpy. + */ +#if __has_attribute(nonstring) +# define QEMU_NONSTRING __attribute__((nonstring)) +#else +# define QEMU_NONSTRING +#endif + /* Implement C11 _Generic via GCC builtins. Example: * * QEMU_GENERIC(x, (float, sinf), (long double, sinl), sin) (x) --=20 2.17.2 From nobody Sat Sep 27 12:24:55 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1546020113170684.1549376417746; Fri, 28 Dec 2018 10:01:53 -0800 (PST) Received: from localhost ([127.0.0.1]:60845 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gcwSD-0000xF-HH for importer@patchew.org; Fri, 28 Dec 2018 13:01:49 -0500 Received: from eggs.gnu.org ([208.118.235.92]:40578) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gcwNR-00042e-Cw for qemu-devel@nongnu.org; Fri, 28 Dec 2018 12:56:56 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gcw6o-0007EV-GS for qemu-devel@nongnu.org; Fri, 28 Dec 2018 12:39:47 -0500 Received: from mx1.redhat.com ([209.132.183.28]:58410) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gcw1x-0001cA-Iy; Fri, 28 Dec 2018 12:34:41 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E053E87623; Fri, 28 Dec 2018 17:34:40 +0000 (UTC) Received: from x1w.redhat.com (ovpn-204-58.brq.redhat.com [10.40.204.58]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5369B103BAB2; Fri, 28 Dec 2018 17:34:19 +0000 (UTC) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Date: Fri, 28 Dec 2018 18:33:53 +0100 Message-Id: <20181228173356.15359-3-philmd@redhat.com> In-Reply-To: <20181228173356.15359-1-philmd@redhat.com> References: <20181228173356.15359-1-philmd@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Fri, 28 Dec 2018 17:34:40 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v4 2/5] block/sheepdog: Use QEMU_NONSTRING for non NUL-terminated arrays X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Thomas Huth , "open list:Sheepdog" , Juan Quintela , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Jeff Cody , David Hildenbrand , "Dr. David Alan Gilbert" , Markus Armbruster , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , "Michael S. Tsirkin" , Igor Mammedov , Paolo Bonzini , Liu Yuan , Max Reitz , David Gibson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" GCC 8 added a -Wstringop-truncation warning: The -Wstringop-truncation warning added in GCC 8.0 via r254630 for bug 81117 is specifically intended to highlight likely unintended uses of the strncpy function that truncate the terminating NUL character from the source string. This new warning leads to compilation failures: CC block/sheepdog.o qemu/block/sheepdog.c: In function 'find_vdi_name': qemu/block/sheepdog.c:1239:5: error: 'strncpy' specified bound 256 equals= destination size [-Werror=3Dstringop-truncation] strncpy(buf + SD_MAX_VDI_LEN, tag, SD_MAX_VDI_TAG_LEN); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ make: *** [qemu/rules.mak:69: block/sheepdog.o] Error 1 As described previous to the strncpy() calls, the use of strncpy() is correct here: /* This pair of strncpy calls ensures that the buffer is zero-filled, * which is desirable since we'll soon be sending those bytes, and * don't want the send_req to read uninitialized data. */ strncpy(buf, filename, SD_MAX_VDI_LEN); strncpy(buf + SD_MAX_VDI_LEN, tag, SD_MAX_VDI_TAG_LEN); Use the QEMU_NONSTRING attribute, since this array is intended to store character arrays that do not necessarily contain a terminating NUL. Suggested-by: Michael S. Tsirkin Reviewed-by: Eric Blake Reviewed-by: Michael S. Tsirkin Signed-off-by: Philippe Mathieu-Daud=C3=A9 --- block/sheepdog.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/sheepdog.c b/block/sheepdog.c index 0125df9d49..5cd9618432 100644 --- a/block/sheepdog.c +++ b/block/sheepdog.c @@ -1224,7 +1224,7 @@ static int find_vdi_name(BDRVSheepdogState *s, const = char *filename, SheepdogVdiReq hdr; SheepdogVdiRsp *rsp =3D (SheepdogVdiRsp *)&hdr; unsigned int wlen, rlen =3D 0; - char buf[SD_MAX_VDI_LEN + SD_MAX_VDI_TAG_LEN]; + char buf[SD_MAX_VDI_LEN + SD_MAX_VDI_TAG_LEN] QEMU_NONSTRING; =20 fd =3D connect_to_sdog(s, errp); if (fd < 0) { --=20 2.17.2 From nobody Sat Sep 27 12:24:55 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1546022726679742.871642479331; Fri, 28 Dec 2018 10:45:26 -0800 (PST) Received: from localhost ([127.0.0.1]:32853 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gcx8P-0005iw-6i for importer@patchew.org; Fri, 28 Dec 2018 13:45:25 -0500 Received: from eggs.gnu.org ([208.118.235.92]:51722) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gcx6s-000441-Pd for qemu-devel@nongnu.org; Fri, 28 Dec 2018 13:43:54 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gcwnV-0000i9-2i for qemu-devel@nongnu.org; Fri, 28 Dec 2018 13:24:07 -0500 Received: from mx1.redhat.com ([209.132.183.28]:55832) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gcw2C-0001ed-7h for qemu-devel@nongnu.org; Fri, 28 Dec 2018 12:34:56 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 88B62C057F33; Fri, 28 Dec 2018 17:34:55 +0000 (UTC) Received: from x1w.redhat.com (ovpn-204-58.brq.redhat.com [10.40.204.58]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 707C51001944; Fri, 28 Dec 2018 17:34:41 +0000 (UTC) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Date: Fri, 28 Dec 2018 18:33:54 +0100 Message-Id: <20181228173356.15359-4-philmd@redhat.com> In-Reply-To: <20181228173356.15359-1-philmd@redhat.com> References: <20181228173356.15359-1-philmd@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Fri, 28 Dec 2018 17:34:55 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v4 3/5] hw/acpi: Use QEMU_NONSTRING for non NUL-terminated arrays X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas Huth , Juan Quintela , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , David Hildenbrand , "Dr. David Alan Gilbert" , Markus Armbruster , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , "Michael S. Tsirkin" , Igor Mammedov , Paolo Bonzini , David Gibson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" GCC 8 added a -Wstringop-truncation warning: The -Wstringop-truncation warning added in GCC 8.0 via r254630 for bug 81117 is specifically intended to highlight likely unintended uses of the strncpy function that truncate the terminating NUL character from the source string. This new warning leads to compilation failures: CC hw/acpi/core.o In function 'acpi_table_install', inlined from 'acpi_table_add' at qemu/h= w/acpi/core.c:296:5: qemu/hw/acpi/core.c:184:9: error: 'strncpy' specified bound 4 equals dest= ination size [-Werror=3Dstringop-truncation] strncpy(ext_hdr->sig, hdrs->sig, sizeof ext_hdr->sig); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ make: *** [qemu/rules.mak:69: hw/acpi/core.o] Error 1 Use the QEMU_NONSTRING attribute, since ACPI tables don't require the strings to be NUL-terminated. Suggested-by: Michael S. Tsirkin Reviewed-by: Michael S. Tsirkin Reviewed-by: Igor Mammedov Signed-off-by: Philippe Mathieu-Daud=C3=A9 --- v4: rebased Note this triggers the following checkpatch error (patchew): ERROR: space prohibited before open square bracket '[' #64: FILE: include/hw/acpi/acpi-defs.h:43: + uint8_t oem_id [6] QEMU_NONSTRING; /* OEM identification */ --- hw/acpi/core.c | 12 ++++++++---- include/hw/acpi/acpi-defs.h | 13 ++++++++----- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/hw/acpi/core.c b/hw/acpi/core.c index d6f0709691..47877c0ec1 100644 --- a/hw/acpi/core.c +++ b/hw/acpi/core.c @@ -35,14 +35,18 @@ struct acpi_table_header { uint16_t _length; /* our length, not actual part of the hdr */ /* allows easier parsing for fw_cfg clients = */ - char sig[4]; /* ACPI signature (4 ASCII characters) */ + char sig[4] + QEMU_NONSTRING; /* ACPI signature (4 ASCII characters) */ uint32_t length; /* Length of table, in bytes, including head= er */ uint8_t revision; /* ACPI Specification minor version # */ uint8_t checksum; /* To make sum of entire table =3D=3D 0 */ - char oem_id[6]; /* OEM identification */ - char oem_table_id[8]; /* OEM table identification */ + char oem_id[6] + QEMU_NONSTRING; /* OEM identification */ + char oem_table_id[8] + QEMU_NONSTRING; /* OEM table identification */ uint32_t oem_revision; /* OEM revision number */ - char asl_compiler_id[4]; /* ASL compiler vendor ID */ + char asl_compiler_id[4] + QEMU_NONSTRING; /* ASL compiler vendor ID */ uint32_t asl_compiler_revision; /* ASL compiler revision number */ } QEMU_PACKED; =20 diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h index 5021cb9e79..17f72e9553 100644 --- a/include/hw/acpi/acpi-defs.h +++ b/include/hw/acpi/acpi-defs.h @@ -41,8 +41,8 @@ enum { }; =20 typedef struct AcpiRsdpData { - uint8_t oem_id[6]; /* OEM identification */ - uint8_t revision; /* Must be 0 for 1.0, 2 for 2.0 */ + uint8_t oem_id[6] QEMU_NONSTRING; /* OEM identification */ + uint8_t revision; /* Must be 0 for 1.0, 2 for 2.0 */ =20 unsigned *rsdt_tbl_offset; unsigned *xsdt_tbl_offset; @@ -57,10 +57,13 @@ typedef struct AcpiRsdpData { uint32_t length; /* Length of table, in bytes, includi= ng header */ \ uint8_t revision; /* ACPI Specification minor version #= */ \ uint8_t checksum; /* To make sum of entire table =3D=3D= 0 */ \ - uint8_t oem_id [6]; /* OEM identification */ \ - uint8_t oem_table_id [8]; /* OEM table identification */ \ + uint8_t oem_id [6] \ + QEMU_NONSTRING; /* OEM identification */ \ + uint8_t oem_table_id [8] \ + QEMU_NONSTRING; /* OEM table identification */ \ uint32_t oem_revision; /* OEM revision number */ \ - uint8_t asl_compiler_id [4]; /* ASL compiler vendor ID */ \ + uint8_t asl_compiler_id [4] \ + QEMU_NONSTRING; /* ASL compiler vendor ID */ \ uint32_t asl_compiler_revision; /* ASL compiler revision number */ =20 =20 --=20 2.17.2 From nobody Sat Sep 27 12:24:55 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1546022684564905.6011785638088; Fri, 28 Dec 2018 10:44:44 -0800 (PST) Received: from localhost ([127.0.0.1]:32847 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gcx7i-0005Cz-Kh for importer@patchew.org; Fri, 28 Dec 2018 13:44:42 -0500 Received: from eggs.gnu.org ([208.118.235.92]:52212) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gcx6R-0004FB-3B for qemu-devel@nongnu.org; Fri, 28 Dec 2018 13:43:26 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gcwpP-0004bd-SO for qemu-devel@nongnu.org; Fri, 28 Dec 2018 13:25:52 -0500 Received: from mx1.redhat.com ([209.132.183.28]:44942) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gcw2H-0001gH-87 for qemu-devel@nongnu.org; Fri, 28 Dec 2018 12:35:01 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8C11D83F51; Fri, 28 Dec 2018 17:35:00 +0000 (UTC) Received: from x1w.redhat.com (ovpn-204-58.brq.redhat.com [10.40.204.58]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 32CC9105B1E1; Fri, 28 Dec 2018 17:34:55 +0000 (UTC) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Date: Fri, 28 Dec 2018 18:33:55 +0100 Message-Id: <20181228173356.15359-5-philmd@redhat.com> In-Reply-To: <20181228173356.15359-1-philmd@redhat.com> References: <20181228173356.15359-1-philmd@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Fri, 28 Dec 2018 17:35:00 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v4 4/5] migration: Fix stringop-truncation warning X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas Huth , Juan Quintela , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , David Hildenbrand , "Dr. David Alan Gilbert" , Markus Armbruster , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , "Michael S. Tsirkin" , Igor Mammedov , Paolo Bonzini , David Gibson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Marc-Andr=C3=A9 Lureau GCC 8 added a -Wstringop-truncation warning: The -Wstringop-truncation warning added in GCC 8.0 via r254630 for bug 81117 is specifically intended to highlight likely unintended uses of the strncpy function that truncate the terminating NUL character from the source string. This new warning leads to compilation failures: CC migration/global_state.o qemu/migration/global_state.c: In function 'global_state_store_running': qemu/migration/global_state.c:45:5: error: 'strncpy' specified bound 100 = equals destination size [-Werror=3Dstringop-truncation] strncpy((char *)global_state.runstate, state, sizeof(global_state.ru= nstate)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~~~~~~~ make: *** [qemu/rules.mak:69: migration/global_state.o] Error 1 Adding an assert is enough to silence GCC. (alternatively, we could hard-code "running") Signed-off-by: Marc-Andr=C3=A9 Lureau Reviewed-by: Eric Blake Reviewed-by: Dr. David Alan Gilbert Reviewed-by: Philippe Mathieu-Daud=C3=A9 [PMD: More verbose commit message] Signed-off-by: Philippe Mathieu-Daud=C3=A9 --- migration/global_state.c | 1 + 1 file changed, 1 insertion(+) diff --git a/migration/global_state.c b/migration/global_state.c index 8e8ab5c51e..01805c567a 100644 --- a/migration/global_state.c +++ b/migration/global_state.c @@ -42,6 +42,7 @@ int global_state_store(void) void global_state_store_running(void) { const char *state =3D RunState_str(RUN_STATE_RUNNING); + assert(strlen(state) < sizeof(global_state.runstate)); strncpy((char *)global_state.runstate, state, sizeof(global_state.runstate)); } --=20 2.17.2 From nobody Sat Sep 27 12:24:55 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1546020048230761.9457739269827; Fri, 28 Dec 2018 10:00:48 -0800 (PST) Received: from localhost ([127.0.0.1]:60829 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gcwRC-00083W-Np for importer@patchew.org; Fri, 28 Dec 2018 13:00:46 -0500 Received: from eggs.gnu.org ([208.118.235.92]:40215) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gcwMf-0003Ng-Ga for qemu-devel@nongnu.org; Fri, 28 Dec 2018 12:56:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gcwLq-00056G-Fu for qemu-devel@nongnu.org; Fri, 28 Dec 2018 12:55:17 -0500 Received: from mx1.redhat.com ([209.132.183.28]:40982) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gcw2W-0001sM-I6 for qemu-devel@nongnu.org; Fri, 28 Dec 2018 12:35:16 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DFD1C81F13; Fri, 28 Dec 2018 17:35:15 +0000 (UTC) Received: from x1w.redhat.com (ovpn-204-58.brq.redhat.com [10.40.204.58]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0FDFA103BAB2; Fri, 28 Dec 2018 17:35:00 +0000 (UTC) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Date: Fri, 28 Dec 2018 18:33:56 +0100 Message-Id: <20181228173356.15359-6-philmd@redhat.com> In-Reply-To: <20181228173356.15359-1-philmd@redhat.com> References: <20181228173356.15359-1-philmd@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Fri, 28 Dec 2018 17:35:15 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v4 5/5] migration: Use strnlen() for fixed-size string X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas Huth , Juan Quintela , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , David Hildenbrand , "Dr. David Alan Gilbert" , Markus Armbruster , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , "Michael S. Tsirkin" , Igor Mammedov , Paolo Bonzini , David Gibson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" GCC 8 introduced the -Wstringop-overflow, which detect buffer overflow by string-modifying functions declared in , such strncpy(), used in global_state_store_running(). GCC indeed found an incorrect use of strlen(), because this array is loaded by VMSTATE_BUFFER(runstate, GlobalState) then parsed using qapi_enum_parse which does not get the buffer length. Use strnlen() which returns sizeof(s->runstate) if the array is not NUL-terminated, assert the size is within range, and enforce the array to be NUL-terminated to avoid an overflow in qapi_enum_parse(). This fixes: CC migration/global_state.o qemu/migration/global_state.c: In function 'global_state_pre_save': qemu/migration/global_state.c:109:15: error: 'strlen' argument 1 declared= attribute 'nonstring' [-Werror=3Dstringop-overflow=3D] s->size =3D strlen((char *)s->runstate) + 1; ^~~~~~~~~~~~~~~~~~~~~~~~~~~ qemu/migration/global_state.c:24:13: note: argument 'runstate' declared h= ere uint8_t runstate[100] QEMU_NONSTRING; ^~~~~~~~ cc1: all warnings being treated as errors make: *** [qemu/rules.mak:69: migration/global_state.o] Error 1 Suggested-by: Michael S. Tsirkin Signed-off-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Dr. David Alan Gilbert Reviewed-by: Richard Henderson --- migration/global_state.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/migration/global_state.c b/migration/global_state.c index 01805c567a..4f060a6dbd 100644 --- a/migration/global_state.c +++ b/migration/global_state.c @@ -89,6 +89,16 @@ static int global_state_post_load(void *opaque, int vers= ion_id) s->received =3D true; trace_migrate_global_state_post_load(runstate); =20 + if (strnlen((char *)s->runstate, + sizeof(s->runstate)) =3D=3D sizeof(s->runstate)) { + /* This condition should never happen during migration, because + * all runstate names are shorter than 100 bytes (the size of + * s->runstate). However, a malicious stream could overflow + * the qapi_enum_parse() call, so we force the last character + * to a NUL byte. + */ + s->runstate[sizeof(s->runstate) - 1] =3D '\0'; + } r =3D qapi_enum_parse(&RunState_lookup, runstate, -1, &local_err); =20 if (r =3D=3D -1) { @@ -107,7 +117,8 @@ static int global_state_pre_save(void *opaque) GlobalState *s =3D opaque; =20 trace_migrate_global_state_pre_save((char *)s->runstate); - s->size =3D strlen((char *)s->runstate) + 1; + s->size =3D strnlen((char *)s->runstate, sizeof(s->runstate)) + 1; + assert(s->size <=3D sizeof(s->runstate)); =20 return 0; } --=20 2.17.2