From nobody Tue Apr 23 06:28:51 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1555071716; cv=none; d=zoho.com; s=zohoarc; b=Diklu4vzJY9uPivWW1I1AZQdROHOpQtEgufP60ywZQUStLPngLKTP1KMcUMHGv941+QIuiQAIb5RssYJnxVeA4K4CDHQk0cXuXl82SgndrY6a3V+3H/WZ5AHGs5Up4yuc59ZKTuQtWMZiT2qGbFW8rlVLEyM09kmJxeO32agHPI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1555071716; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=D23Jx4Rc2B2w1jxyD/9mz6+H5P4JDeKt83vWoa0/Afc=; b=UeCzNIKRIPDXZuPCD/xc1sZcj8bJn4OIxAjulDiaEyME9olb6N5LRp7LTHjIU1vwDYw8bmf1Jt3vvf+ok3uO6GBOf6DA4fXutwe+SBCNb3dXxb4m170BeSA8odMtyf1gaYYpqR1pC5e1NZInsTUn4LT4s0vR8Z7FnYUuWNgKCeE= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1555071716851390.41190555369496; Fri, 12 Apr 2019 05:21:56 -0700 (PDT) Received: from localhost ([127.0.0.1]:35537 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hEvBp-0006Md-PG for importer@patchew.org; Fri, 12 Apr 2019 08:21:53 -0400 Received: from eggs.gnu.org ([209.51.188.92]:36176) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hEv6j-0002h9-0m for qemu-devel@nongnu.org; Fri, 12 Apr 2019 08:16:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hEv6i-0004Va-63 for qemu-devel@nongnu.org; Fri, 12 Apr 2019 08:16:37 -0400 Received: from mx1.redhat.com ([209.132.183.28]:62442) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hEv6h-0004VM-W2 for qemu-devel@nongnu.org; Fri, 12 Apr 2019 08:16:36 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 55548C05D3F5; Fri, 12 Apr 2019 12:16:35 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-27.ams2.redhat.com [10.36.112.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id 813FF5D9CC; Fri, 12 Apr 2019 12:16:33 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Fri, 12 Apr 2019 13:16:22 +0100 Message-Id: <20190412121626.19829-2-berrange@redhat.com> In-Reply-To: <20190412121626.19829-1-berrange@redhat.com> References: <20190412121626.19829-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Fri, 12 Apr 2019 12:16:35 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v2 1/5] linux-user: avoid string truncation warnings in uname field copying X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Riku Voipio , Laurent Vivier , Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" In file included from /usr/include/string.h:494, from include/qemu/osdep.h:101, from linux-user/uname.c:20: In function =E2=80=98strncpy=E2=80=99, inlined from =E2=80=98sys_uname=E2=80=99 at linux-user/uname.c:94:3: /usr/include/bits/string_fortified.h:106:10: warning: =E2=80=98__builtin_st= rncpy=E2=80=99 output may be truncated copying 64 bytes from a string of le= ngth 64 [-Wstringop-truncation] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__de= st)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~~~ We don't care where the NUL terminator in the original uname field was. It suffices to copy the entire original field and simply force a NUL terminator at the end of the new field. Signed-off-by: Daniel P. Berrang=C3=A9 --- linux-user/uname.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux-user/uname.c b/linux-user/uname.c index 313b79dbad..3dff33effe 100644 --- a/linux-user/uname.c +++ b/linux-user/uname.c @@ -73,7 +73,7 @@ const char *cpu_to_uname_machine(void *cpu_env) #define COPY_UTSNAME_FIELD(dest, src) \ do { \ /* __NEW_UTS_LEN doesn't include terminating null */ \ - (void) strncpy((dest), (src), __NEW_UTS_LEN); \ + memcpy((dest), (src), MIN(sizeof(src), __NEW_UTS_LEN)); \ (dest)[__NEW_UTS_LEN] =3D '\0'; \ } while (0) =20 --=20 2.20.1 From nobody Tue Apr 23 06:28:51 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1555071534; cv=none; d=zoho.com; s=zohoarc; b=V/RNyoQv23UgxuuZoGTBoDRl3T1uLiMi468KmcAxrrewNh0a7SraKB7fiUk5X4Mp/G3LykkScnv5wWmwHkFz6DWDJSybXUooONnZmYW/5ixLW0yFwpVEIQWv+d3Oiz8maKCRPoMYzw2/TYdqr3d7bj3+NSgo7/FT23cQQGfQzIA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1555071533; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=hG0pc10HHmrQg063izbe7rGTrjEgXmU9gCcxJ5w58kk=; b=eMrReLB6ikf3aP3F/7HdS0H0uLZ7a1xK865L3J911SXvmVJeN05/39ul6b/DIid0gHsr2DklS7hdF8etN75bTtt6zg2O27wJx+Dxkl4ljSGtZ40CRrXj9CId1imm57tRkjrWCCvfQ3TQAPVzCi9fKdlocLdn4JvMiL+sWQI8PKE= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 155507153399892.51104626670804; Fri, 12 Apr 2019 05:18:53 -0700 (PDT) Received: from localhost ([127.0.0.1]:35476 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hEv8s-0003sW-Vk for importer@patchew.org; Fri, 12 Apr 2019 08:18:51 -0400 Received: from eggs.gnu.org ([209.51.188.92]:36196) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hEv6l-0002he-Gd for qemu-devel@nongnu.org; Fri, 12 Apr 2019 08:16:40 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hEv6k-0004WN-JR for qemu-devel@nongnu.org; Fri, 12 Apr 2019 08:16:39 -0400 Received: from mx1.redhat.com ([209.132.183.28]:37740) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hEv6k-0004W7-Cp for qemu-devel@nongnu.org; Fri, 12 Apr 2019 08:16:38 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B016930842B5; Fri, 12 Apr 2019 12:16:37 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-27.ams2.redhat.com [10.36.112.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9E1905D9CC; Fri, 12 Apr 2019 12:16:35 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Fri, 12 Apr 2019 13:16:23 +0100 Message-Id: <20190412121626.19829-3-berrange@redhat.com> In-Reply-To: <20190412121626.19829-1-berrange@redhat.com> References: <20190412121626.19829-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Fri, 12 Apr 2019 12:16:37 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v2 2/5] linux-user: avoid string truncation warnings in elf field copying X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Riku Voipio , Laurent Vivier , Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" In file included from /usr/include/string.h:494, from include/qemu/osdep.h:101, from linux-user/elfload.c:2: In function =E2=80=98strncpy=E2=80=99, inlined from =E2=80=98fill_psinfo=E2=80=99 at linux-user/elfload.c:3208= :12, inlined from =E2=80=98fill_note_info=E2=80=99 at linux-user/elfload.c:3= 390:5, inlined from =E2=80=98elf_core_dump=E2=80=99 at linux-user/elfload.c:35= 39:9: /usr/include/bits/string_fortified.h:106:10: warning: =E2=80=98__builtin_st= rncpy=E2=80=99 specified bound 16 equals destination size [-Wstringop-trunc= ation] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__de= st)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~~~ We don't require the field to be NUL terminated, so can just copy the lower of the string length and the target field size using memcpy. Signed-off-by: Daniel P. Berrang=C3=A9 --- linux-user/elfload.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/linux-user/elfload.c b/linux-user/elfload.c index c1a26021f8..caa060f7b7 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -3180,6 +3180,7 @@ static int fill_psinfo(struct target_elf_prpsinfo *ps= info, const TaskState *ts) { char *base_filename; unsigned int i, len; + size_t pathlen; =20 (void) memset(psinfo, 0, sizeof (*psinfo)); =20 @@ -3201,12 +3202,9 @@ static int fill_psinfo(struct target_elf_prpsinfo *p= sinfo, const TaskState *ts) psinfo->pr_gid =3D getgid(); =20 base_filename =3D g_path_get_basename(ts->bprm->filename); - /* - * Using strncpy here is fine: at max-length, - * this field is not NUL-terminated. - */ - (void) strncpy(psinfo->pr_fname, base_filename, - sizeof(psinfo->pr_fname)); + pathlen =3D strlen(base_filename) + 1; + pathlen =3D MIN(pathlen, sizeof(psinfo->pr_fname)); + memcpy(psinfo->pr_fname, base_filename, pathlen); =20 g_free(base_filename); bswap_psinfo(psinfo); --=20 2.20.1 From nobody Tue Apr 23 06:28:51 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1555071719; cv=none; d=zoho.com; s=zohoarc; b=ZFSVLn2Ihx5pGug7t1wfoWfieYCxA/fgBhW83M+bnlypO/j76q9moAywSQ5j5TKPdJJuGCW4qvzygaJ53XSmjaGLXKOBHo7miVt05z/+XSwz23jqdulrs60p/NcfgnAp9bxfuudaGQ7xZ2dzTJFN/V7QDNeWrFAl9TLobhsBqxE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1555071719; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=6fqGLsS17F7dy2f8JnAkWwMHJlp9IP6pcfzUz11zLyg=; b=Vf4jrvFw8cMaLnHflleuMwSB+aCKxstAoSy17Kn1twfLIjfR0Gxt/sIbRtb44N5ypnHoCjaqfZv4y40gvMzHOG6fPstAwCF5im63qHT6MoPXQGAtnbIjhdXjmj+4tgEUv1W7gkeroMkY7+7UcPwE6MpMy0Tu185OrGJGH1vZtC8= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1555071719118142.26551680807245; Fri, 12 Apr 2019 05:21:59 -0700 (PDT) Received: from localhost ([127.0.0.1]:35539 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hEvBs-0006RN-2l for importer@patchew.org; Fri, 12 Apr 2019 08:21:56 -0400 Received: from eggs.gnu.org ([209.51.188.92]:36219) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hEv6p-0002mH-2p for qemu-devel@nongnu.org; Fri, 12 Apr 2019 08:16:44 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hEv6n-0004Yv-Vp for qemu-devel@nongnu.org; Fri, 12 Apr 2019 08:16:43 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50832) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hEv6n-0004Yg-NB for qemu-devel@nongnu.org; Fri, 12 Apr 2019 08:16:41 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 08F0B5D688; Fri, 12 Apr 2019 12:16:41 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-27.ams2.redhat.com [10.36.112.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0C5E45D9D2; Fri, 12 Apr 2019 12:16:37 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Fri, 12 Apr 2019 13:16:24 +0100 Message-Id: <20190412121626.19829-4-berrange@redhat.com> In-Reply-To: <20190412121626.19829-1-berrange@redhat.com> References: <20190412121626.19829-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 12 Apr 2019 12:16:41 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v2 3/5] sockets: avoid string truncation warnings when copying UNIX path X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Riku Voipio , Laurent Vivier , Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" In file included from /usr/include/string.h:494, from include/qemu/osdep.h:101, from util/qemu-sockets.c:18: In function =E2=80=98strncpy=E2=80=99, inlined from =E2=80=98unix_connect_saddr.isra.0=E2=80=99 at util/qemu-s= ockets.c:925:5: /usr/include/bits/string_fortified.h:106:10: warning: =E2=80=98__builtin_st= rncpy=E2=80=99 specified bound 108 equals destination size [-Wstringop-trun= cation] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__de= st)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~~~ In function =E2=80=98strncpy=E2=80=99, inlined from =E2=80=98unix_listen_saddr.isra.0=E2=80=99 at util/qemu-so= ckets.c:880:5: /usr/include/bits/string_fortified.h:106:10: warning: =E2=80=98__builtin_st= rncpy=E2=80=99 specified bound 108 equals destination size [-Wstringop-trun= cation] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__de= st)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ We are already validating the UNIX socket path length earlier in the functions. If we save this string length when we first check it, then we can simply use memcpy instead of strcpy later, avoiding the gcc truncation warnings. Signed-off-by: Daniel P. Berrang=C3=A9 --- util/qemu-sockets.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c index 9705051690..ba6335e71a 100644 --- a/util/qemu-sockets.c +++ b/util/qemu-sockets.c @@ -830,6 +830,7 @@ static int unix_listen_saddr(UnixSocketAddress *saddr, int sock, fd; char *pathbuf =3D NULL; const char *path; + size_t pathlen; =20 sock =3D qemu_socket(PF_UNIX, SOCK_STREAM, 0); if (sock < 0) { @@ -845,7 +846,8 @@ static int unix_listen_saddr(UnixSocketAddress *saddr, path =3D pathbuf =3D g_strdup_printf("%s/qemu-socket-XXXXXX", tmpd= ir); } =20 - if (strlen(path) > sizeof(un.sun_path)) { + pathlen =3D strlen(path); + if (pathlen > sizeof(un.sun_path)) { error_setg(errp, "UNIX socket path '%s' is too long", path); error_append_hint(errp, "Path must be less than %zu bytes\n", sizeof(un.sun_path)); @@ -877,7 +879,7 @@ static int unix_listen_saddr(UnixSocketAddress *saddr, =20 memset(&un, 0, sizeof(un)); un.sun_family =3D AF_UNIX; - strncpy(un.sun_path, path, sizeof(un.sun_path)); + memcpy(un.sun_path, path, pathlen); =20 if (bind(sock, (struct sockaddr*) &un, sizeof(un)) < 0) { error_setg_errno(errp, errno, "Failed to bind socket to %s", path); @@ -901,6 +903,7 @@ static int unix_connect_saddr(UnixSocketAddress *saddr,= Error **errp) { struct sockaddr_un un; int sock, rc; + size_t pathlen; =20 if (saddr->path =3D=3D NULL) { error_setg(errp, "unix connect: no path specified"); @@ -913,7 +916,8 @@ static int unix_connect_saddr(UnixSocketAddress *saddr,= Error **errp) return -1; } =20 - if (strlen(saddr->path) > sizeof(un.sun_path)) { + pathlen =3D strlen(saddr->path); + if (pathlen > sizeof(un.sun_path)) { error_setg(errp, "UNIX socket path '%s' is too long", saddr->path); error_append_hint(errp, "Path must be less than %zu bytes\n", sizeof(un.sun_path)); @@ -922,7 +926,7 @@ static int unix_connect_saddr(UnixSocketAddress *saddr,= Error **errp) =20 memset(&un, 0, sizeof(un)); un.sun_family =3D AF_UNIX; - strncpy(un.sun_path, saddr->path, sizeof(un.sun_path)); + memcpy(un.sun_path, saddr->path, pathlen); =20 /* connect to peer */ do { --=20 2.20.1 From nobody Tue Apr 23 06:28:51 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1555071546; cv=none; d=zoho.com; s=zohoarc; b=M6Y2xjodFmSuBNlYZLRHtSQSTID+gZA0HaAjAAUVZkmxy2QjLuVtS/rmMylnLrkaR0O3p7R6spNa7VgK6qHZZSK/hvlgr5esQU6BfRkKENepklE+bC+NZRomyrBc3Y45dHNsNezzbd+gbElsqKilSMAS8pJTo8WVxWsJ/ncAtYs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1555071546; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=zwa1EBTlaTrRu+AkcLad/OoHqLTIYzaIehX77+X+ZKU=; b=Cd2DwwwsDhDVBlaqz59xVGEky2Q2vwk+rA9PhaGbUqPH0J2o8aZ88Ug/5BCijKfPmdaTI2trYfY2bkvTZOrqTY8wGeAVT9V+qZa/1KWWRhr/I1Li6dDGmQDnDMQtxYCcG24i4rsp1zOaSp/5e/Y7XIx/tRChgOb3C8b0Y4j4PSM= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1555071546942199.9886911089137; Fri, 12 Apr 2019 05:19:06 -0700 (PDT) Received: from localhost ([127.0.0.1]:35478 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hEv94-00045s-R5 for importer@patchew.org; Fri, 12 Apr 2019 08:19:02 -0400 Received: from eggs.gnu.org ([209.51.188.92]:36252) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hEv6s-0002o6-Eg for qemu-devel@nongnu.org; Fri, 12 Apr 2019 08:16:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hEv6r-0004bs-Hv for qemu-devel@nongnu.org; Fri, 12 Apr 2019 08:16:46 -0400 Received: from mx1.redhat.com ([209.132.183.28]:56060) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hEv6r-0004bU-BG for qemu-devel@nongnu.org; Fri, 12 Apr 2019 08:16:45 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9F6B2308CFB5; Fri, 12 Apr 2019 12:16:44 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-27.ams2.redhat.com [10.36.112.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id 668CE5D9CC; Fri, 12 Apr 2019 12:16:41 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Fri, 12 Apr 2019 13:16:25 +0100 Message-Id: <20190412121626.19829-5-berrange@redhat.com> In-Reply-To: <20190412121626.19829-1-berrange@redhat.com> References: <20190412121626.19829-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Fri, 12 Apr 2019 12:16:44 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v2 4/5] hw/usb: avoid format truncation warning when formatting port name X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Riku Voipio , Laurent Vivier , Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" hw/usb/hcd-xhci.c: In function =E2=80=98usb_xhci_realize=E2=80=99: hw/usb/hcd-xhci.c:3339:66: warning: =E2=80=98%d=E2=80=99 directive output m= ay be truncated writing between 1 and 10 bytes into a region of size 5 [-Wf= ormat-trunca\ tion=3D] 3339 | snprintf(port->name, sizeof(port->name), "usb2 port #%d= ", i+1); | ^~ hw/usb/hcd-xhci.c:3339:54: note: directive argument in the range [1, 214748= 3647] 3339 | snprintf(port->name, sizeof(port->name), "usb2 port #%d= ", i+1); | ^~~~~~~~~~~~~~~ The xhci code formats the port name into a fixed length buffer which is only large enough to hold port numbers upto 5 digits in decimal representation. We're never going to have a port number that large, so aserting the port number is sensible is sufficient to tell GCC the formatted string won't be truncated. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/usb/hcd-xhci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c index ec28bee319..7222f9b1af 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -3336,6 +3336,7 @@ static void usb_xhci_init(XHCIState *xhci) USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL | USB_SPEED_MASK_HIGH; + assert(i < MAXPORTS); snprintf(port->name, sizeof(port->name), "usb2 port #%d", i+1); speedmask |=3D port->speedmask; } @@ -3349,6 +3350,7 @@ static void usb_xhci_init(XHCIState *xhci) } port->uport =3D &xhci->uports[i]; port->speedmask =3D USB_SPEED_MASK_SUPER; + assert(i < MAXPORTS); snprintf(port->name, sizeof(port->name), "usb3 port #%d", i+1); speedmask |=3D port->speedmask; } --=20 2.20.1 From nobody Tue Apr 23 06:28:51 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1555071896; cv=none; d=zoho.com; s=zohoarc; b=ILNQulPsOmCa1ZusVyDOxmzrVmCWpJ6TvqvH8ESzg9D91N9nOuuCO9qtqBE5UxsqHrywnBF1ldCiWu2ehjbpvSxX+qa6KwZ4Zm7P64tx1tdTClCXhDojYVNwghvAmGE4rxnF9mvhUpL5uDqD4dzlVN5z9bIexyUyt/d/ML57RqE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1555071896; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=FYHZt06aq+/xGziVH9c90PdsxG/oS/ozM8t+1eUXpFU=; b=ceJAZE0tcSiMfxTvzl58N0uHrgR3WMYFSifdBY0wWQR8cTCNy+7smHYBPRn03c5/qgsyuaKFjhtIEAu94v1yEyfe6ud3LKU5kdIKTdRFL/5atOTUPnZiTR0kpEfrczJPWJ89/s5lDbxuF0KOvY+IkGLi57MuzPb8t4cjohPPdrY= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (209.51.188.17 [209.51.188.17]) by mx.zohomail.com with SMTPS id 1555071896914837.683023484234; Fri, 12 Apr 2019 05:24:56 -0700 (PDT) Received: from localhost ([127.0.0.1]:35566 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hEvEc-0000RM-3I for importer@patchew.org; Fri, 12 Apr 2019 08:24:46 -0400 Received: from eggs.gnu.org ([209.51.188.92]:36275) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hEv6z-0002to-B3 for qemu-devel@nongnu.org; Fri, 12 Apr 2019 08:16:54 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hEv6t-0004dr-LT for qemu-devel@nongnu.org; Fri, 12 Apr 2019 08:16:53 -0400 Received: from mx1.redhat.com ([209.132.183.28]:39146) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hEv6t-0004cw-Ca for qemu-devel@nongnu.org; Fri, 12 Apr 2019 08:16:47 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B12123082EF1; Fri, 12 Apr 2019 12:16:46 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-27.ams2.redhat.com [10.36.112.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id 016F35D9CC; Fri, 12 Apr 2019 12:16:44 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Fri, 12 Apr 2019 13:16:26 +0100 Message-Id: <20190412121626.19829-6-berrange@redhat.com> In-Reply-To: <20190412121626.19829-1-berrange@redhat.com> References: <20190412121626.19829-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Fri, 12 Apr 2019 12:16:46 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v2 5/5] qxl: avoid unaligned pointer reads/writes X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Riku Voipio , Laurent Vivier , Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" The SPICE_RING_PROD_ITEM() macro is initializing a local 'uint64_t *' variable to point to the 'el' field inside the QXLReleaseRing struct. This uint64_t field is not guaranteed aligned as the struct is packed. Code should not take the address of fields within a packed struct. Changing the SPICE_RING_PROD_ITEM() macro to avoid taking the address of the field is impractical. It is clearer to just remove the macro and inline its functionality in the three call sites that need it. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/display/qxl.c | 55 +++++++++++++++++++++--------------------------- 1 file changed, 24 insertions(+), 31 deletions(-) diff --git a/hw/display/qxl.c b/hw/display/qxl.c index c8ce5781e0..5c38e6e906 100644 --- a/hw/display/qxl.c +++ b/hw/display/qxl.c @@ -33,24 +33,6 @@ =20 #include "qxl.h" =20 -/* - * NOTE: SPICE_RING_PROD_ITEM accesses memory on the pci bar and as - * such can be changed by the guest, so to avoid a guest trigerrable - * abort we just qxl_set_guest_bug and set the return to NULL. Still - * it may happen as a result of emulator bug as well. - */ -#undef SPICE_RING_PROD_ITEM -#define SPICE_RING_PROD_ITEM(qxl, r, ret) { \ - uint32_t prod =3D (r)->prod & SPICE_RING_INDEX_MASK(r); \ - if (prod >=3D ARRAY_SIZE((r)->items)) { \ - qxl_set_guest_bug(qxl, "SPICE_RING_PROD_ITEM indices mismatch = " \ - "%u >=3D %zu", prod, ARRAY_SIZE((r)->items)); \ - ret =3D NULL; \ - } else { \ - ret =3D &(r)->items[prod].el; \ - } \ - } - #undef SPICE_RING_CONS_ITEM #define SPICE_RING_CONS_ITEM(qxl, r, ret) { \ uint32_t cons =3D (r)->cons & SPICE_RING_INDEX_MASK(r); \ @@ -414,7 +396,8 @@ static void init_qxl_rom(PCIQXLDevice *d) static void init_qxl_ram(PCIQXLDevice *d) { uint8_t *buf; - uint64_t *item; + uint32_t prod; + QXLReleaseRing *ring; =20 buf =3D d->vga.vram_ptr; d->ram =3D (QXLRam *)(buf + le32_to_cpu(d->shadow_rom.ram_header_offse= t)); @@ -426,9 +409,12 @@ static void init_qxl_ram(PCIQXLDevice *d) SPICE_RING_INIT(&d->ram->cmd_ring); SPICE_RING_INIT(&d->ram->cursor_ring); SPICE_RING_INIT(&d->ram->release_ring); - SPICE_RING_PROD_ITEM(d, &d->ram->release_ring, item); - assert(item); - *item =3D 0; + + ring =3D &d->ram->release_ring; + prod =3D ring->prod & SPICE_RING_INDEX_MASK(ring); + assert(prod < ARRAY_SIZE(ring->items)); + ring->items[prod].el =3D 0; + qxl_ring_set_dirty(d); } =20 @@ -732,7 +718,7 @@ static int interface_req_cmd_notification(QXLInstance *= sin) static inline void qxl_push_free_res(PCIQXLDevice *d, int flush) { QXLReleaseRing *ring =3D &d->ram->release_ring; - uint64_t *item; + uint32_t prod; int notify; =20 #define QXL_FREE_BUNCH_SIZE 32 @@ -759,11 +745,15 @@ static inline void qxl_push_free_res(PCIQXLDevice *d,= int flush) if (notify) { qxl_send_events(d, QXL_INTERRUPT_DISPLAY); } - SPICE_RING_PROD_ITEM(d, ring, item); - if (!item) { + + ring =3D &d->ram->release_ring; + prod =3D ring->prod & SPICE_RING_INDEX_MASK(ring); + if (prod >=3D ARRAY_SIZE(ring->items)) { + qxl_set_guest_bug(d, "SPICE_RING_PROD_ITEM indices mismatch " + "%u >=3D %zu", prod, ARRAY_SIZE(ring->items)); return; } - *item =3D 0; + ring->items[prod].el =3D 0; d->num_free_res =3D 0; d->last_release =3D NULL; qxl_ring_set_dirty(d); @@ -775,7 +765,8 @@ static void interface_release_resource(QXLInstance *sin, { PCIQXLDevice *qxl =3D container_of(sin, PCIQXLDevice, ssd.qxl); QXLReleaseRing *ring; - uint64_t *item, id; + uint32_t prod; + uint64_t id; =20 if (ext.group_id =3D=3D MEMSLOT_GROUP_HOST) { /* host group -> vga mode update request */ @@ -792,16 +783,18 @@ static void interface_release_resource(QXLInstance *s= in, * pci bar 0, $command.release_info */ ring =3D &qxl->ram->release_ring; - SPICE_RING_PROD_ITEM(qxl, ring, item); - if (!item) { + prod =3D ring->prod & SPICE_RING_INDEX_MASK(ring); + if (prod >=3D ARRAY_SIZE(ring->items)) { + qxl_set_guest_bug(qxl, "SPICE_RING_PROD_ITEM indices mismatch " + "%u >=3D %zu", prod, ARRAY_SIZE(ring->items)); return; } - if (*item =3D=3D 0) { + if (ring->items[prod].el =3D=3D 0) { /* stick head into the ring */ id =3D ext.info->id; ext.info->next =3D 0; qxl_ram_set_dirty(qxl, &ext.info->next); - *item =3D id; + ring->items[prod].el =3D id; qxl_ring_set_dirty(qxl); } else { /* append item to the list */ --=20 2.20.1