| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Dec 2020 23:20:18 -0500
From: "Theodore Y. Ts'o" <tytso@....edu>
To: Kang Wenlin <wenlin.kang@...driver.com>
Cc: adilger.kernel@...ger.ca, linux-ext4@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ext4: fix -Wstringop-truncation warnings
On Thu, Nov 12, 2020 at 05:33:24PM +0800, Kang Wenlin wrote:
> From: Wenlin Kang <wenlin.kang@...driver.com>
>
> The strncpy() function may create a unterminated string,
> use strscpy_pad() instead.
>
> This fixes the following warning:
>
> fs/ext4/super.c: In function '__save_error_info':
> fs/ext4/super.c:349:2: warning: 'strncpy' specified bound 32 equals destination size [-Wstringop-truncation]
> strncpy(es->s_last_error_func, func, sizeof(es->s_last_error_func));
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> fs/ext4/super.c:353:3: warning: 'strncpy' specified bound 32 equals destination size [-Wstringop-truncation]
> strncpy(es->s_first_error_func, func,
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> sizeof(es->s_first_error_func));
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
What compiler are you using? s_last_error_func is defined to not
necessarily be NUL terminated. So strscpy_pad() is not a proper
replacement for strncpy() in this use case.
>From Documentation/process/deprecated:
If a caller is using non-NUL-terminated strings, strncpy() can
still be used, but destinations should be marked with the `__nonstring
<https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html>`_
attribute to avoid future compiler warnings.
s_{first,last}_error_func is properly annotated with __nonstring in
fs/ext4/ext4.h.
- Ted
Powered by blists - more mailing lists