| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190605125311.GE20408@kernel.org>
Date: Wed, 5 Jun 2019 09:53:11 -0300
From: Arnaldo Carvalho de Melo <arnaldo.melo@...il.com>
To: Jiri Olsa <jolsa@...hat.com>
Cc: Jiri Olsa <jolsa@...nel.org>, Ben Gainey <ben.gainey@....com>,
Stephane Eranian <eranian@...gle.com>,
lkml <linux-kernel@...r.kernel.org>,
Ingo Molnar <mingo@...nel.org>,
Namhyung Kim <namhyung@...nel.org>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Peter Zijlstra <a.p.zijlstra@...llo.nl>
Subject: Re: [PATCHv2] perf jvmti: Fix gcc string overflow warning
Em Fri, May 31, 2019 at 03:13:21PM +0200, Jiri Olsa escreveu:
> On Fri, May 31, 2019 at 09:05:30AM -0300, Arnaldo Carvalho de Melo wrote:
> > I think for these needs flipping that 'n' into a 'l' is good enough.
> ok, I forgot there's strlcpy.. v2 attached
Thanks, applied v2.
- Arnaldo
> ---
> We are getting fake gcc warning when we compile with gcc9 (9.1.1):
>
> CC jvmti/libjvmti.o
> In file included from /usr/include/string.h:494,
> from jvmti/libjvmti.c:5:
> In function ‘strncpy’,
> inlined from ‘copy_class_filename.constprop’ at jvmti/libjvmti.c:166:3:
> /usr/include/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
> 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> jvmti/libjvmti.c: In function ‘copy_class_filename.constprop’:
> jvmti/libjvmti.c:165:26: note: length computed here
> 165 | size_t file_name_len = strlen(file_name);
> | ^~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors
>
> As per Arnaldo's suggestion using strlcpy, which does
> the same thing and keeps gcc silent.
>
> Cc: Ben Gainey <ben.gainey@....com>
> Cc: Stephane Eranian <eranian@...gle.com>
> Suggested-by: Arnaldo Carvalho de Melo <acme@...hat.com>
> Link: http://lkml.kernel.org/n/tip-sve3b63c550wr907e6ui6gx5@git.kernel.org
> Signed-off-by: Jiri Olsa <jolsa@...nel.org>
> ---
> tools/perf/jvmti/libjvmti.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/tools/perf/jvmti/libjvmti.c b/tools/perf/jvmti/libjvmti.c
> index aea7b1fe85aa..c441a34cb1c0 100644
> --- a/tools/perf/jvmti/libjvmti.c
> +++ b/tools/perf/jvmti/libjvmti.c
> @@ -1,5 +1,6 @@
> // SPDX-License-Identifier: GPL-2.0
> #include <linux/compiler.h>
> +#include <linux/string.h>
> #include <sys/types.h>
> #include <stdio.h>
> #include <string.h>
> @@ -162,8 +163,7 @@ copy_class_filename(const char * class_sign, const char * file_name, char * resu
> result[i] = '\0';
> } else {
> /* fallback case */
> - size_t file_name_len = strlen(file_name);
> - strncpy(result, file_name, file_name_len < max_length ? file_name_len : max_length);
> + strlcpy(result, file_name, max_length);
> }
> }
>
> --
> 2.21.0
--
- Arnaldo
Powered by blists - more mailing lists