Received: by 10.213.65.68 with SMTP id h4csp440175imn; Tue, 13 Mar 2018 09:07:00 -0700 (PDT) X-Google-Smtp-Source: AG47ELv83PdWFlaun2GV7QS7JUgWQFlYfWyu+9Fk7pUdzVNxV49H43GCGVdsRddLW9V/06xsYIcs X-Received: by 10.98.68.154 with SMTP id m26mr1073494pfi.171.1520957220405; Tue, 13 Mar 2018 09:07:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520957220; cv=none; d=google.com; s=arc-20160816; b=TbU1/wiejM5Di+p1KaEcyliasfcqVGawjPx8jhtYReA7xPbBelE/QhyuIbsdzjEXJP nf/4qkl4n2V/fE+AtKmlNiCyJz73/Iga288jniN4QczKTc+rQWT+MgtVCp3bP8DCcjGE CzNkgqydVMVfIjoI1dTg01qiqjzdiHTUHOyvINCIuCVTJvcKyDt7FMFIeT/Who3Ll7VF FumvVLTtqRWC0D8swlrS4EiDScUR2emGRUKbaS7wzdBTIsUSaMeSJUYLndqnyIML42fk VuqMoN6XVp4/V5QFbBSQYqbh/8I5cXeqlG4kDiDvS4L+iB6rpxEwBk2qxWY0WEdCdZ/F sM3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:cc:references:to :subject:dkim-signature:arc-authentication-results; bh=SmNHL9y0uMZWHIp9AMVH4zDltirLs0V3lUqe2CcbP3U=; b=isZC3zdZleSa+MT9Cjr+urvDaSKa9YQVfcVm83cGEz2ciwXZmVEqcPycl7XKGXfbhd FuNtmrpdoWgSwkqJvXjUFIM1Dr+B34h0PybtQHBvd7BxYEQatv8PbIlxJLwL6H3hmKam 3GkHNYGWNAEhmYL8jyYg0F6tVBKQq34sk+fhaU5gdeMRtd9SkOB2Qo5VpciLw7v9EOOI z1lUPlz0uIWPsy8RCm+UdiUDV9Stj97CKszhSzCzG4Uy/F9BwHeGTa2T713l3OelkHvx oELPIjcaimsfrY7QHTf8hE9fJoZR5fRytxXhaeVuP2voqWpNE0VUNyFusnWt8u1vY7YU EKzg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=UR7rNllw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j17si275295pga.495.2018.03.13.09.06.45; Tue, 13 Mar 2018 09:07:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=UR7rNllw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934562AbeCMQEh (ORCPT + 99 others); Tue, 13 Mar 2018 12:04:37 -0400 Received: from mail-ot0-f195.google.com ([74.125.82.195]:34876 "EHLO mail-ot0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933249AbeCMQEd (ORCPT ); Tue, 13 Mar 2018 12:04:33 -0400 Received: by mail-ot0-f195.google.com with SMTP id r30-v6so138638otr.2 for ; Tue, 13 Mar 2018 09:04:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=SmNHL9y0uMZWHIp9AMVH4zDltirLs0V3lUqe2CcbP3U=; b=UR7rNllwgSikB1t/LI1YCrrstGql6QyBgSUqqfFBgOQFo44XPuB0ahbM8uyehJNbFp KiyzlnuX47rOGvbJxZDKwojnvSxxrQAcOPF7CiCb6GIK9i3rkgD4J0Iw1KSs7U/Cd+UQ /R0RDaYQlDzM44heyJXLdFPOAgCQhvNAPLFyu3N4Zso3UNhZuTGi/LHWuuzMwWFSuD/d YhNpiWE4TM/rRwHgVco8stIHP6ZRuCr7Nh9SosXdOtSLd4BPGGHQySZAqqWoVkBhkOf1 1lPWwITQ1LFU9kfUz3t9ub7YT/FdEqi0Zw+6uumTvsnS+bRBeDJ6ieWzdoC0b/jDG2z9 HYqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=SmNHL9y0uMZWHIp9AMVH4zDltirLs0V3lUqe2CcbP3U=; b=O8MNo8vNC3ERltm9CFywck2MU0TnhpX8q9Tvmh8zO9nxtmSe4ADI6FFC1Y6ailXp8U alQi7QQnuzMr6PMEpXvGr1wzJtPJxeAnEqaqkCZKCkZS6MKjDRBr6ncz44IOzvkhWh8l 6tPNEUHQFcEhHoAUcJnxSwviQtKW98KVXBsA6UxBNtr8UtucWEQOcGt3pJ3ql89Zx54h p4226PjKySv/WqZsY1OnBQS5FAzXbyu1g0Htyx7RhtJGDNXjq9sshrreWJ5+fJBD1JKz T2lzqiUVPzqd2FtDeG9RGGOIFizwz0P3fa+QpbiSreW8+kWrtp6xywIwjGzq5PodKTN/ yj9g== X-Gm-Message-State: AElRT7GI3XGUAhWC8gJfGoqjiqgX9A3bJ0RW+t1JVELxGksdD2gLb79Z zu9iLXRz9LsCTqzKdwlDNCoPaG9P X-Received: by 10.157.27.131 with SMTP id z3mr781084otd.285.1520957072156; Tue, 13 Mar 2018 09:04:32 -0700 (PDT) Received: from localhost.localdomain (71-218-18-146.hlrn.qwest.net. [71.218.18.146]) by smtp.gmail.com with ESMTPSA id b124sm250664oif.28.2018.03.13.09.04.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 09:04:30 -0700 (PDT) Subject: Re: [PATCH] test_rhashtable: avoid gcc-8 -Wformat-overflow warning To: Arnd Bergmann , "David S. Miller" , Herbert Xu , Paul Blakey References: <20180313132155.203220-1-arnd@arndb.de> Cc: Martin Sebor , Florian Westphal , Phil Sutter , Tom Herbert , linux-kernel@vger.kernel.org From: Martin Sebor Message-ID: <6d9fb37d-7dd7-596d-42dd-bd0d6580bd43@gmail.com> Date: Tue, 13 Mar 2018 10:04:29 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20180313132155.203220-1-arnd@arndb.de> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/13/2018 07:21 AM, Arnd Bergmann wrote: > gcc-8 warns about a code pattern that is used in the newly added > test_rhashtable code: > > lib/test_rhashtable.c: In function 'print_ht': > lib/test_rhashtable.c:511:21: error: ' > bucket[' directive writing 8 bytes into a region of size between 1 and 512 [-Werror=format-overflow=] > sprintf(buff, "%s\nbucket[%d] -> ", buff, i); > ^~~~~~~~~ > lib/test_rhashtable.c:511:4: note: 'sprintf' output between 15 and 536 bytes into a destination of size 512 > sprintf(buff, "%s\nbucket[%d] -> ", buff, i); > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > The problem here is using the same fixed-length buffer as input and output > of snprintf(), which for an unbounded loop has an actual potential to > overflow the buffer. The '512' byte length was apparently chosen to > be "long enough" to prevent that in practice, but without any specific > guarantees of being the smallest safe size. > > I can see three possible ways to avoid this warning: > > - rewrite the code to use pointer arithmetic to forward the buffer, > rather than copying the buffer itself. This is a more conventional > use of sprintf(), and it avoids the warning, but is not any more > safe than the original code. > - Rewrite the function in a safe way that avoids both the potential > overflow and the warning. > - Ask the gcc developers to not warn for this pattern if we consider > the warning to be inappropriate. A couple of other approaches that may be worth considering are to either a) use a precision in the %s directive to constrain the number of characters to copy (e.g., %.490s") or b) call snprintf() instead and use the returned value to handle the possible truncation. For GCC 9 we'd like to integrate the warning with the strlen pass that tracks string lengths. That should add another mechanism for suppressing the warning: add an assertion before the sprintf call bounding the string length. Martin > This patch implements the first of the above, as an illustration of > the problem, and the simplest workaround. > > Fixes: 499ac3b60f65 ("test_rhashtable: add test case for rhltable with duplicate objects") > Cc: Martin Sebor > Signed-off-by: Arnd Bergmann > --- > My patch is untested, please try it out before applying. > --- > lib/test_rhashtable.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git a/lib/test_rhashtable.c b/lib/test_rhashtable.c > index f4000c137dbe..a0f4fb03d2de 100644 > --- a/lib/test_rhashtable.c > +++ b/lib/test_rhashtable.c > @@ -496,6 +496,7 @@ static unsigned int __init print_ht(struct rhltable *rhlt) > struct rhashtable *ht; > const struct bucket_table *tbl; > char buff[512] = ""; > + char *buffp = buff; > unsigned int i, cnt = 0; > > ht = &rhlt->ht; > @@ -508,18 +509,18 @@ static unsigned int __init print_ht(struct rhltable *rhlt) > next = !rht_is_a_nulls(pos) ? rht_dereference(pos->next, ht) : NULL; > > if (!rht_is_a_nulls(pos)) { > - sprintf(buff, "%s\nbucket[%d] -> ", buff, i); > + buffp += sprintf(buffp, "\nbucket[%d] -> ", i); > } > > while (!rht_is_a_nulls(pos)) { > struct rhlist_head *list = container_of(pos, struct rhlist_head, rhead); > - sprintf(buff, "%s[[", buff); > + buffp += sprintf(buffp, "[["); > do { > pos = &list->rhead; > list = rht_dereference(list->next, ht); > p = rht_obj(ht, pos); > > - sprintf(buff, "%s val %d (tid=%d)%s", buff, p->value.id, p->value.tid, > + buffp += sprintf(buffp, "val %d (tid=%d)%s", p->value.id, p->value.tid, > list? ", " : " "); > cnt++; > } while (list); > @@ -528,7 +529,7 @@ static unsigned int __init print_ht(struct rhltable *rhlt) > next = !rht_is_a_nulls(pos) ? > rht_dereference(pos->next, ht) : NULL; > > - sprintf(buff, "%s]]%s", buff, !rht_is_a_nulls(pos) ? " -> " : ""); > + buffp += sprintf(buffp, "]]%s", !rht_is_a_nulls(pos) ? " -> " : ""); > } > } > printk(KERN_ERR "\n---- ht: ----%s\n-------------\n", buff); >