On 4/30/19 3:25 PM, Eric Blake wrote: > On 4/30/19 3:08 PM, Alistair Francis wrote: >> Fix this warning when building with GCC9 on Fedora 30: >> In function ‘strncpy’, >> inlined from ‘unix_connect_saddr.isra.0’ at util/qemu-sockets.c:925:5: >> /usr/include/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ >> specified bound 108 equals destination size [-Werror=stringop-truncation] >> 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos >> (__dest)); >> | >> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> In function ‘strncpy’, >> inlined from ‘unix_listen_saddr.isra.0’ at util/qemu-sockets.c:880:5: >>
>> - strncpy(un.sun_path, path, sizeof(un.sun_path)); >> + strncpy(un.sun_path, path, sizeof(un.sun_path) - 1); > > NACK. Linux allows you to use the full width of un.sun_path (a NUL > terminator is required if you copy less than that, but not if you use > the full width). Rather, we may need to mark path as a potential > nonstring to silence the warning, or use memcpy instead of strncpy, or > some other workaround. (Sadly, this is one of those odd places where > strncpy is actually the right function to use, but there are so many > other places where strncpy is used incorrectly that it has turned into a > battle to use it here) We don't have control over un (that's from the libc system headers), but does adding the QEMU_NONSTRING attribute to our declaration of path serve to silence the warning? In short, I think most of this series should look at the use of the QEMU_NONSTRING macro, as that macro goes hand-in-hand with strncpy() for informing the compiler exactly when we know that we are copying something that has fixed length and may or may not be NUL-terminated. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature
