Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:olh:xen-4.5
xen
xen.850e89b3ef1a7be6b71fa7ae22333c884e08431a.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xen.850e89b3ef1a7be6b71fa7ae22333c884e08431a.patch of Package xen
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= <marmarek@invisiblethingslab.com> Date: Thu, 5 Apr 2018 03:50:52 +0200 Subject: 850e89b3ef1a7be6b71fa7ae22333c884e08431a MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit tools/blktap2: fix possible '\0' truncation gcc-8 complains: tapdisk-vbd.c: In function 'tapdisk_vbd_resume_ring': tapdisk-vbd.c:1671:53: error: 'snprintf' output may be truncated before the last format character [-Werror=format-truncation=] snprintf(params.name, sizeof(params.name) - 1, "%s", message); ^ tapdisk-vbd.c:1671:3: note: 'snprintf' output between 1 and 256 bytes into a destination of size 255 snprintf(params.name, sizeof(params.name) - 1, "%s", message); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The "- 1" in buffer size should be actually applied to message, to leave place for terminating '\0', not the other way around (truncate '\0' even if it would fit). In function 'tapdisk_control_open_image', inlined from 'tapdisk_control_handle_request' at tapdisk-control.c:660:10: tapdisk-control.c:465:2: error: 'strncpy' specified bound 256 equals destination size [-Werror=stringop-truncation] strncpy(params.name, vbd->name, BLKTAP2_MAX_MESSAGE_LEN); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function 'tapdisk_control_create_socket', inlined from 'tapdisk_control_open' at tapdisk-control.c:836:9: tapdisk-control.c:793:2: error: 'strncpy' specified bound 108 equals destination size [-Werror=stringop-truncation] strncpy(saddr.sun_path, td_control.path, sizeof(saddr.sun_path)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ block-qcow.c: In function 'qcow_create': block-qcow.c:1216:5: error: 'strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation] strncpy(backing_filename, backing_file, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sizeof(backing_filename)); ~~~~~~~~~~~~~~~~~~~~~~~~~ I those cases, reduce size of copied string and make sure final '\0' is added. Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Release-Acked-by: Juergen Gross <jgross@suse.com> --- tools/blktap2/drivers/block-qcow.c | 3 ++- tools/blktap2/drivers/tapdisk-control.c | 5 +++-- tools/blktap2/drivers/tapdisk-vbd.c | 3 ++- 3 files changed, 7 insertions(+), 4 deletions(-) --- a/tools/blktap2/drivers/block-qcow.c +++ b/tools/blktap2/drivers/block-qcow.c @@ -1205,25 +1205,26 @@ int qcow_create(const char *filename, uint64_t total_size, header_size = sizeof(header) + sizeof(QCowHeader_ext); backing_filename_len = 0; size = (total_size >> SECTOR_SHIFT); if (backing_file) { if (strcmp(backing_file, "fat:")) { const char *p; /* XXX: this is a hack: we do not attempt to *check for URL like syntax */ p = strchr(backing_file, ':'); if (p && (p - backing_file) >= 2) { /* URL like but exclude "c:" like filenames */ strncpy(backing_filename, backing_file, - sizeof(backing_filename)); + sizeof(backing_filename) - 1); + backing_filename[sizeof(backing_filename) - 1] = '\0'; } else { if (realpath(backing_file, backing_filename) == NULL || stat(backing_filename, &st) != 0) { return -1; } } header.backing_file_offset = cpu_to_be64(header_size); backing_filename_len = strlen(backing_filename); header.backing_file_size = cpu_to_be32( backing_filename_len); header_size += backing_filename_len; --- a/tools/blktap2/drivers/tapdisk-control.c +++ b/tools/blktap2/drivers/tapdisk-control.c @@ -453,25 +453,26 @@ tapdisk_control_open_image(struct tapdisk_control_connection *connection, goto out; err = tapdisk_vbd_open_stack(vbd, request->u.params.storage, flags); if (err) goto out; err = tapdisk_vbd_get_image_info(vbd, &image); if (err) goto fail_close; params.capacity = image.size; params.sector_size = image.secsize; - strncpy(params.name, vbd->name, BLKTAP2_MAX_MESSAGE_LEN); + strncpy(params.name, vbd->name, BLKTAP2_MAX_MESSAGE_LEN - 1); + params.name[BLKTAP2_MAX_MESSAGE_LEN - 1] = '\0'; err = ioctl(vbd->ring.fd, BLKTAP2_IOCTL_CREATE_DEVICE, ¶ms); if (err && errno != EEXIST) { err = -errno; EPRINTF("create device failed: %d\n", err); goto fail_close; } err = 0; out: memset(&response, 0, sizeof(response)); @@ -781,25 +782,25 @@ tapdisk_control_create_socket(char **socket_path) EPRINTF("failed to unlink %s: %d\n", td_control.path, errno); goto fail; } td_control.socket = socket(AF_UNIX, SOCK_STREAM, 0); if (td_control.socket == -1) { err = errno; EPRINTF("failed to create control socket: %d\n", err); goto fail; } memset(&saddr, 0, sizeof(saddr)); - strncpy(saddr.sun_path, td_control.path, sizeof(saddr.sun_path)); + strncpy(saddr.sun_path, td_control.path, sizeof(saddr.sun_path) - 1); saddr.sun_family = AF_UNIX; err = bind(td_control.socket, (const struct sockaddr *)&saddr, sizeof(saddr)); if (err == -1) { err = errno; EPRINTF("failed to bind to %s: %d\n", saddr.sun_path, err); goto fail; } err = listen(td_control.socket, 10); if (err == -1) { --- a/tools/blktap2/drivers/tapdisk-vbd.c +++ b/tools/blktap2/drivers/tapdisk-vbd.c @@ -1659,25 +1659,26 @@ tapdisk_vbd_resume_ring(td_vbd_t *vbd) } out: if (!err) { image_t image; struct blktap2_params params; memset(¶ms, 0, sizeof(params)); tapdisk_vbd_get_image_info(vbd, &image); params.sector_size = image.secsize; params.capacity = image.size; - snprintf(params.name, sizeof(params.name) - 1, "%s", message); + snprintf(params.name, sizeof(params.name), + "%.*s", (int)sizeof(params.name) - 1, message); ioctl(vbd->ring.fd, BLKTAP2_IOCTL_SET_PARAMS, ¶ms); td_flag_clear(vbd->state, TD_VBD_PAUSED); } ioctl(vbd->ring.fd, BLKTAP2_IOCTL_RESUME, err); return err; } static int tapdisk_vbd_check_ring_message(td_vbd_t *vbd) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
