This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: nonstrings in Glibc
On 11/20/2017 11:20 AM, Carlos O'Donell wrote:
On 11/20/2017 08:54 AM, Martin Sebor wrote:
I'm done testing my update to the -Wstringop-truncation GCC patch
to find misuses of non-string arrays. With the very limited use
of attribute nonstring it only found one potential bug (22447).
I've been looking at other uses of strncpy in Glibc to see if there
are other arrays that would benefit from the attribute. I'm not
sufficiently familiar with Glibc data structures so it's a very
slow going. Could someone help suggests data structures with
array members that might be candidates?
struct sockaddr's sun_path?
http://thread.gmane.org/gmane.comp.standards.posix.austin.general/5735
Is that what you need help finding?
Yes, that's what I'm looking for, thanks!
From the referenced thread it sounds like POSIX doesn't require
sun_path to be nul-terminated and BSD UNIX doesn't terminate it.
But I'm not sure what happens on Linux. According to Michael
Kerrisk's response it sounds like it is nul-terminated, but
then according to the longer discussion on linux.kernel.api
it sounds like it isn't. Which is it?
If it's not guaranteed to be nul-terminated then the following
suggests the code in clntunix_create might be unsafe:
clnt_unix.c: In function ‘clntunix_create’:
clnt_unix.c:137:13: warning: ‘strlen’ argument 1 declared attribute
‘nonstring’ [-Wstringop-overflow=]
len = strlen (raddr->sun_path) + sizeof (raddr->sun_family) + 1;
^~~~~~~~~~~~~~~~~~~~~~~~
Martin