This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: nonstrings in Glibc
On 11/20/2017 11:41 AM, Florian Weimer wrote:
On 11/20/2017 07:20 PM, Carlos O'Donell wrote:
On 11/20/2017 08:54 AM, Martin Sebor wrote:
I'm done testing my update to the -Wstringop-truncation GCC patch
to find misuses of non-string arrays. With the very limited use
of attribute nonstring it only found one potential bug (22447).
I've been looking at other uses of strncpy in Glibc to see if there
are other arrays that would benefit from the attribute. I'm not
sufficiently familiar with Glibc data structures so it's a very
slow going. Could someone help suggests data structures with
array members that might be candidates?
struct sockaddr's sun_path?
> http://thread.gmane.org/gmane.comp.standards.posix.austin.general/5735
Please include some context in case the link target goes away.
This discussion was about the flexible array member nature of sun_path.
Another complication is the overloading of the member with the abstract
namespace (leading NUL byte).
For the variable length member, d_name in struct dirent is another
example. For struct dirent and struct dirent_64, all uses which rely on
a fixed size of the d_name member should probably result in warnings.
I see two struct dirent in my Glibc build on x86_64: one in
bits/dirent.h and another in sysdeps/unix/sysv/linux/bits/dirent.h.
AFAICT, the first one is the one that's installed and the second
one is used internally within Glibc. Did I get that right? Should
one of these be annotated with attribute nonstring? (POSIX requires
d_name to be nul-terminated and there are assumptions in Glibc that
rely on it being so, such as the _D_EXACT_NAMLEN() macro, that
trigger the non-string warning if I annotate the latter.)
Also, what exactly do you mean by "uses which rely on a fixed size
of the d_name member?" Something attribute nonstring could help
with or something else/some other warning?
Thanks
Martin