From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 101792 invoked by alias); 25 Mar 2019 19:45:37 -0000 Mailing-List: contact gcc-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-owner@gcc.gnu.org Received: (qmail 101664 invoked by uid 89); 25 Mar 2019 19:45:29 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00,SPF_HELO_PASS autolearn=ham version=3.3.1 spammy=grand, H*i:sk:975ea13, H*f:sk:975ea13 X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 25 Mar 2019 19:45:27 +0000 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 59307307D8BE; Mon, 25 Mar 2019 19:45:26 +0000 (UTC) Received: from localhost.localdomain (ovpn-112-72.rdu2.redhat.com [10.10.112.72]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6752B842B2; Mon, 25 Mar 2019 19:45:25 +0000 (UTC) Subject: Re: Warning in gcc/libiberty/dyn-string.c during build To: Martin Sebor , nick , GCC Development References: <975ea136-c15b-c93b-9e0d-927a2ffa2844@gmail.com> From: Jeff Law Openpgp: preference=signencrypt Message-ID: Date: Mon, 25 Mar 2019 19:45:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: <975ea136-c15b-c93b-9e0d-927a2ffa2844@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-IsSubscribed: yes X-SW-Source: 2019-03/txt/msg00201.txt.bz2 On 3/25/19 10:39 AM, Martin Sebor wrote: > On 3/23/19 9:49 PM, nick wrote: >> Greetings all, >> I just got this in my build output: >> ar: `u' modifier ignored since `D' is the default (see `U') >> configure: WARNING: cannot check for properly working vsnprintf when >> cross compiling, will assume it's ok >> ../../gcc/libiberty/dyn-string.c: In function ‘dyn_string_insert_cstr’: >>   ../../gcc/libiberty/dyn-string.c:280:3: warning: ‘strncpy’ output >> truncated before terminating nul copying as many bytes from a string >> as its length [-Wstringop-truncation] >>   strncpy (dest->s + pos, src, length); >> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>   ../../gcc/libiberty/dyn-string.c:272:16: note: length computed here >> 272 |   int length = strlen (src); >> |                ^~~~~~~~~~~~ >>   ../../gcc/libiberty/dyn-string.c: In function ‘dyn_string_insert_cstr’: >> \ ../../gcc/libiberty/dyn-string.c:280:3: warning: ‘strncpy’ output >> truncated before terminating nul copying as many bytes from a string >> as its length [-Wstringop-truncation] >> 280 |   strncpy (dest->s + pos, src, length); >> |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>   ../../gcc/libiberty/dyn-string.c:272:16: note: length computed here >> 272 |   int length = strlen (src); >> |                ^~~~~~~~~~~~ >> >> I've already looked through git blame and it seems this code was last >> touched in 2000. That warning seems >> to be  new to gcc 8 after a little research so is this a rather old >> bug that was not found and very >> subtle or is this a mislabel. Seems to be a mislabel to me but I'm new >> to the code base so just thought >> I would ask. > > The warning detects strncpy calls that create unterminated string > copies.  That can happen for example when the function is misused > by specifying a bound that's equal to the length of the source, > as in: > >   void f (char *d, const char *s) >   { >     int n = strlen (s); >     strncpy (d, s, n); >   } > > But the warning is far from perfect and it cannot distinguish > all the incorrect misuses from the benign ones.  For instance, > it triggers in the case below even though the copy is nul > terminated: > >   void g (char *d, const char *s) >   { >     int n = strlen (s); >     d[n] = 0; >     strncpy (d, s, n); >   } The dynamic case is painful :-) > In dyn_string_insert_cstr(), although the strnlen call itself > doesn't nul-terminate the copy (and so the warning isn't strictly > incorrect), the loop before the call does make sure the copy is > nul-terminated (similarly to function g above), and so the result > is a valid nul-terminated string. This reminds me a bit of some of the failure to eliminate dead stores problems that are in BZ as well as some of the uninit issues for memory references that's been rattling around in my head. It's also related to SRA. Richi has stated (and I tend to agree) there's a goodly amount of common analysis that can probably be shared across these problems. I don't know if there's a grand unifying analysis that will tackle all of this, but it certainly feels like there's at least something worth exploring in this space. Jeff