From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 108938 invoked by alias); 21 Nov 2017 23:41:33 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Received: (qmail 108922 invoked by uid 89); 21 Nov 2017 23:41:32 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,KB_WAM_FROM_NAME_SINGLEWORD,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2 spammy= X-HELO: mail-ot0-f194.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=D5JJLBXtkpZEbm4eZpmfQNSmcFOS8AyBBQaRdIuOR1U=; b=dgVUn5hTAzeFqp/rygxioGsePxaWN2wdgVK0uanK6o4LryZG2rgMIbdCozUx2cAtme IG/3NOYlmj3IHFE2x38L2IcCOiWY9pPuW1Tb4AqDh2gM5iqUCzBeqSCBdvLHkBejworE ZYTZmjMWlD6p4WY3GIxMXPC5elWUjMzLFLw00sQcaHRPZiiOub2De7wfBX5ZzF+oInJv 7Mq/ghTfsWN11PDTKWscSa7Y4Bdk974etWVz1+H1CzXP1fxllxYz9cqs6LTFVqY4n72Z o1gSnOPX/InX/itZdRMluvvoXIwsgxVuOZR8paI4CX+GDAu89yRXXt0n/mNe0psSdJUF 1Y+Q== X-Gm-Message-State: AJaThX7vfRV3IuLTMsrLDHIis0U6gLMlzksgEeSEv5HzpNm5ytZVceeN gPLUdFfmy9HDRtZPnwQplarlaA== X-Google-Smtp-Source: AGs4zMYXH0HLts0YCtk0vVBsEkch0raUJ2cmrSl2Lb0a/BdC341Y9SQFJTCqgY6FNGi/kTQhyXOkbQ== X-Received: by 10.157.1.170 with SMTP id e39mr12666159ote.322.1511307689335; Tue, 21 Nov 2017 15:41:29 -0800 (PST) Subject: Re: nonstrings in Glibc To: Carlos O'Donell , GNU C Library References: <797b60f7-1bd0-2b05-c25b-385ea3b04e68@redhat.com> From: Martin Sebor Message-ID: <2d1095ea-a158-f3ff-2cc4-006dea8387e6@gmail.com> Date: Tue, 21 Nov 2017 23:41:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <797b60f7-1bd0-2b05-c25b-385ea3b04e68@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-SW-Source: 2017-11/txt/msg00774.txt.bz2 On 11/20/2017 11:20 AM, Carlos O'Donell wrote: > On 11/20/2017 08:54 AM, Martin Sebor wrote: >> I'm done testing my update to the -Wstringop-truncation GCC patch >> to find misuses of non-string arrays. With the very limited use >> of attribute nonstring it only found one potential bug (22447). >> I've been looking at other uses of strncpy in Glibc to see if there >> are other arrays that would benefit from the attribute. I'm not >> sufficiently familiar with Glibc data structures so it's a very >> slow going. Could someone help suggests data structures with >> array members that might be candidates? > > struct sockaddr's sun_path? > > http://thread.gmane.org/gmane.comp.standards.posix.austin.general/5735 > > Is that what you need help finding? Yes, that's what I'm looking for, thanks! From the referenced thread it sounds like POSIX doesn't require sun_path to be nul-terminated and BSD UNIX doesn't terminate it. But I'm not sure what happens on Linux. According to Michael Kerrisk's response it sounds like it is nul-terminated, but then according to the longer discussion on linux.kernel.api it sounds like it isn't. Which is it? If it's not guaranteed to be nul-terminated then the following suggests the code in clntunix_create might be unsafe: clnt_unix.c: In function ‘clntunix_create’: clnt_unix.c:137:13: warning: ‘strlen’ argument 1 declared attribute ‘nonstring’ [-Wstringop-overflow=] len = strlen (raddr->sun_path) + sizeof (raddr->sun_family) + 1; ^~~~~~~~~~~~~~~~~~~~~~~~ Martin