From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 59C263858438 for ; Mon, 9 Jan 2023 16:40:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 59C263858438 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1673282405; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KsSrtFFYLGM3wQfn8c0y9Vrzhy4kfQn3QIdI5uHEORg=; b=btkck/zXPkNWOlPV+Y4KpVB/9NWDs7RNN12Dxo9M4oAfwIILBGrzKSaQiZmZbb5HsY+RMC D/c6dm0hJ5IHwybhyAY9FGCl3PXyQ8vHjUIE5V1DF5aI9gQvz5JocjiEOsjHMeh0sAN1BF ordzo89m/UM4d5z47A1UL1VnnizBfZM= Received: from mail-io1-f71.google.com (mail-io1-f71.google.com [209.85.166.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-629-0LUIIX8EPeKRp_P0nPFl5Q-1; Mon, 09 Jan 2023 11:40:04 -0500 X-MC-Unique: 0LUIIX8EPeKRp_P0nPFl5Q-1 Received: by mail-io1-f71.google.com with SMTP id h11-20020a6b7a0b000000b006e0004fc167so5183756iom.5 for ; Mon, 09 Jan 2023 08:40:04 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:organization:from:references :to:content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=KsSrtFFYLGM3wQfn8c0y9Vrzhy4kfQn3QIdI5uHEORg=; b=MQO1mY+515q5Xd635MWfVXPaSOHneDAHine8U+bqjvjpAfQ9cPAbcQJQHXzeUMrvV9 YTyxxZdRTg3IYEYWQdqGUCDlVbwt8tFZmOnIsDHCQ+e9AVQGDFJnrubAim1zBwCmz31+ fHGZQRArtn3bHJQ9YlzPoEjwLA7m45ZZuubxCOH3lCM5Z22DEWm3t0No9Uc4Dru8VJOr 6y5P3YrSvjibqfjolgFu8dRhGUJT4dPASQFvjNzg1o0IORO1TWgJ6yLyys70D2YZuMze +ER/tyXroVQ0C6Fycff4Nixo85YRuWZn3XSji1hOqHrxuSedDnrM6zWNvnCcQabDmFU6 SS5A== X-Gm-Message-State: AFqh2kpCed/Y+P5SDxb31oZ2WkbM4cU6mfZ3lAsbK6fjxNjTeEHPMsPj XFegQygOzvqtL/bkfG1zVFsZERsmi61oxqVzBToHvQ2PHtoBo6LBIqWo0BQHMk4irw+ocoUy4kA 1a30BPYvwECcBv5jGkFzR X-Received: by 2002:a6b:8e97:0:b0:6e0:11bf:599e with SMTP id q145-20020a6b8e97000000b006e011bf599emr56286429iod.0.1673282403675; Mon, 09 Jan 2023 08:40:03 -0800 (PST) X-Google-Smtp-Source: AMrXdXvv3T7RwQG7bVPIWPEF9C/8llGCCkMVB+1/dVUu/2dYQJ5BttEc0EAzpzXm3aWi3AoUTIVnzA== X-Received: by 2002:a6b:8e97:0:b0:6e0:11bf:599e with SMTP id q145-20020a6b8e97000000b006e011bf599emr56286418iod.0.1673282403447; Mon, 09 Jan 2023 08:40:03 -0800 (PST) Received: from [192.168.0.241] (192-0-145-146.cpe.teksavvy.com. [192.0.145.146]) by smtp.gmail.com with ESMTPSA id g12-20020a05660226cc00b006ddb3b698ffsm3374794ioo.23.2023.01.09.08.40.02 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 09 Jan 2023 08:40:02 -0800 (PST) Message-ID: Date: Mon, 9 Jan 2023 11:40:01 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.1 Subject: Re: [PATCH 1/4] locale: Use correct buffer size for utf8_sequence_error [BZ #19444] To: Adhemerval Zanella , libc-alpha@sourceware.org References: <20221229125802.2715435-1-adhemerval.zanella@linaro.org> <20221229125802.2715435-2-adhemerval.zanella@linaro.org> From: Carlos O'Donell Organization: Red Hat In-Reply-To: <20221229125802.2715435-2-adhemerval.zanella@linaro.org> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-12.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 12/29/22 07:57, Adhemerval Zanella via Libc-alpha wrote: > The buffer used by snprintf might not be large enough for all possible > inputs, as indicated by gcc with -O1: > > ../locale/programs/linereader.c: In function ‘utf8_sequence_error’: > ../locale/programs/linereader.c:713:58: error: ‘%02x’ directive output > may be truncated writing between 2 and 8 bytes into a region of size > between 1 and 13 [-Werror=format-truncation=] > 713 | snprintf (buf, sizeof (buf), "0x%02x 0x%02x 0x%02x 0x%02x", > | ^~~~ > ../locale/programs/linereader.c:713:34: note: directive argument in the > range [0, 2147483647] > 713 | snprintf (buf, sizeof (buf), "0x%02x 0x%02x 0x%02x 0x%02x", > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ../locale/programs/linereader.c:713:5: note: ‘snprintf’ output between > 20 and 38 bytes into a destination of size 30 > 713 | snprintf (buf, sizeof (buf), "0x%02x 0x%02x 0x%02x 0x%02x", > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > 714 | ch1, ch2, ch3, ch4); > | ~~~~~~~~~~~~~~~~~~~ > > Checked on x86_64-linux-gnu. LGTM. Took me a minute to work out the 38 bytes value though. Reviewed-by: Carlos O'Donell > --- > locale/programs/linereader.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/locale/programs/linereader.c b/locale/programs/linereader.c > index 0460074a0c..794f25a6e4 100644 > --- a/locale/programs/linereader.c > +++ b/locale/programs/linereader.c > @@ -701,7 +701,7 @@ static bool > utf8_sequence_error (struct linereader *lr, uint8_t ch1, int ch2, int ch3, > int ch4) > { > - char buf[30]; > + char buf[38]; OK. "0x7f 0x7fffffff 0x7fffffff 0x7fffffff\0" = 4 + 1 + 10 + 1 + 10 + 1 + 10 + 1 = 38 bytes including null terminator. I expect that at -O2 that VRP can see the values propagated from utf8_decode and determine the buffer will be smaller by a lot given the range checks. The ch2, ch3, and ch4 values shall not exceed 0xff in all cases since they are all distinct bytes in the UTF-8 sequence. I expect that the worst case is actually "0xff 0xff 0xff 0xff\0" or 20 bytes, but if the checks in utf8_decode are changed then the worst case could be 38 bytes. > > if (ch2 < 0) > snprintf (buf, sizeof (buf), "0x%02x", ch1); -- Cheers, Carlos.