[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-rt-users
Subject:    Re: [PATCH rt-tests v1 v1 1/4] pmqtest: Increase buffer to avoid overflow
From:       John Kacur <jkacur () redhat ! com>
Date:       2019-08-23 15:15:58
Message-ID: alpine.LFD.2.21.1908231709170.7154 () planxty
[Download RAW message or body]


On Mon, 19 Aug 2019, Daniel Wagner wrote:

> Increase the size of the char buffer. gcc 9.1.1 reports:
> 
> src/pmqtest/pmqtest.c: In function ‘main':
> src/pmqtest/pmqtest.c:46:21: warning: ‘%d' directive writing between 1 and 10 \
> bytes into a region of size 8 [-Wformat-overflow=] 46 | #define SYNCMQ_NAME \
> "/syncmsg%d" |                     ^~~~~~~~~~~~
> 
> src/pmqtest/pmqtest.c:445:3: note: ‘sprintf' output between 10 and 19 bytes into \
> a destination of size 16 445 |   sprintf(mqname, SYNCMQ_NAME, i);
> > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> Signed-off-by: Daniel Wagner <wagi@monom.org>
> ---
> src/pmqtest/pmqtest.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/src/pmqtest/pmqtest.c b/src/pmqtest/pmqtest.c
> index a04fc49872bf..3ce799bd6319 100644
> --- a/src/pmqtest/pmqtest.c
> +++ b/src/pmqtest/pmqtest.c
> @@ -440,7 +440,7 @@ int main(int argc, char *argv[])
> 		goto nomem;
> 
> 	for (i = 0; i < num_threads; i++) {
> -		char mqname[16];
> +		char mqname[19];
> 
> 		sprintf(mqname, SYNCMQ_NAME, i);
> 		receiver[i].syncmq = mq_open(mqname, oflag, 0777, &mqstat);
> @@ -567,7 +567,7 @@ int main(int argc, char *argv[])
> 	}
> 	nanosleep(&maindelay, NULL);
> 	for (i = 0; i < num_threads; i++) {
> -		char mqname[16];
> +		char mqname[19];
> 
> 		mq_close(receiver[i].syncmq);
> 		sprintf(mqname, SYNCMQ_NAME, i);
> -- 
> 2.21.0
> 

I don't love the use of "magic numbers". Also the compiler considers the 
signed integers to be −2147483648 to 2147483647 so including the sign that 
is potentially up to 11 chars, plus our string is "/syncmsg" is 8 chars
so that's where the 19 comes from. However we are using the int to 
represent threads, so we know we can't have a negative number. However 
sprintf also adds '\n' which brings us back to 19 again anyway.

This is better than what we have, so 

Signed-off-by: John Kacur <jkacur@redhat.com>



[prev in list] [next in list] [prev in thread] [next in thread]