From: Jeff King <peff@peff.net>
To: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
Cc: Johannes Schindelin <Johannes.Schindelin@gmx.de>,
Junio C Hamano <gitster@pobox.com>,
Eric DeCosta <edecosta@mathworks.com>,
git@vger.kernel.org
Subject: Re: What's cooking in git.git (Oct 2022, #03; Mon, 10)
Date: Thu, 22 Dec 2022 12:40:12 -0500 [thread overview]
Message-ID: <Y6SWfOQrvOkLM67P@coredump.intra.peff.net> (raw)
In-Reply-To: <221222.867cyjx0d3.gmgdl@evledraar.gmail.com>
On Thu, Dec 22, 2022 at 09:58:01AM +0100, Ævar Arnfjörð Bjarmason wrote:
> > I do think it would be less noisy if we could somehow convince Coverity
> > that yes, strbuf really does NUL-terminate the result. But I haven't
> > wanted to sink time into figuring out how to annotate it.
>
> I don't have Coverity set up, but perhaps it's satisfied by the same
> thing that placeted GCC's -fanalyzers in strbuf.c:
>
> https://lore.kernel.org/git/RFC-patch-07.15-cf1a5f3ed0f-20220603T183608Z-avarab@gmail.com/
>
> I run my local build with a version of that branch, I'd still like to
> follow-up on it (and as that RFC thread shows others had some alternate
> suggestions, e.g. for this strbuf case).
I don't think that will help. The most common strbuf problem in Coverity
is "this string isn't NUL terminated". And having walked through their
step-by-step analysis, I think what is going on is that it sees that:
strbuf_addstr(&sb, "foo");
is doing:
memcpy(sb->buf, "foo", strlen(foo));
under the hood, and it says "aha, this is an anti-pattern where you
forgot to copy the NUL byte!" and creates a warning. And it ignores
completely the fact that the next line is calling strbuf_setlen() and
adding the NUL byte.
Now there may be other false positives around strbufs (like not
realizing the buffer grows), but this is the one I feel like I've seen
the most.
> I don't think it's true that a strbuf "really does NUL-terminate the
> result" the way an analyzer like -fanalyzer sees it. I.e. if you do:
>
> struct strbuf sb = { .alloc = 123 };
> strbuf_addstr(&sb, "blah");
>
> You'll segfault because the sb->buf isn't the slopbuf, nor
> '\0'-terminated, it's just NULL.
Yeah, I didn't mean to say that there can't be real problems with
strbufs. I just meant that there are many false positives where the code
is correct, but the tool doesn't realize it.
-Peff
prev parent reply other threads:[~2022-12-22 17:40 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-10 23:37 What's cooking in git.git (Oct 2022, #03; Mon, 10) Junio C Hamano
2022-10-11 0:42 ` Jeff King
2022-10-11 5:21 ` Junio C Hamano
2022-10-11 13:08 ` Jeff King
2022-12-20 23:11 ` Johannes Schindelin
2022-12-21 23:14 ` Jeff King
2022-12-22 8:58 ` Ævar Arnfjörð Bjarmason
2022-12-22 17:40 ` Jeff King [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y6SWfOQrvOkLM67P@coredump.intra.peff.net \
--to=peff@peff.net \
--cc=Johannes.Schindelin@gmx.de \
--cc=avarab@gmail.com \
--cc=edecosta@mathworks.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).