From: "Hervé Poussineau" <hpoussin@reactos.org>
To: Max Reitz <mreitz@redhat.com>, qemu-block@nongnu.org
Cc: qemu-devel@nongnu.org, Kevin Wolf <kwolf@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] block/vvfat: Fix compiler warning with gcc 7
Date: Mon, 17 Jul 2017 20:40:15 +0200 [thread overview]
Message-ID: <c8ff1dc0-e1a1-73eb-a5d1-11ed50eff148@reactos.org> (raw)
In-Reply-To: <20170717151207.24919-1-mreitz@redhat.com>
Le 17/07/2017 à 17:12, Max Reitz a écrit :
> gcc 7 complains that the sprintf() might write a null byte beyond the
> end of the tail buffer. That is wrong, but we can silence it by making
> i unsigned (it can never be negative anyway, see the if condition right
> before). For some reason, this allows gcc to suddenly accurately
> calculate the range of i so we can give the tail[] array the exact size
> it needs to have (which is 8 bytes) without gcc complaining.
>
> In addition, let us convert the sprintf() to snprintf(), because that is
> always nicer, and add an assertion about the range of the return value
> afterwards so we can see that "8 - len" will never be negative and thus
> "entry->name + MIN(j, 8 - len)" will never be out of bounds.
>
> Signed-off-by: Max Reitz <mreitz@redhat.com>
> ---
> block/vvfat.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/block/vvfat.c b/block/vvfat.c
> index 6b11596..a9e207f 100644
> --- a/block/vvfat.c
> +++ b/block/vvfat.c
> @@ -549,7 +549,7 @@ static direntry_t *create_short_filename(BDRVVVFATState *s,
> const gchar *p, *last_dot = NULL;
> gunichar c;
> bool lossy_conversion = false;
> - char tail[11];
> + char tail[8];
>
> if (!entry) {
> return NULL;
> @@ -614,7 +614,8 @@ static direntry_t *create_short_filename(BDRVVVFATState *s,
> for (i = lossy_conversion ? 1 : 0; i < 999999; i++) {
> direntry_t *entry1;
> if (i > 0) {
> - int len = sprintf(tail, "~%d", i);
> + int len = snprintf(tail, sizeof(tail), "~%u", (unsigned)i);
> + assert(len <= 7);
As i is on minimum between 0 or 1 and on maximum equal at 999999, does it work if you change the type of i from int to unsigned int?
That way, you probably won't need the cast to unsigned in the s(n)printf.
> memcpy(entry->name + MIN(j, 8 - len), tail, len);
> }
> for (entry1 = array_get(&(s->directory), directory_start);
>
next prev parent reply other threads:[~2017-07-17 18:41 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-17 15:12 [Qemu-devel] [PATCH] block/vvfat: Fix compiler warning with gcc 7 Max Reitz
2017-07-17 15:22 ` Eric Blake
2017-07-17 15:57 ` Kevin Wolf
2017-07-17 18:40 ` Hervé Poussineau [this message]
2017-07-17 19:12 ` Max Reitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c8ff1dc0-e1a1-73eb-a5d1-11ed50eff148@reactos.org \
--to=hpoussin@reactos.org \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).