From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NXYR5-0006Qm-Lb
	for qemu-devel@nongnu.org; Wed, 20 Jan 2010 06:09:19 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1NXYR0-0006N5-Az
	for qemu-devel@nongnu.org; Wed, 20 Jan 2010 06:09:18 -0500
Received: from [199.232.76.173] (port=47654 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NXYR0-0006Mr-2s
	for qemu-devel@nongnu.org; Wed, 20 Jan 2010 06:09:14 -0500
Received: from mail-ew0-f228.google.com ([209.85.219.228]:59220)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <kirill@shutemov.name>) id 1NXYQz-0001hb-7h
	for qemu-devel@nongnu.org; Wed, 20 Jan 2010 06:09:13 -0500
Received: by ewy28 with SMTP id 28so5862700ewy.17
	for <qemu-devel@nongnu.org>; Wed, 20 Jan 2010 03:09:11 -0800 (PST)
MIME-Version: 1.0
In-Reply-To: <20100120103324.GA17856@redhat.com>
References: <cover.1263944807.git.quintela@redhat.com>
	<85e877202ec86dac15d392f5e88d5b5d76e3b02f.1263944807.git.quintela@redhat.com>
	<cc557aab1001192219g423baff2ncf905a33c9a1d56a@mail.gmail.com>
	<20100120103324.GA17856@redhat.com>
Date: Wed, 20 Jan 2010 13:09:11 +0200
Message-ID: <cc557aab1001200309l738f5aefsdf7da77b25e6e416@mail.gmail.com>
Subject: Re: [Qemu-devel] Re: [PATCH 07/17] block/vvfat.c: fix warnings with
	_FORTIFY_SOURCE
From: "Kirill A. Shutemov" <kirill@shutemov.name>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: qemu-devel@nongnu.org, Juan Quintela <quintela@redhat.com>

On Wed, Jan 20, 2010 at 12:33 PM, Daniel P. Berrange
<berrange@redhat.com> wrote:
> On Wed, Jan 20, 2010 at 08:19:26AM +0200, Kirill A. Shutemov wrote:
>> On Wed, Jan 20, 2010 at 1:56 AM, Juan Quintela <quintela@redhat.com> wro=
te:
>> > From: Kirill A. Shutemov <kirill@shutemov.name>
>> >
>> > CC =C2=A0 =C2=A0block/vvfat.o
>> > cc1: warnings being treated as errors
>> > block/vvfat.c: In function 'commit_one_file':
>> > block/vvfat.c:2259: error: ignoring return value of 'ftruncate', decla=
red with attribute warn_unused_result
>> > make: *** [block/vvfat.o] Error 1
>> > =C2=A0CC =C2=A0 =C2=A0block/vvfat.o
>> > In file included from /usr/include/stdio.h:912,
>> > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 from ./qemu-co=
mmon.h:19,
>> > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 from block/vvf=
at.c:27:
>> > In function 'snprintf',
>> > =C2=A0 =C2=A0inlined from 'init_directories' at block/vvfat.c:871,
>> > =C2=A0 =C2=A0inlined from 'vvfat_open' at block/vvfat.c:1068:
>> > /usr/include/bits/stdio2.h:65: error: call to __builtin___snprintf_chk=
 will always overflow destination buffer
>> > make: *** [block/vvfat.o] Error 1
>> >
>> > Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
>> > Signed-off-by: Juan Quintela <quintela@redhat.com>
>> > ---
>> > =C2=A0block/vvfat.c | =C2=A0 =C2=A09 +++++++--
>> > =C2=A01 files changed, 7 insertions(+), 2 deletions(-)
>> >
>> > diff --git a/block/vvfat.c b/block/vvfat.c
>> > index 063f731..df957e5 100644
>> > --- a/block/vvfat.c
>> > +++ b/block/vvfat.c
>> > @@ -868,7 +868,8 @@ static int init_directories(BDRVVVFATState* s,
>> > =C2=A0 =C2=A0 {
>> > =C2=A0 =C2=A0 =C2=A0 =C2=A0direntry_t* entry=3Darray_get_next(&(s->dir=
ectory));
>> > =C2=A0 =C2=A0 =C2=A0 =C2=A0entry->attributes=3D0x28; /* archive | volu=
me label */
>> > - =C2=A0 =C2=A0 =C2=A0 snprintf((char*)entry->name,11,"QEMU VVFAT");
>> > + =C2=A0 =C2=A0 =C2=A0 memcpy(entry->name,"QEMU VVF",8);
>> > + =C2=A0 =C2=A0 =C2=A0 memcpy(entry->extension,"AT ",3);
>> > =C2=A0 =C2=A0 }
>>
>> Better to use
>>
>> memcpy(entry->name, "QEMU VVFAT", 11);
>>
>> memcpy() doesn't check bounds.
>
> It doesn't *currently* check bounds.

No. memcpy() will never check bounds. It's totaly different from strcpy,
http://gcc.gnu.org/ml/gcc-patches/2009-06/msg00419.html

> If we want to explicitly
> fill 2 fields at once, then we should redeclare this to have a
> union with one part comprising the entire buffer, thus avoiding
> the need for delibrate buffer overruns.
>
> Regards,
> Daniel
> --
> |: Red Hat, Engineering, London =C2=A0 -o- =C2=A0 http://people.redhat.co=
m/berrange/ :|
> |: http://libvirt.org =C2=A0-o- =C2=A0http://virt-manager.org =C2=A0-o- =
=C2=A0http://ovirt.org :|
> |: http://autobuild.org =C2=A0 =C2=A0 =C2=A0 -o- =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 http://search.cpan.org/~danberr/ :|
> |: GnuPG: 7D3B9505 =C2=A0-o- =C2=A0F3C9 553F A1DA 4AC2 5648 23C1 B3DF F74=
2 7D3B 9505 :|
>