From: Max Reitz <mreitz@redhat.com>
To: "Hervé Poussineau" <hpoussin@reactos.org>, qemu-block@nongnu.org
Cc: qemu-devel@nongnu.org, Kevin Wolf <kwolf@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] block/vvfat: Fix compiler warning with gcc 7
Date: Mon, 17 Jul 2017 21:12:29 +0200 [thread overview]
Message-ID: <ce2f1e11-202b-6941-e5b5-f72cdb2824a0@redhat.com> (raw)
In-Reply-To: <c8ff1dc0-e1a1-73eb-a5d1-11ed50eff148@reactos.org>
[-- Attachment #1: Type: text/plain, Size: 2210 bytes --]
On 2017-07-17 20:40, Hervé Poussineau wrote:
> Le 17/07/2017 à 17:12, Max Reitz a écrit :
>> gcc 7 complains that the sprintf() might write a null byte beyond the
>> end of the tail buffer. That is wrong, but we can silence it by making
>> i unsigned (it can never be negative anyway, see the if condition right
>> before). For some reason, this allows gcc to suddenly accurately
>> calculate the range of i so we can give the tail[] array the exact size
>> it needs to have (which is 8 bytes) without gcc complaining.
>>
>> In addition, let us convert the sprintf() to snprintf(), because that is
>> always nicer, and add an assertion about the range of the return value
>> afterwards so we can see that "8 - len" will never be negative and thus
>> "entry->name + MIN(j, 8 - len)" will never be out of bounds.
>>
>> Signed-off-by: Max Reitz <mreitz@redhat.com>
>> ---
>> block/vvfat.c | 5 +++--
>> 1 file changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/block/vvfat.c b/block/vvfat.c
>> index 6b11596..a9e207f 100644
>> --- a/block/vvfat.c
>> +++ b/block/vvfat.c
>> @@ -549,7 +549,7 @@ static direntry_t
>> *create_short_filename(BDRVVVFATState *s,
>> const gchar *p, *last_dot = NULL;
>> gunichar c;
>> bool lossy_conversion = false;
>> - char tail[11];
>> + char tail[8];
>>
>> if (!entry) {
>> return NULL;
>> @@ -614,7 +614,8 @@ static direntry_t
>> *create_short_filename(BDRVVVFATState *s,
>> for (i = lossy_conversion ? 1 : 0; i < 999999; i++) {
>> direntry_t *entry1;
>> if (i > 0) {
>> - int len = sprintf(tail, "~%d", i);
>> + int len = snprintf(tail, sizeof(tail), "~%u", (unsigned)i);
>> + assert(len <= 7);
>
> As i is on minimum between 0 or 1 and on maximum equal at 999999, does
> it work if you change the type of i from int to unsigned int?
> That way, you probably won't need the cast to unsigned in the s(n)printf.
Hm... It works in a way, but then gcc likes to think tail[] needs to be
9 bytes long (for whatever reason). So... It works in a sense, but not
quite as well.
So I'm not quite sure which way is better. :-)
Max
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 498 bytes --]
prev parent reply other threads:[~2017-07-17 19:12 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-17 15:12 [Qemu-devel] [PATCH] block/vvfat: Fix compiler warning with gcc 7 Max Reitz
2017-07-17 15:22 ` Eric Blake
2017-07-17 15:57 ` Kevin Wolf
2017-07-17 18:40 ` Hervé Poussineau
2017-07-17 19:12 ` Max Reitz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ce2f1e11-202b-6941-e5b5-f72cdb2824a0@redhat.com \
--to=mreitz@redhat.com \
--cc=hpoussin@reactos.org \
--cc=kwolf@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).