-Werror=stringop-*#1401
Conversation
b5d9a4e to
42d22a9
Compare
42d22a9 to
6afa1de
Compare
|
The opensuse CI is consistently failing, but it seems to be a spurious error. |
6afa1de to
54a9b2f
Compare
54a9b2f to
5284b68
Compare
|
Cc: @kees |
b881eee to
692bb72
Compare
692bb72 to
52dee45
Compare
kees
left a comment
There was a problem hiding this comment.
Hm, I never like to see tests removed unless an API has been removed with a compile-time check for its accidental reintroduction. Has strncpy been completely removed from this codebase? Perhaps add:
#define strncpy(...) static_assert(false, "Never use strncpy")
or something like?
No, we do actually use strncpy(3) through its wrapper strncpy_a(); it's a function I actually like (for a niche use case). The reason for removing that test is not that we don't use it, but that GCC has false positives. See this GCC report (from me): https://gcc.gnu.org/bugzilla/show_bug.cgi?id=122963 That report is about strncat(3), but strncpy(3) has a similar false positive. |
|
Also, I'm not too worried about the tests, because the implementation is so trivial that the tests are overkill. #define strncpy_a(dst, src) strncpy(dst, src, countof(dst))We added the tests back when the API was significantly more complex, IIRC. |
52dee45 to
b848f9f
Compare
b848f9f to
f1d1e2c
Compare
f1d1e2c to
cc60b93
Compare
hallyn
left a comment
There was a problem hiding this comment.
Sounds reasonable. I trust your judgement on this.
|
Oh phoey - pls ping me when you resolve the conflict :) (or reply and I'll do it) |
cc60b93 to
801b1ca
Compare
Solved (in v2e); thanks! |
We can't enable -Wstringop-overread because it has bogus diagnostics with legitimate strncat(3) calls. We can't enable -Wstringop-truncation because it has bogus diagnostics with legitimate strncpy(3) calls. Link: <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=123024> Reviewed-by: Serge Hallyn <serge@hallyn.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
It's just the obvious thin wrapper around strncpy(3); let's trust it's ok. The reason for removing this test is that GCC has bogus diagnostics for strncpy(3). Its diagnostics are geared towards helping people that abuse strncpy(3) as a poor-man's strlcpy(3) not write exploitable code as easily. Using strncpy(3) for that purpose is brain damaged, and those programs should be audited to stop using this API for that. And most importantly, GCC should stop encouraging writing bad code that calls strncpy(3) as that results in diagnostics that are actively harmful for us, legitimate users of strncpy(3). Those false positives should certainly be out of -Wall. We could fill the tests with pragmas, but let's just remove the tests. I don't feel like maintaining code for ignoring GCC's brain bamage. If people want to write a function for truncating strings (because they can't rely on strlcpy(3) being available, or because they don't like it), they certainly should write such an API. strncpy(3) isn't that API. strncpy(3) is a function that takes a string and writes it into a utmpx(5) member, which is NOT a string. (And I heard it might also be useful for implementing tar(1), which also uses non-terminated character arrays, but I never looked at that code.) Link: <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=122963> Reviewed-by: Serge Hallyn <serge@hallyn.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
801b1ca to
d12f08c
Compare
|
Awesome, thanks. |
Enable some errors
Revisions:
v1b
v1c
v1d
v1e
v2
v2b
v2c
v2d
v2e
v2f