From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id A5D62A04BC; Fri, 9 Oct 2020 12:49:55 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 7FB671D173; Fri, 9 Oct 2020 12:49:54 +0200 (CEST) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id AFEA21C227 for ; Fri, 9 Oct 2020 12:49:51 +0200 (CEST) IronPort-SDR: /ll57mQGe1wvPEL5bh/ATt2qMgWDX1kc9P9Zpky34Li57dSfGWt5HC5RJG/Uip2vN71t3RRcc7 7D408IGe/a4Q== X-IronPort-AV: E=McAfee;i="6000,8403,9768"; a="162831934" X-IronPort-AV: E=Sophos;i="5.77,354,1596524400"; d="scan'208";a="162831934" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Oct 2020 03:49:49 -0700 IronPort-SDR: 1w6+e4kutkcgTIoY5jku3UiYUrt0s4XN0Rly2Ju18BFhISEYKMb8ld75567q7IqFAmYh2Fxq0t l9aQs/SEEmWg== X-IronPort-AV: E=Sophos;i="5.77,354,1596524400"; d="scan'208";a="462149492" Received: from bricha3-mobl.ger.corp.intel.com ([10.213.3.76]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA; 09 Oct 2020 03:49:47 -0700 Date: Fri, 9 Oct 2020 11:49:42 +0100 From: Bruce Richardson To: =?iso-8859-1?Q?Ga=EBtan?= Rivet Cc: Ferruh Yigit , Olivier Matz , Ciara Loftus , dev@dpdk.org Message-ID: <20201009104942.GB1474@bricha3-MOBL.ger.corp.intel.com> References: <20201007090137.5121-1-ciara.loftus@intel.com> <20201007095131.GQ21395@platinum> <20201007102638.GB680@bricha3-MOBL.ger.corp.intel.com> <20201007102812.GC680@bricha3-MOBL.ger.corp.intel.com> <20201009103630.jicsmryvgsxc72bl@u256.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20201009103630.jicsmryvgsxc72bl@u256.net> Subject: Re: [dpdk-dev] [PATCH] net/af_xdp: use snprintf instead of strncpy X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On Fri, Oct 09, 2020 at 12:36:30PM +0200, Gaëtan Rivet wrote: > On 07/10/20 12:45 +0100, Ferruh Yigit wrote: > > On 10/7/2020 11:28 AM, Bruce Richardson wrote: > > > On Wed, Oct 07, 2020 at 11:26:38AM +0100, Bruce Richardson wrote: > > > > On Wed, Oct 07, 2020 at 11:51:31AM +0200, Olivier Matz wrote: > > > > > On Wed, Oct 07, 2020 at 10:40:32AM +0100, Ferruh Yigit wrote: > > > > > > On 10/7/2020 10:01 AM, Ciara Loftus wrote: > > > > > > > strncpy may leave the destination buffer not NULL terminated so use > > > > > > > snprintf instead. > > > > > > > > > > > > What do you think using 'strlcpy'? > > > > > > > > > > Or even better, rte_strscpy() > > > > > https://git.dpdk.org/dpdk/commit/?id=b0236c7cf761 > > > > > > > > > I think this is largely a matter of preference, and unless there is a good > > > > reason not to, I tend towards strlcpy as the older and more common (till > > > > now) interface. The main thing is just to use a function that will > > > > guarantee dest is null-terminated here, and both strlcpy and strscpy meet > > > > that criteria. > > > > > > > I'd also add that strlcpy is more likely to be recognised by tools like > > > coverity, compared to rte_strscpy which is DPDK-specific. > > > > > > > +1 to 'strlcpy' > > Using strlcpy will be more recognized by static analyzer indeed. > > But strscpy API is better: > > * It helps checking string truncation by making it easier: > > if (strlcpy(dst, src, dstsize) >= dstsize) > /* Dev + reviewer needs to think about using >= and not >, dstsize is > * repeated so either dst is an array or it needs a dedicated variable. > * Deal with truncation. > */ > > if (rte_strscpy(dst, src, dstsize) < 0) > /* deal with truncation. */ > > * It is safer when dealing with unknown data source. strlcpy will always > read all of src, because the API (uselessly) defines the return value > to strlen(src). > > Having yet another string copy function is contentious, but we can avoid > using worse API to please tools. > > And detecting string truncation *is* helpful. String are used as IDs in > DPDK for some objects. Using strlcpy / snprintf at least protects from > buffer overflow, which is a bare minimum. A good implementation would > also warn the user about a config error / memory corruption happening > sooner. > > In any case, sure to fix a sanity check strlcpy / snprintf will work. > Yes. My main issue with strscpy right now is that it's got to be a DPDK-specific function, since AFAIK it's defined in no standard C library, just in the Linux kernel. If we get strscpy added to e.g. glibc, then we can see about starting to use it - letting meson do the work of detect if it's present and allowing us to define a fallback only in case it's not (i.e. as is done with strlcpy).