DPDK patches and discussions
 help / color / mirror / Atom feed
From: Stephen Hemminger <stephen@networkplumber.org>
To: "Wiles, Keith" <keith.wiles@intel.com>
Cc: "Richardson, Bruce" <bruce.richardson@intel.com>,
	"dev@dpdk.org" <dev@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH 0/5] clean up snprintf use for string copying
Date: Wed, 3 Apr 2019 08:27:14 -0700	[thread overview]
Message-ID: <20190403082714.377f372a@shemminger-XPS-13-9360> (raw)
In-Reply-To: <5F7D9EB2-AD8D-475B-852C-D8B25475F25C@intel.com>

On Wed, 3 Apr 2019 14:57:49 +0000
"Wiles, Keith" <keith.wiles@intel.com> wrote:

> > On Apr 3, 2019, at 9:45 AM, Bruce Richardson <bruce.richardson@intel.com> wrote:
> > 
> > There are quite a few instances remaining in DPDK where snprintf is being
> > used for string copying. These were not being picked up by our existing
> > coccinelle script, but that can be fixed by editing the script and running
> > it against our code. In the process a bug was found and fixed in the
> > bonding pmd, where we were incorrectly specifiying the buffer length
> > parameter to snprintf.
> > 
> > The actual replacement was done in two phases - first replacing all
> > instances where only the snprintf line in question needed changing, then
> > fixing the other instances where we also needed to add in the header
> > include. [Using two stages allowed the header addition to be automated too,
> > since we had a list of files where every one needed the header inclusion]
> > 
> > 
> > Bruce Richardson (5):
> >  net/bonding: fix buffer length when printing strings
> >  devtools/cocci: make strlcpy replacement smarter
> >  devtools/cocci: create safer version of strlcpy script
> >  replace snprintf with strlcpy without adding extra include
> >  replace snprintf with strlcpy
> >   
> 
> Should we not be testing the return values from strlcpy and snprintf, which means we need to create a macro or inline function. We could use a macro and only enable with DEBUG support if we think performance or code size if a problem.
> 
> I am surprised none of the tools are catching these types of problems.
> 
> Not to make Bruce do that change for this patch, but we need to look at it for a later patch IMO.
> 
> Regards,
> Keith
> 

In a lot of cases the error checking should be earlier in the input path.
Detecting overflow late in making a string is unhelpful.  But rejecting
input where the name is too long to start with is safer and better.

It is one of those cases where static checkers tell you there is a
problem but the right solution is farther back in the code, not just
right where the error is reported.

  parent reply	other threads:[~2019-04-03 15:27 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-03 14:45 Bruce Richardson
2019-04-03 14:45 ` Bruce Richardson
2019-04-03 14:45 ` [dpdk-dev] [PATCH 1/5] net/bonding: fix buffer length when printing strings Bruce Richardson
2019-04-03 14:45   ` Bruce Richardson
2019-04-03 15:47   ` Stephen Hemminger
2019-04-03 15:47     ` Stephen Hemminger
2019-04-03 15:51     ` Bruce Richardson
2019-04-03 15:51       ` Bruce Richardson
2019-04-03 15:53       ` Stephen Hemminger
2019-04-03 15:53         ` Stephen Hemminger
2019-04-03 14:45 ` [dpdk-dev] [PATCH 2/5] devtools/cocci: make strlcpy replacement smarter Bruce Richardson
2019-04-03 14:45   ` Bruce Richardson
2019-04-03 14:45 ` [dpdk-dev] [PATCH 3/5] devtools/cocci: create safer version of strlcpy script Bruce Richardson
2019-04-03 14:45   ` Bruce Richardson
2019-04-03 14:45 ` [dpdk-dev] [PATCH 4/5] replace snprintf with strlcpy without adding extra include Bruce Richardson
2019-04-03 14:45   ` Bruce Richardson
2019-04-03 15:51   ` Stephen Hemminger
2019-04-03 15:51     ` Stephen Hemminger
2019-04-03 15:56     ` Bruce Richardson
2019-04-03 15:56       ` Bruce Richardson
2019-04-04 18:05       ` Thomas Monjalon
2019-04-04 18:05         ` Thomas Monjalon
2019-04-03 14:45 ` [dpdk-dev] [PATCH 5/5] replace snprintf with strlcpy Bruce Richardson
2019-04-03 14:45   ` Bruce Richardson
2019-04-03 14:57 ` [dpdk-dev] [PATCH 0/5] clean up snprintf use for string copying Wiles, Keith
2019-04-03 14:57   ` Wiles, Keith
2019-04-03 15:13   ` Bruce Richardson
2019-04-03 15:13     ` Bruce Richardson
2019-04-03 15:27   ` Stephen Hemminger [this message]
2019-04-03 15:27     ` Stephen Hemminger
2019-04-04 20:11 ` Thomas Monjalon
2019-04-04 20:11   ` Thomas Monjalon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190403082714.377f372a@shemminger-XPS-13-9360 \
    --to=stephen@networkplumber.org \
    --cc=bruce.richardson@intel.com \
    --cc=dev@dpdk.org \
    --cc=keith.wiles@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).