From: David Marchand <david.marchand@redhat.com>
To: Marat Khalili <marat.khalili@huawei.com>
Cc: "dev@dpdk.org" <dev@dpdk.org>,
"stable@dpdk.org" <stable@dpdk.org>,
Bruce Richardson <bruce.richardson@intel.com>,
Tyler Retzlaff <roretzla@linux.microsoft.com>,
Timothy Redaelli <tredaelli@redhat.com>,
Maxime Coquelin <maxime.coquelin@redhat.com>
Subject: Re: [PATCH v2 04/10] eal: fix plugin dir walk
Date: Thu, 3 Jul 2025 16:27:53 +0200 [thread overview]
Message-ID: <CAJFAV8x296rJBOr+5YXjLPvZRRhiVsoUyCXhUHVSshvnAkNmHw@mail.gmail.com> (raw)
In-Reply-To: <dc88c2152e8e4cfbb55c91d99655661d@huawei.com>
On Wed, Jun 25, 2025 at 10:43 AM Marat Khalili <marat.khalili@huawei.com> wrote:
>
> Thank you for doing this.
>
> > +static bool
> > +ends_with(const char *str, size_t str_len, const char *tail)
>
> I too think we should have a general ends_with, I for one had to code one just this week. However, I do not think it should support non-null-terminated strings.
>
> > +{
> > + size_t tail_len = strlen(tail);
> > +
> > + return str_len >= tail_len && strncmp(&str[str_len - tail_len], tail,
> > tail_len) == 0;
> > +}
>
> Note that when str is not null-terminated and both str_len and tail_len are zeroes &str[str_len - tail_len] will dereference one character after the end before taking a reference to it again, which would be a UB. (Won't happen in your case of course since your tail is always non-empty, but may happen if this function is moved into a general-use library.)
As a generic helper, it would be worth to make it more robust.
Though here, as a fix, I would avoid adding a helper so the backport
can be done without adding a new API.
>
> > @@ -417,13 +425,12 @@ eal_plugindir_init(const char *path)
> > }
> >
> > while ((dent = readdir(d)) != NULL) {
> > + size_t nlen = strnlen(dent->d_name, sizeof(dent->d_name));
> > struct stat sb;
> > - int nlen = strnlen(dent->d_name, sizeof(dent->d_name));
> >
> > /* check if name ends in .so or .so.ABI_VERSION */
> > - if (strcmp(&dent->d_name[nlen - 3], ".so") != 0 &&
> > - strcmp(&dent->d_name[nlen - 4 - strlen(ABI_VERSION)],
> > - ".so."ABI_VERSION) != 0)
> > + if (!ends_with(dent->d_name, nlen, ".so") &&
> > + !ends_with(dent->d_name, nlen, ".so."ABI_VERSION))
> > continue;
>
> I do not think we should try to handle the non-null-terminated dent->d_name case here, I'd just delete nlen and everything related to it. To be super-defensive we could add a check that `memchr(dent->d_name, 0, sizeof(dent->d_name)) != NULL`, but I don't think it's needed.
>
Mm, good point.
I did not reevaluate this part of the code, but it is indeed odd
trying to protect against a non null terminated dent->d_name here.
https://pubs.opengroup.org/onlinepubs/007904875/basedefs/dirent.h.html
"""
The character array d_name is of unspecified size, but the number of
bytes preceding the terminating null byte shall not exceed {NAME_MAX}.
"""
I'll rework this local helper so it assumes null terminated strings.
--
David Marchand
next prev parent reply other threads:[~2025-07-03 14:28 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-19 7:10 [PATCH 00/10] Run with UBSan in GHA David Marchand
2025-06-19 7:10 ` [PATCH 01/10] ci: save ccache on failure David Marchand
2025-06-25 12:16 ` Aaron Conole
2025-06-19 7:10 ` [PATCH 02/10] test/telemetry: fix test calling all commands David Marchand
2025-06-20 9:16 ` Bruce Richardson
2025-06-23 9:54 ` David Marchand
2025-06-19 7:10 ` [PATCH 03/10] test/mempool: fix test without stack driver David Marchand
2025-06-20 8:54 ` Andrew Rybchenko
2025-06-19 7:10 ` [PATCH 04/10] eal: fix plugin dir walk David Marchand
2025-06-20 9:19 ` Bruce Richardson
2025-06-23 9:41 ` David Marchand
2025-06-19 7:10 ` [PATCH 05/10] cmdline: fix port list parsing David Marchand
2025-06-20 9:58 ` Bruce Richardson
2025-06-23 9:40 ` David Marchand
2025-06-23 10:41 ` Bruce Richardson
2025-06-19 7:10 ` [PATCH 06/10] cmdline: fix highest bit " David Marchand
2025-06-20 9:21 ` Bruce Richardson
2025-06-23 9:32 ` David Marchand
2025-06-19 7:10 ` [PATCH 07/10] tailq: fix cast macro for null pointer David Marchand
2025-06-20 9:23 ` Bruce Richardson
2025-06-19 7:10 ` [PATCH 08/10] hash: fix unaligned access in predictable RSS David Marchand
2025-06-19 7:10 ` [PATCH 09/10] stack: fix unaligned accesses on 128-bit David Marchand
2025-06-19 7:10 ` [PATCH 10/10] build: support Undefined Behavior Sanitizer David Marchand
2025-06-25 12:17 ` Aaron Conole
2025-06-23 13:52 ` [PATCH v2 00/10] Run with UBSan in GHA David Marchand
2025-06-23 13:52 ` [PATCH v2 01/10] ci: save ccache on failure David Marchand
2025-06-23 13:52 ` [PATCH v2 02/10] test/telemetry: fix test calling all commands David Marchand
2025-06-24 15:59 ` Marat Khalili
2025-06-26 8:32 ` David Marchand
2025-06-26 9:51 ` Marat Khalili
2025-07-03 14:09 ` David Marchand
2025-07-03 15:08 ` Marat Khalili
2025-06-23 13:52 ` [PATCH v2 03/10] test/mempool: fix test without stack driver David Marchand
2025-06-24 16:21 ` Marat Khalili
2025-06-23 13:52 ` [PATCH v2 04/10] eal: fix plugin dir walk David Marchand
2025-06-25 8:43 ` Marat Khalili
2025-07-03 14:27 ` David Marchand [this message]
2025-06-23 13:52 ` [PATCH v2 05/10] cmdline: fix port list parsing David Marchand
2025-06-23 14:00 ` Bruce Richardson
2025-06-26 9:32 ` Marat Khalili
2025-06-23 13:52 ` [PATCH v2 06/10] cmdline: fix highest bit " David Marchand
2025-06-30 15:25 ` Marat Khalili
2025-06-23 13:52 ` [PATCH v2 07/10] tailq: fix cast macro for null pointer David Marchand
2025-06-30 16:06 ` Marat Khalili
2025-06-23 13:52 ` [PATCH v2 08/10] hash: fix unaligned access in predictable RSS David Marchand
2025-06-30 15:32 ` Bruce Richardson
2025-07-01 8:36 ` Konstantin Ananyev
2025-06-23 13:52 ` [PATCH v2 09/10] stack: fix unaligned accesses on 128-bit David Marchand
2025-06-30 15:33 ` Bruce Richardson
2025-06-23 13:52 ` [PATCH v2 10/10] build: support Undefined Behavior Sanitizer David Marchand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAJFAV8x296rJBOr+5YXjLPvZRRhiVsoUyCXhUHVSshvnAkNmHw@mail.gmail.com \
--to=david.marchand@redhat.com \
--cc=bruce.richardson@intel.com \
--cc=dev@dpdk.org \
--cc=marat.khalili@huawei.com \
--cc=maxime.coquelin@redhat.com \
--cc=roretzla@linux.microsoft.com \
--cc=stable@dpdk.org \
--cc=tredaelli@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).