Re: [PATCH 2/3] string: provide strscpy() and strscpy_truncate()
From: Chris Metcalf
Date: Thu May 07 2015 - 11:11:39 EST
On 05/07/2015 05:00 AM, Dan Carpenter wrote:
On Wed, May 06, 2015 at 06:45:56PM +0200, Geert Uytterhoeven wrote:
On Wed, May 6, 2015 at 5:59 PM, Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
We actually do have a __must_check tag so it's easy enough to force
people to check. A different option is we could make it trigger a
People tend to ignore compiler warnings...
We're doing a lot better these days with zero day build testing. There
is not even one ignored __must_check return in my allmodconfig.
If we keep the strscpy/strscpy_truncate distinction, I agree that having
__must_check on strscpy seems like a good idea.
WARN_ONCE().
#define strXcpy(dest, src, len) (({ \
ssize_t __ret = strscpy_truncate(dest, src, len); \
WARN_ONCE(__ret < 0, "strXcpy trancates\n"); \
__ret; }))
Which will probably trigger only in extreme cases in the wild, not during
development.
It's less subtle than just putting an empty string there so we're more
likely to get bug reports than with the original code.
The problem with WARN_ONCE() here is that we may be using strscpy()
to take user input of some kind. If so, we don't want to warn if we
are truncating the string - we just want to return a suitable error up
the call stack.
--
Chris Metcalf, EZChip Semiconductor
http://www.ezchip.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/