RE: [PATCH V2 5/5] Tools: hv: kvp: Fix a warning of buffer overflow with gcc 8.0.1
From: David Laight
Date: Thu Oct 18 2018 - 11:08:40 EST
From: Dan Carpenter
> Sent: 18 October 2018 07:33
>
> On Thu, Oct 18, 2018 at 05:09:32AM +0000, kys@xxxxxxxxxxxxxxxxx wrote:
> > From: Dexuan Cui <decui@xxxxxxxxxxxxx>
> >
> > The patch fixes:
> >
> > hv_kvp_daemon.c: In function 'kvp_set_ip_info':
> > hv_kvp_daemon.c:1305:2: note: 'snprintf' output between 41 and 4136 bytes
> > into a destination of size 4096
> >
> > The "(unsigned int)str_len" is to avoid:
> >
> > hv_kvp_daemon.c:1309:30: warning: comparison of integer expressions of
> > different signedness: 'int' and 'long unsigned int' [-Wsign-compare]
I usually use 'str_len + 0u' rather than a cast.
> Ugh... Any tool with the most basic flow analysis would realize this
> was a false positive. We use at least three static analyzers which
> catch signedness bugs. Can we turn off GCC's warning on this until they
> improve it a bit?
Yes, would be nice if it attempted to follow the valid domain of variables.
I recently had to change:
unsigned char a, b;
unsigned int c;
...
if (a + b < c)
To stop a 'signedness' warning.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)