Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: refactor
Change-Id: I5ca142ec1557d5b5c3806b43553ad9d3b5ea1112
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Due to multiarch nature of that code, those tests doesn't bring much
value. New tests will be addes as part of refactor.
Type: refactor
Change-Id: I41056dc99d08cd6ca38f9e00e8cf6a465c90edb7
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
clib_strncat
There are 3 versions of the string functions. For example, for strcpy,
they are
1. strcpy(dst, src) -- the legacy unsafe version
2. strcpy_s(dst, dmax, src) -- C11 safeC version which has an addition argument
named dmax.
3. clib_strcpy(dst,src) -- clib version to enable legacy code that uses strcpy
to make use of strcpy_s without adding the additional argument, dmax, which is
required by the C11 safeC version.
The implementation for the clib version is to artificially provide dmax to
strcpy_s. In this case, it uses 4096 which assumes that if the legacy code
works without blowing up, it is likely to work with the clib version without
problem.
gcc-11 is getting smarter by checking if dmax is within the object's boundary.
When the object is declared as static array, it will flag a warning/error
if dmax is out of bound for the object since the real size of dst can be
determined at compile time.
There is no way to find the real size of dst if the object is dynamically
allocated at compile time. For this reason, we simply can't provide support
for the clib version of the function anymore. If any code is using the clib
version, the choice is to migrate to the safeC version.
Type: fix
Fixes: b0598497afde60146fe8480331c9f96e7a79475a
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I99fa59c878331f995b734588cca3906a1d4782f5
|
|
Type: test
Change-Id: I490c1b1a2fa49badda038e6be014c77b9bee6c56
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Change-Id: Iae9e84d4297acd54c909d3a8a39adafcd86b0a91
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Causes static analysis "vulnerability" warnings
Type: fix
Ticket: VPP-1837
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I272fa69251d70f62178e6dff0423c16f99937af1
|
|
coverity complains that the subject test may cause dst buffer overrun
problem and it is right. The problem is when __builtin_constant_p (n)
returns true, memcpy_s_inline skips all the errors checking and does the
copy blindly. Please see the code in memcpy_s_inline.
The fix is to skip the subject test when the aformentioned builtin function
returns true.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I50de91cc0c853a134b3bcf3b0cd8d45d7668b092
|
|
Me: "Mr Coverity, I thought I fixed the dead code warning just few days ago in
this file. Why are you still complaining about the same stuff to me?"
Mr. Coverity: "Duh! But you are supposed to fix all occurences in the same file."
Me: "Mr. Coverity, I didn't see you flag the warning in the other places last
time?"
Mr. Coverity: "Shh! That is the secret of my dark side!"
Change-Id: I565eccd90bf1bb39c9881664d361f83396ca8bcc
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Coverity complains about dead code as shown below and it is right.
The fix is to simply remove the dead code.
503 if (v_indicator != indicator)
CID 190173 (#3 of 3): Logically dead code (DEADCODE)
dead_error_line: Execution cannot reach this statement: return -1;.
504 return -1;
Change-Id: Ibca9e10451a4459db099bef5ecc6939474bdb903
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
For some reason, GCC 8 in debian is pickier than GCC 8 in ubuntu. It complains
about things in strncpy like this
/home/sluong/vpp/src/vlib/linux/pci.c:485:7: error: ‘strncpy’ output may be
truncated copying 15 bytes from a string of length 255 [-Werror=stringop-truncation]
strncpy (ifr.ifr_name, e->d_name, sizeof (ifr.ifr_name) - 1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/home/sluong/vpp/src/vlib/linux/pci.c: At top level:
It also complains similar things in string_test.c
The fix in pci.c is to convert strncpy to use clib_strncpy
The fix in string_test.c is condiational compile the complained code for GCC 8.
Change-Id: Ic9341ca54ed7407210502197a28283bc42c26662
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Given n equals to the maximum number of bytes to copy from src in the API,
or the rough estimate strlen of src, strncpy_s_inline should not copy more
than the number of bytes, computed by strlen(src), to dst if n is greater than
strlen(src). The number of bytes to copy is computed by strnlen(src,n), not n.
Change-Id: I088b46125d9776962750e121f1fbf441952efc2b
Signed-off-by: Steven <sluong@cisco.com>
|
|
Remove the needless tests and checks which coverity complains about in
string_test.c
Change-Id: I971650cada77136f06528a65625ef99bd3d7e915
Signed-off-by: Steven <sluong@cisco.com>
|
|
Change-Id: I9382bc981c25a29c293f7ddc6ed3d34130678696
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Same pointer is passed to two or more restrict-qualified parameters of a function.
vpp/src/plugins/unittest/string_test.c: In function ‘test_strcpy_s’:
vpp/src/plugins/unittest/string_test.c:562:19: error: passing argument 1 to restrict-qualified parameter aliases with argument 3 [-Werror=restrict]
err = strcpy_s (dst, s1size, dst);
^~~ ~~~
Change-Id: Ica06b457bbcbf2d552eec380976c37f9fd447b1c
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Reviewed-by: Sirshak Das <sirdas@arm.com>
|
|
gcc-8 flunks a certain number of tests at compile time, so
conditionally disable (negative) tests which won't even compile.
Change-Id: Id7e85f38bc371623972efa6e2c8f9ee4717f5ff5
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Add memcmp_s, strcmp_s, strncmp_s, strcpy_s, strncpy_s, strcat_s, strncat_s,
strtok_s, strnlen_s, and strstr_s C11 safe string API. For migrating extant
unsafe API, add also the corresponding macro version of each safe API,
clib_memcmp, clib_strcmp, etc.
In general, the benefits of the safe string APIs are to provide null pointer
checks, add additional argument to specify the string length of the passed
string rather than relying on the null terminated character, and src/dest
overlap checking for the the string copy operations.
The macro version of the API takes the same number of arguments as the unsafe
API to provide easy migration. However, it does not usually provide the full
aformentioned benefits. In some cases, it is necessary to move to the safe
API rather than using the macro in order to avoid some unpredictable problems
such as accessing memory beyond what it is intended due to the lack of the
passed string length.
dbarach: add a "make test" vector, and a doxygen file header cookie.
Change-Id: I5cd79b8928dcf76a79bf3f0b8cbc1a8f24942f4c
Signed-off-by: Steven <sluong@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab
Signed-off-by: Dave Barach <dave@barachs.net>
|