[CRIU] [PATCH 2/2] criu: fix gcc-8 warnings

Andrei Vagin avagin at openvz.org
Sun Feb 4 08:22:59 MSK 2018


From: Andrei Vagin <avagin at virtuozzo.com>

criu/sk-packet.c:443:3: error: 'strncpy' output may be truncated
copying 14 bytes from a string of length 15
   strncpy(addr_spkt.sa_data, req.ifr_name, sa_data_size);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
criu/img-remote.c:383:3: error: 'strncpy' specified bound 4096
equals destination size
   strncpy(snapshot_id, li->snapshot_id, PATHLEN);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
criu/img-remote.c:384:3: error: 'strncpy' specified bound 4096
equals destination size
   strncpy(path, li->name, PATHLEN);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
criu/files.c:288:3: error: 'strncpy' output may be truncated copying
4095 bytes from a string of length 4096
   strncpy(buf, link->name, PATH_MAX - 1);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
criu/sk-unix.c:239:36: error: '/' directive output may be truncated
writing 1 byte into a region of size between 0 and 4095
   snprintf(path, sizeof(path), ".%s/%s", dir, sk->name);
                                    ^
criu/sk-unix.c:239:3: note: 'snprintf' output 3 or more bytes
(assuming 4098) into a destination of size 4096
   snprintf(path, sizeof(path), ".%s/%s", dir, sk->name);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
criu/mount.c:2563:3: error: 'strncpy' specified bound 4096 equals
destination size
   strncpy(path, m->mountpoint, PATH_MAX);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
criu/cr-restore.c:3647:2: error: 'strncpy' specified bound 16 equals
destination size
  strncpy(task_args->comm, core->tc->comm, sizeof(task_args->comm));
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Andrei Vagin <avagin at virtuozzo.com>
---
 criu/cr-restore.c    |  3 ++-
 criu/files.c         |  3 ++-
 criu/img-remote.c    |  6 ++++--
 criu/include/files.h |  2 +-
 criu/mount.c         |  3 ++-
 criu/sk-packet.c     |  2 +-
 criu/sk-unix.c       |  5 ++++-
 lib/c/criu.c         | 11 +++++++++--
 8 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/criu/cr-restore.c b/criu/cr-restore.c
index c6c9a7daf..b6f414640 100644
--- a/criu/cr-restore.c
+++ b/criu/cr-restore.c
@@ -3644,7 +3644,8 @@ static int sigreturn_restore(pid_t pid, struct task_restore_args *task_args, uns
 	log_get_logstart(&task_args->logstart);
 	task_args->sigchld_act	= sigchld_act;
 
-	strncpy(task_args->comm, core->tc->comm, sizeof(task_args->comm));
+	strncpy(task_args->comm, core->tc->comm, TASK_COMM_LEN - 1);
+	task_args->comm[TASK_COMM_LEN - 1] = 0;
 	pid_ns = lookup_ns_by_id(current->ids->pid_ns_id, &pid_ns_desc);
 	BUG_ON(!pid_ns);
 	for (i = current->pid->level - 1; i >= 0; i--, pid_ns = pid_ns->parent)
diff --git a/criu/files.c b/criu/files.c
index 8f6d50e92..873f0afad 100644
--- a/criu/files.c
+++ b/criu/files.c
@@ -285,7 +285,8 @@ static int fixup_overlayfs(struct fd_parms *p, struct fd_link *link)
 		char buf[PATH_MAX];
 		int n;
 
-		strncpy(buf, link->name, PATH_MAX - 1);
+		strncpy(buf, link->name, PATH_MAX);
+		buf[PATH_MAX - 1] = 0;
 		n = snprintf(link->name, PATH_MAX, "%s/%s", m->mountpoint, buf + 2);
 		if (n >= PATH_MAX) {
 			pr_err("Not enough space to replace %s\n", buf);
diff --git a/criu/img-remote.c b/criu/img-remote.c
index 91e18a1a2..18cdc3e45 100644
--- a/criu/img-remote.c
+++ b/criu/img-remote.c
@@ -380,8 +380,10 @@ static int64_t read_header(int fd, char *snapshot_id, char *path, int *flags)
 	int ret = pb_read_obj(fd, (void **)&li, PB_LOCAL_IMAGE);
 
 	if (ret > 0) {
-		strncpy(snapshot_id, li->snapshot_id, PATHLEN);
-		strncpy(path, li->name, PATHLEN);
+		strncpy(snapshot_id, li->snapshot_id, PATHLEN - 1);
+		snapshot_id[PATHLEN - 1] = 0;
+		strncpy(path, li->name, PATHLEN - 1);
+		path[PATHLEN - 1] = 0;
 		*flags = li->open_mode;
 	}
 	free(li);
diff --git a/criu/include/files.h b/criu/include/files.h
index bd4ab8470..3483dcdca 100644
--- a/criu/include/files.h
+++ b/criu/include/files.h
@@ -26,7 +26,7 @@ struct fd_link {
 	union {
 		/* Link info for generic file (path) */
 		struct {
-			char	name[PATH_MAX + 1];
+			char	name[PATH_MAX];
 			size_t	len;
 		};
 
diff --git a/criu/mount.c b/criu/mount.c
index 4c7fd0914..152b7a599 100644
--- a/criu/mount.c
+++ b/criu/mount.c
@@ -2560,7 +2560,8 @@ static int fixup_remap_mounts()
 		char path[PATH_MAX];
 		int len;
 
-		strncpy(path, m->mountpoint, PATH_MAX);
+		strncpy(path, m->mountpoint, PATH_MAX - 1);
+		path[PATH_MAX - 1] = 0;
 		len = print_ns_root(m->nsid, 0, path, PATH_MAX);
 		path[len] = '/';
 
diff --git a/criu/sk-packet.c b/criu/sk-packet.c
index bb1bd88b6..ae1197638 100644
--- a/criu/sk-packet.c
+++ b/criu/sk-packet.c
@@ -440,7 +440,7 @@ static int open_packet_sk_spkt(PacketSockEntry *pse, int *new_fd)
 			goto err;
 		}
 
-		strncpy(addr_spkt.sa_data, req.ifr_name, sa_data_size);
+		memcpy(addr_spkt.sa_data, req.ifr_name, sa_data_size);
 		addr_spkt.sa_data[sa_data_size - 1] = 0;
 
 		if (bind(sk, &addr_spkt, sizeof(addr_spkt)) < 0) {
diff --git a/criu/sk-unix.c b/criu/sk-unix.c
index 0c1d97929..87b06d2af 100644
--- a/criu/sk-unix.c
+++ b/criu/sk-unix.c
@@ -236,7 +236,10 @@ static int resolve_rel_name(struct unix_sk_desc *sk, const struct fd_parms *p)
 		}
 		dir[ret] = 0;
 
-		snprintf(path, sizeof(path), ".%s/%s", dir, sk->name);
+		if (snprintf(path, sizeof(path), ".%s/%s", dir, sk->name) >= sizeof(path)) {
+			pr_err("The path .%s/%s is too long", dir, sk->name);
+			goto err;
+		}
 		if (fstatat(mntns_root, path, &st, 0)) {
 			if (errno == ENOENT)
 				continue;
diff --git a/lib/c/criu.c b/lib/c/criu.c
index 08806c6ea..931d691ec 100644
--- a/lib/c/criu.c
+++ b/lib/c/criu.c
@@ -1075,9 +1075,16 @@ static int criu_connect(criu_opts *opts, bool d)
 	memset(&addr, 0, sizeof(addr));
 	addr.sun_family = AF_LOCAL;
 
-	strncpy(addr.sun_path, opts->service_address, sizeof(addr.sun_path));
+	addr_len = strlen(opts->service_address);
+	if (addr_len >= sizeof(addr.sun_path)) {
+		fprintf(stderr, "The service address %s is too long",
+					opts->service_address);
+		close(fd);
+		return -1;
+	}
+	memcpy(addr.sun_path, opts->service_address, addr_len);
 
-	addr_len = strlen(opts->service_address) + sizeof(addr.sun_family);
+	addr_len += sizeof(addr.sun_family);
 
 	ret = connect(fd, (struct sockaddr *) &addr, addr_len);
 	if (ret < 0) {
-- 
2.13.6



More information about the CRIU mailing list