The -Wstringop-truncation option new in GCC 8 detects common misuses

of the strncat and strncpy function that may result in truncating the copied string before the terminating NUL. To avoid false positive warnings for correct code that intentionally creates sequences of characters that aren't guaranteed to be NUL-terminated, arrays that are intended to store such sequences should be decorated with a new nonstring attribute. This change add this attribute to Glibc and uses it to suppress such false positives. ChangeLog: * misc/sys/cdefs.h (__attribute_nonstring__): New macro. * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
2017-11-15 17:39:59 -07:00 · 2017-11-15 17:39:59 -07:00 · 7532837d7b
parent d9611e3085
commit 7532837d7b
4 changed files with 27 additions and 6 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+2017-11-15  Martin Sebor  <msebor@redhat.com>
+
+	* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+	* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+	* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
 2017-11-15  Luke Shumaker  <lukeshu@parabola.nu>

 	[BZ #22145]
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@ -407,6 +407,15 @@
 # endif
 #endif

+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+   argument to strncpy and strncat, as the char array is not necessarily
+   a NUL-terminated string.  */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
 #if (!defined _Static_assert && !defined __cplusplus \
     && (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \
     && (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__))
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@ -59,10 +59,13 @@ struct utmp
 {
  short int ut_type;		/* Type of login.  */
  pid_t ut_pid;			/* Process ID of login process.  */
-  char ut_line[UT_LINESIZE];	/* Devicename.  */
+  char ut_line[UT_LINESIZE]
+    __attribute_nonstring__;	/* Devicename.  */
  char ut_id[4];		/* Inittab ID.  */
-  char ut_user[UT_NAMESIZE];	/* Username.  */
-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
+  char ut_user[UT_NAMESIZE]
+    __attribute_nonstring__;	/* Username.  */
+  char ut_host[UT_HOSTSIZE]
+    __attribute_nonstring__;	/* Hostname for remote login.  */
  struct exit_status ut_exit;	/* Exit status of a process marked
 				   as DEAD_PROCESS.  */
 /* The ut_session and ut_tv fields must be the same size when compiled
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@ -59,10 +59,13 @@ struct utmp
 {
  short int ut_type;		/* Type of login.  */
  pid_t ut_pid;			/* Process ID of login process.  */
-  char ut_line[UT_LINESIZE];	/* Devicename.  */
+  char ut_line[UT_LINESIZE]
+     __attribute_nonstring__;	/* Devicename.  */
  char ut_id[4];		/* Inittab ID.  */
-  char ut_user[UT_NAMESIZE];	/* Username.  */
-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
+  char ut_user[UT_NAMESIZE]
+     __attribute_nonstring__;	/* Username.  */
+  char ut_host[UT_HOSTSIZE]
+     __attribute_nonstring__;	/* Hostname for remote login.  */
  struct exit_status ut_exit;	/* Exit status of a process marked
 				   as DEAD_PROCESS.  */
 /* The ut_session and ut_tv fields must be the same size when compiled