QEMU

  1. Bug #1803872
  2. Comment #9

Comment 9 for bug 1803872

Revision history for this message
mst (mst-0) wrote : Re: [PATCH v2 0/3] Fix strncpy() warnings for GCC8 new -Wstringop-truncation

On Tue, Dec 18, 2018 at 06:12:05PM +0100, Paolo Bonzini wrote:
> On 18/12/18 17:55, Philippe Mathieu-Daudé wrote:
> >> strpadcpy will instead just silence the warning.
> > migration/global_state.c:109:15: error: 'strlen' argument 1 declared
> > attribute 'nonstring' [-Werror=stringop-overflow=]
> > s->size = strlen((char *)s->runstate) + 1;
> > ^~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > GCC won... It is true this strlen() is buggy, indeed s->runstate might
> > be not NUL-terminated.
>
> No, runstate is declared as an array of 100 bytes, which are more than
> enough. It's ugly code but not buggy.
>
> Paolo

Yes ... but it is loaded using
        VMSTATE_BUFFER(runstate, GlobalState),
and parsed using qapi_enum_parse which does not get
the buffer length.

So unless we are lucky there's a buffer overrun
on a remote/file input here.

Seems buggy to me - what am I missing?

--
MST