On 09/10/20 11:59 +0100, Ferruh Yigit wrote: > On 10/9/2020 11:36 AM, Gaëtan Rivet wrote: > > On 07/10/20 12:45 +0100, Ferruh Yigit wrote: > > > On 10/7/2020 11:28 AM, Bruce Richardson wrote: > > > > On Wed, Oct 07, 2020 at 11:26:38AM +0100, Bruce Richardson wrote: > > > > > On Wed, Oct 07, 2020 at 11:51:31AM +0200, Olivier Matz wrote: > > > > > > On Wed, Oct 07, 2020 at 10:40:32AM +0100, Ferruh Yigit wrote: > > > > > > > On 10/7/2020 10:01 AM, Ciara Loftus wrote: > > > > > > > > strncpy may leave the destination buffer not NULL terminated so > > > > > > > > use > > > > > > > > snprintf instead. > > > > > > > > > > > > > > What do you think using 'strlcpy'? > > > > > > > > > > > > Or even better, rte_strscpy() > > > > > > https://git.dpdk.org/dpdk/commit/?id=b0236c7cf761 > > > > > > > > > > > I think this is largely a matter of preference, and unless there is a > > > > > good > > > > > reason not to, I tend towards strlcpy as the older and more common > > > > > (till > > > > > now) interface. The main thing is just to use a function that will > > > > > guarantee dest is null-terminated here, and both strlcpy and strscpy > > > > > meet > > > > > that criteria. > > > > > > > > > I'd also add that strlcpy is more likely to be recognised by tools like > > > > coverity, compared to rte_strscpy which is DPDK-specific. > > > > > > > > > > +1 to 'strlcpy' > > > > Using strlcpy will be more recognized by static analyzer indeed. > > > > But strscpy API is better: > > > > * It helps checking string truncation by making it easier: > > > > if (strlcpy(dst, src, dstsize) >= dstsize) > > /* Dev + reviewer needs to think about using >= and not >, dstsize > > is > > * repeated so either dst is an array or it needs a dedicated > > variable. > > * Deal with truncation. > > */ > > > > if (rte_strscpy(dst, src, dstsize) < 0) > > /* deal with truncation. */ > > > > * It is safer when dealing with unknown data source. strlcpy will always > > read all of src, because the API (uselessly) defines the return value > > to strlen(src). > > > > Having yet another string copy function is contentious, but we can avoid > > using worse API to please tools. > > > > And detecting string truncation *is* helpful. String are used as IDs in > > DPDK for some objects. Using strlcpy / snprintf at least protects from > > buffer overflow, which is a bare minimum. A good implementation would > > also warn the user about a config error / memory corruption happening > > sooner. > > > > In any case, sure to fix a sanity check strlcpy / snprintf will work. > > > > I also think 'strscpy' is better API, and we had similar discussion before > [1] and the decision was to prefer 'strlcpy'. > > [1] > http://inbox.dpdk.org/dev/b800d417-c33d-af4e-b506-8f31ae919...@intel.com/#t
Good memory! I hadn't seen this thread, thanks. -- Gaëtan
