On Tue, Aug 08, 2023 at 10:59:37AM -0700, Tyler Retzlaff wrote:
> On Tue, Aug 08, 2023 at 10:24:41AM +0800, lihuisong (C) wrote:
> >
> > 在 2023/8/3 5:21, Tyler Retzlaff 写道:
> > >strlcpy returns type size_t when directly assigning to
> > >struct rte_tel_data data_len field it may be truncated leading to
> > >compromised length check that follows
> > >
> > >Since the limit in the check is < UINT_MAX the value returned is
> > >safe to be cast to unsigned int (which may be narrower than size_t)
> > >but only after being checked against RTE_TEL_MAX_SINGLE_STRING_LEN
> > >
> > >Signed-off-by: Tyler Retzlaff <roret...@linux.microsoft.com>
> > >---
> > > lib/telemetry/telemetry_data.c | 5 +++--
> > > 1 file changed, 3 insertions(+), 2 deletions(-)
> > >
> > >diff --git a/lib/telemetry/telemetry_data.c
> > >b/lib/telemetry/telemetry_data.c
> > >index 3b1a240..52307cb 100644
> > >--- a/lib/telemetry/telemetry_data.c
> > >+++ b/lib/telemetry/telemetry_data.c
> > >@@ -41,12 +41,13 @@
> > > int
> > > rte_tel_data_string(struct rte_tel_data *d, const char *str)
> > > {
> > >+ const size_t len = strlcpy(d->data.str, str, sizeof(d->data.str));
> > sizeof(d->data.str) is equal to RTE_TEL_MAX_SINGLE_STRING_LEN(8192).
> > So It seems that this truncation probably will not happen.
>
> agreed, regardless the data type choices permit a size that exceeds the
> range of the narrower type and the assignment results in a warning being
> generated on some targets. that's why the truncating cast is safe to
> add.
>
> none of this would be necessary if data_len had been appropriately typed
> as size_t. Bruce should we be changing the type instead since we are in
> 23.11 merge window...?
>
I'm fine either way, to be honest.
