On Tue, Dec 18, 2018 at 05:55:27PM +0100, Philippe Mathieu-Daudé wrote: > On 12/18/18 3:54 PM, Michael S. Tsirkin wrote: > > On Tue, Dec 18, 2018 at 03:45:08PM +0100, Paolo Bonzini wrote: > >> On 18/12/18 15:31, Michael S. Tsirkin wrote: > >>> Do you happen to know why does it build fine with > >>> Gcc 8.2.1? > >>> > >>> Reading the GCC manual it seems that > >>> there is a "nostring" attribute that means > >>> "might not be 0 terminated". > >>> I think we should switch to that which fixes the warning > >>> but also warns if someone tries to misuse these > >>> as C-strings. > >>> > >>> Seems to be a better option, does it not? > >>> > >>> > >> > >> Using strpadcpy is clever and self-documenting, though. We have it > >> already, so why not use it. > >> > >> Paolo > > > > The advantage of nonstring is that it will catch attempts to > > use these fields with functions that expect a 0 terminated string. > > > > strpadcpy will instead just silence the warning. > > migration/global_state.c:109:15: error: 'strlen' argument 1 declared > attribute 'nonstring' [-Werror=stringop-overflow=] > s->size = strlen((char *)s->runstate) + 1; > ^~~~~~~~~~~~~~~~~~~~~~~~~~~ > > GCC won... It is true this strlen() is buggy, indeed s->runstate might > be not NUL-terminated.
Ooh nice. I smell some CVE fixes coming from this effort. -- MST
