On 05/06/2025 12:35 am, Stefano Stabellini wrote:
> From: Alessandro Zucchelli <alessandro.zucche...@bugseng.com>
>
> MISRA C Rule 21.16 states the following: "The pointer arguments to
> the Standard Library function `memcmp' shall point to either a pointer
> type, an essentially signed type, an essentially unsigned type, an
> essentially Boolean type or an essentially enum type".
>
> Comparing string literals with char arrays is more appropriately
> done via strncmp.
>
> No functional change.
>
> Signed-off-by: Alessandro Zucchelli <alessandro.zucche...@bugseng.com>
> ---
>  xen/arch/x86/dmi_scan.c | 20 ++++++++++----------
>  xen/arch/x86/mpparse.c  | 10 +++++-----
>  2 files changed, 15 insertions(+), 15 deletions(-)
>
> diff --git a/xen/arch/x86/dmi_scan.c b/xen/arch/x86/dmi_scan.c
> index eb65bc86bb..b6edd7a965 100644
> --- a/xen/arch/x86/dmi_scan.c
> +++ b/xen/arch/x86/dmi_scan.c
> @@ -233,7 +233,7 @@ void __init dmi_efi_get_table(const void *smbios, const 
> void *smbios3)
>       const struct smbios_eps *eps = smbios;
>       const struct smbios3_eps *eps3 = smbios3;
>  
> -     if (eps3 && memcmp(eps3->anchor, "_SM3_", 5) == 0 &&
> +     if (eps3 && strncmp(eps3->anchor, "_SM3_", 5) == 0 &&
>           eps3->length >= sizeof(*eps3) &&
>           dmi_checksum(eps3, eps3->length)) {
>               efi_smbios3_address = eps3->address;

This is a good example where MISRAs dictats make the code worse rather
than better.

The anchor is a magic number, and memcmp() is the correct check.  It
really is "is this byte pattern identical?"

It's just that the byte pattern is chosen to be coherent and logic in
ASCII, so the use of a "string" is also correct.

Previously 4cd66fb56dc697 was done, but that was on the belief that
those where the only two examples.

What variety of compilers has this been tried on?  Both Clang and GCC
have warnings about str*() functions on arrays and overflows, and
switching to mem*() was the solution.

~Andrew

Reply via email to