[MDEV-18659] Fix gcc-8 compiler warnings produced by -Wstringop-truncation and -Wstringop-overflow for InnoDB Created: 2019-02-20  Updated: 2019-03-06  Resolved: 2019-03-06

Status: Closed
Project: MariaDB Server
Component/s: Storage Engine - InnoDB, Storage Engine - XtraDB
Affects Version/s: 10.1
Fix Version/s: 10.2.23, 10.1.39, 10.3.14, 10.4.4

Type: Bug Priority: Major
Reporter: Jan Lindström (Inactive) Assignee: Marko Mäkelä
Resolution: Fixed Votes: 0
Labels: None


 Comments   
Comment by Jan Lindström (Inactive) [ 2019-02-20 ]

http://lists.askmonty.org/pipermail/commits/2019-February/013446.html

Comment by Marko Mäkelä [ 2019-02-20 ]

I think that this needs some more research. I replied in
http://lists.askmonty.org/pipermail/commits/2019-February/013448.html

Comment by Jan Lindström (Inactive) [ 2019-02-20 ]

http://lists.askmonty.org/pipermail/commits/2019-February/013451.html

Comment by Marko Mäkelä [ 2019-03-04 ]

It looks like two of my review comments were not addressed:

I am concerned that this could be replacing dubious code with worse. With memcpy(), you should be sure that the source strings is really safe to access up to the specified length. With strncpy(), the copying will stop at the first NUL character in the output, or at the specified length, whichever comes first.

My second unaddressed comment was regarding unnecessary zero-initialization of all bytes in a string buffer. The revised change does seem to be touching code that performs such unnecessary zero-initialization.

Comment by Jan Lindström (Inactive) [ 2019-03-04 ]

I tried to reason on commit message why memcpy() is safe on those cases but maybe it was not clear. So we have: 

memcpy(old_name_cs_filename, old_name, MAX_TABLE_NAME_LEN);

instead of strncpy() and used strings are defined on same functions as 

char	old_name[MAX_FULL_NAME_LEN + 1];
 
char old_name_cs_filename[MAX_TABLE_NAME_LEN+20];

And #define MAX_FULL_NAME_LEN (MAX_TABLE_NAME_LEN + MAX_DATABASE_NAME_LEN + 14) that
is larger than MAX_TABLE_NAME_LEN in both cases. To avoid reading uninitialized memory we should
zero-initialize those strings.

I did not add any zero-initialization on latest version, they were there already, maybe they are unnecessary. I do not think real string truncation is possible.

Comment by Marko Mäkelä [ 2019-03-04 ]

I would prefer to avoid unnecessary copying and initialization. That is why I prefer strncmp() to memcpy(). The minimum correctness requirement is that the string buffers be terminated by at least one NUL byte.

Comment by Marko Mäkelä [ 2019-03-05 ]

I do not see these warnings being emitted for MariaDB 10.2 or later. Could you try to see how the code differs between 10.1 and 10.2, and attempt a minimal backport to 10.1?

Comment by Marko Mäkelä [ 2019-03-06 ]

I am testing a similar patch that keeps the strncpy() calls except when using strcpy() or memcpy() would lead to functionally equivalent result. I will also fix the warnings in mariabackup.

Generated at Thu Feb 08 08:45:46 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.