Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Overzealous strnlen checking #7

New issue
Copy link
New issue
Copy link
Open
Open
Overzealous strnlen checking#7
Copy link
@johnsonjh

Description

@johnsonjh
johnsonjh
opened on Mar 25, 2024
Issue body actions

@yonhan3

I have an application that would need quite a few modifications to build with OpenOSC, which I think shouldn't be necessary (or at least optional), since strnlen checking is, in my opinion, overzealous, and the modifications would make the program less understandable if not less secure.

Take this code for example:

#include <stddef.h>
#include <string.h>

#define MAX_STRING_LEN 32

int main(void) {
    static const char* string = "MyString";
    /* ... */
    size_t len = strnlen(string, MAX_STRING_LEN);

    return 0;
}
$ gcc -O test.c -include openosc.h -lopenosc

In file included from /usr/include/openosc_map.h:21,
                 from /usr/include/openosc.h:179,
                 from <command-line>:
In function ‘strnlen’,
    inlined from ‘main’ at test.c:9:18:
/usr/include/openosc_redirect_map.h:570:36: error: call to ‘openosc_strnlen_chk_warn’ declared with attribute error: strnlen caller with bigger length than size of source buffer
  570 |                   : (STRNLEN_CASE2 openosc_strnlen_chk_warn(_sz, src, len)))
      |                     ~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I can't see what the point is in raising an error here, at least not in all cases... this means that we'd need to have some code where truncation actually happens (or the size is exactly the same like) to not raise an error:

     static const char* string = "MyStringxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";

In my use case, I have code like this (that is used in example code). It conveys useful information both to the programmer that the MAX_STRING_LEN (as set in headers) is the maximum usable string length, and also to the program later, which can truncate strings to len later on.

Replacing this kind of code with something like ...

    static const char* string = "MyString"; /* Maximum usable length of string is MAX_STRING_LEN */

... doesn't seem to be a great benefit (and now many IDE's won't show the user value of MAX_STRING_LEN because it is in a comment, etc.)

(Using strlen in all the cases where OpenOSC would complain is fine too, but isn't helpful when using strlen is banned by policy, along with the other non-n functions.)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      Morty Proxy This is a proxified and sanitized view of the page, visit original site.