[lxc-devel] [lxc/master] Revert "Revert "tree-wide: use sizeof on static arrays""
brauner on Github
lxc-bot at linuxcontainers.org
Sat Sep 1 18:34:50 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 3147 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180901/83cf497d/attachment.bin>
-------------- next part --------------
From 979a0d93545580aa2b69c6057ff7ea8dfdf48717 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sat, 1 Sep 2018 20:25:07 +0200
Subject: [PATCH] Revert "Revert "tree-wide: use sizeof on static arrays""
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This reverts commit 2fb7cf0b325d2e34cd6faa2758cbaba6b6c3b99f.
The problem wasn't caused by the reverted commit and was fixed in
commit 0c9b1f826d3 ("macro: calculate buffer lengths correctly")
The full explanation can be taken from the following irc excerpt from
the #lxc-dev channel:
│19:54:47 brauner | there was a bug in one of the standard macros we used
│19:55:01 brauner | and the changes by INTTYPE_TO_STRLEN() caused the issue to surface
│19:55:03 brauner | which is good
│19:55:16 brauner | i sent a branch and stgraber merged it that fixes it
│19:57:56 Blub\0 | so...
│19:58:31 Blub\0 | still doesn't explain how it was the sizeof() patch
│20:07:14 brauner | Blub\0: so here's the long explanation
│20:07:35 brauner | Blub\0: stgraber bumped pid_max on our jenkins test builders
│20:07:53 brauner | Blub\0: because we're running *a lot* of containers
│20:07:56 brauner | in any case
│20:08:06 brauner | there was a buffer
│20:08:12 brauner | LXC_LSMATTRLEN
│20:08:59 brauner | it used to be
│20:09:03 brauner | -/* /proc/pid-to-str/attr/current = (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1) */
│20:09:03 brauner | -#define LXC_LSMATTRLEN (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1)
│20:09:14 brauner | which one can see is wrong
│20:09:21 brauner | before the INTTYPE patchset
│20:09:40 brauner | INTTYPE_TO_STRLEN(pid_t) was LXC_NUMSTRLEN64
│20:09:45 brauner | which gave you 21 chars
│20:09:57 brauner | so it accounted for the missing parts
│20:10:03 brauner | because the correct macro should've been
│20:10:17 brauner | +/* /proc/ = 6
│20:10:17 brauner | + * +
│20:10:17 brauner | + * <pid-as-str> = INTTYPE_TO_STRLEN(pid_t)
│20:10:17 brauner | + * +
│20:10:17 brauner | + * /attr/ = 6
│20:10:17 brauner | + * +
│20:10:17 brauner | + * /current = 8
│20:10:17 brauner | + * +
│20:10:17 brauner | + * \0 = 1
│20:10:17 brauner | + */
│20:10:17 brauner | +#define LXC_LSMATTRLEN (6 + INTTYPE_TO_STRLEN(pid_t) + 6 + 8 + 1)
│20:10:24 Blub\0 | still
│20:10:31 brauner | the issue was only seen
│20:10:39 brauner | when the pid number hit a specific maximum
│20:10:50 Blub\0 | the sizeof patch only changed instances of actual char buf[A_FIXED_NUMBER] + snprintf(buf, A_FIXED_NUMBER, ...)
│20:10:54 brauner | aka exceeded the newly shortened buffer
│20:11:42 brauner | your patch was a red herring
│20:12:03 Blub\0 | I guess
│20:12:06 brauner | it didn't cause it
│20:12:14 brauner | it just surfaced at the same time it was merged
│20:12:25 Blub\0 | so we can revert the revert then? :)
│20:12:35 brauner | yes, that was th eplan all along
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/caps.c | 2 +-
src/lxc/cgroups/cgfsng.c | 4 ++--
src/lxc/log.c | 4 ++--
src/lxc/lxccontainer.c | 4 ++--
src/lxc/monitor.c | 4 ++--
src/lxc/tools/lxc_monitor.c | 4 ++--
src/lxc/utils.c | 4 ++--
src/tests/lxc-test-utils.c | 24 ++++++++++++------------
8 files changed, 25 insertions(+), 25 deletions(-)
diff --git a/src/lxc/caps.c b/src/lxc/caps.c
index c56fe732e..8ca47bf66 100644
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -299,7 +299,7 @@ static long int _real_caps_last_cap(void)
char buf[INTTYPE_TO_STRLEN(int)];
again:
- n = read(fd, buf, INTTYPE_TO_STRLEN(int));
+ n = read(fd, buf, sizeof(buf));
if (n < 0 && errno == EINTR) {
goto again;
} else if (n >= 0) {
diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 82eb46a3b..1fe561498 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -321,8 +321,8 @@ static char *lxc_cpumask_to_cpulist(uint32_t *bitarr, size_t nbits)
if (!is_set(i, bitarr))
continue;
- ret = snprintf(numstr, INTTYPE_TO_STRLEN(size_t), "%zu", i);
- if (ret < 0 || (size_t)ret >= INTTYPE_TO_STRLEN(size_t)) {
+ ret = snprintf(numstr, sizeof(numstr), "%zu", i);
+ if (ret < 0 || (size_t)ret >= sizeof(numstr)) {
lxc_free_array((void **)cpulist, free);
return NULL;
}
diff --git a/src/lxc/log.c b/src/lxc/log.c
index 38f7c889c..2a7ee1eab 100644
--- a/src/lxc/log.c
+++ b/src/lxc/log.c
@@ -247,8 +247,8 @@ static int lxc_unix_epoch_to_utc(char *buf, size_t bufsize, const struct timespe
seconds = (time->tv_sec - d_in_s - h_in_s - (minutes * 60));
/* Make string from nanoseconds. */
- ret = snprintf(nanosec, INTTYPE_TO_STRLEN(int64_t), "%"PRId64, (int64_t)time->tv_nsec);
- if (ret < 0 || ret >= INTTYPE_TO_STRLEN(int64_t))
+ ret = snprintf(nanosec, sizeof(nanosec), "%"PRId64, (int64_t)time->tv_nsec);
+ if (ret < 0 || ret >= sizeof(nanosec))
return -1;
/* Create final timestamp for the log and shorten nanoseconds to 3
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index f0f81724f..cdd164202 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -1039,8 +1039,8 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
int ret, w;
char pidstr[INTTYPE_TO_STRLEN(int)];
- w = snprintf(pidstr, INTTYPE_TO_STRLEN(int), "%d", (int)lxc_raw_getpid());
- if (w < 0 || (size_t)w >= INTTYPE_TO_STRLEN(int)) {
+ w = snprintf(pidstr, sizeof(pidstr), "%d", (int)lxc_raw_getpid());
+ if (w < 0 || (size_t)w >= sizeof(pidstr)) {
free_init_cmd(init_cmd);
lxc_free_handler(handler);
diff --git a/src/lxc/monitor.c b/src/lxc/monitor.c
index cdf15b659..4cca9002c 100644
--- a/src/lxc/monitor.c
+++ b/src/lxc/monitor.c
@@ -371,8 +371,8 @@ int lxc_monitord_spawn(const char *lxcpath)
close(pipefd[0]);
- ret = snprintf(pipefd_str, INTTYPE_TO_STRLEN(int), "%d", pipefd[1]);
- if (ret < 0 || ret >= INTTYPE_TO_STRLEN(int)) {
+ ret = snprintf(pipefd_str, sizeof(pipefd_str), "%d", pipefd[1]);
+ if (ret < 0 || ret >= sizeof(pipefd_str)) {
ERROR("Failed to create pid argument to pass to monitord.");
_exit(EXIT_FAILURE);
}
diff --git a/src/lxc/tools/lxc_monitor.c b/src/lxc/tools/lxc_monitor.c
index 5e296082e..86a77c3af 100644
--- a/src/lxc/tools/lxc_monitor.c
+++ b/src/lxc/tools/lxc_monitor.c
@@ -224,8 +224,8 @@ static int lxc_tool_monitord_spawn(const char *lxcpath)
close(pipefd[0]);
- ret = snprintf(pipefd_str, INTTYPE_TO_STRLEN(int), "%d", pipefd[1]);
- if (ret < 0 || ret >= INTTYPE_TO_STRLEN(int)) {
+ ret = snprintf(pipefd_str, sizeof(pipefd_str), "%d", pipefd[1]);
+ if (ret < 0 || ret >= sizeof(pipefd_str)) {
ERROR("Failed to create pid argument to pass to monitord");
_exit(EXIT_FAILURE);
}
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 1f0ba8971..77ad76b49 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1165,7 +1165,7 @@ int lxc_mount_proc_if_needed(const char *rootfs)
return -1;
}
- linklen = readlink(path, link, INTTYPE_TO_STRLEN(pid_t));
+ linklen = readlink(path, link, sizeof(link));
ret = snprintf(path, MAXPATHLEN, "%s/proc", rootfs);
if (ret < 0 || ret >= MAXPATHLEN) {
@@ -1179,7 +1179,7 @@ int lxc_mount_proc_if_needed(const char *rootfs)
return -1;
goto domount;
- } else if (linklen >= INTTYPE_TO_STRLEN(pid_t)) {
+ } else if (linklen >= sizeof(link)) {
link[linklen - 1] = '\0';
ERROR("readlink returned truncated content: \"%s\"", link);
return -1;
diff --git a/src/tests/lxc-test-utils.c b/src/tests/lxc-test-utils.c
index 20f71b9a5..d0c07dc59 100644
--- a/src/tests/lxc-test-utils.c
+++ b/src/tests/lxc-test-utils.c
@@ -252,14 +252,14 @@ void test_lxc_safe_uint(void)
lxc_test_assert_abort((-EINVAL == lxc_safe_uint(" -123", &n)));
lxc_test_assert_abort((-EINVAL == lxc_safe_uint("-123", &n)));
- ret = snprintf(numstr, INTTYPE_TO_STRLEN(uint64_t), "%" PRIu64, (uint64_t)UINT_MAX);
- if (ret < 0 || ret >= INTTYPE_TO_STRLEN(uint64_t))
+ ret = snprintf(numstr, sizeof(numstr), "%" PRIu64, (uint64_t)UINT_MAX);
+ if (ret < 0 || ret >= sizeof(numstr))
exit(EXIT_FAILURE);
lxc_test_assert_abort((0 == lxc_safe_uint(numstr, &n)) && n == UINT_MAX);
- ret = snprintf(numstr, INTTYPE_TO_STRLEN(uint64_t), "%" PRIu64, (uint64_t)UINT_MAX + 1);
- if (ret < 0 || ret >= INTTYPE_TO_STRLEN(uint64_t))
+ ret = snprintf(numstr, sizeof(numstr), "%" PRIu64, (uint64_t)UINT_MAX + 1);
+ if (ret < 0 || ret >= sizeof(numstr))
exit(EXIT_FAILURE);
lxc_test_assert_abort((-ERANGE == lxc_safe_uint(numstr, &n)));
@@ -285,26 +285,26 @@ void test_lxc_safe_int(void)
signed int n;
char numstr[INTTYPE_TO_STRLEN(uint64_t)];
- ret = snprintf(numstr, INTTYPE_TO_STRLEN(uint64_t), "%" PRIu64, (uint64_t)INT_MAX);
- if (ret < 0 || ret >= INTTYPE_TO_STRLEN(uint64_t))
+ ret = snprintf(numstr, sizeof(numstr), "%" PRIu64, (uint64_t)INT_MAX);
+ if (ret < 0 || ret >= sizeof(numstr))
exit(EXIT_FAILURE);
lxc_test_assert_abort((0 == lxc_safe_int(numstr, &n)) && n == INT_MAX);
- ret = snprintf(numstr, INTTYPE_TO_STRLEN(uint64_t), "%" PRIu64, (uint64_t)INT_MAX + 1);
- if (ret < 0 || ret >= INTTYPE_TO_STRLEN(uint64_t))
+ ret = snprintf(numstr, sizeof(numstr), "%" PRIu64, (uint64_t)INT_MAX + 1);
+ if (ret < 0 || ret >= sizeof(numstr))
exit(EXIT_FAILURE);
lxc_test_assert_abort((-ERANGE == lxc_safe_int(numstr, &n)));
- ret = snprintf(numstr, INTTYPE_TO_STRLEN(int64_t), "%" PRId64, (int64_t)INT_MIN);
- if (ret < 0 || ret >= INTTYPE_TO_STRLEN(int64_t))
+ ret = snprintf(numstr, sizeof(numstr), "%" PRId64, (int64_t)INT_MIN);
+ if (ret < 0 || ret >= sizeof(numstr))
exit(EXIT_FAILURE);
lxc_test_assert_abort((0 == lxc_safe_int(numstr, &n)) && n == INT_MIN);
- ret = snprintf(numstr, INTTYPE_TO_STRLEN(int64_t), "%" PRId64, (int64_t)INT_MIN - 1);
- if (ret < 0 || ret >= INTTYPE_TO_STRLEN(int64_t))
+ ret = snprintf(numstr, sizeof(numstr), "%" PRId64, (int64_t)INT_MIN - 1);
+ if (ret < 0 || ret >= sizeof(numstr))
exit(EXIT_FAILURE);
lxc_test_assert_abort((-ERANGE == lxc_safe_int(numstr, &n)));
More information about the lxc-devel
mailing list