treewide: Comply with CERT C rule ERR33-C for snprintf()

clang-tidy, starting from LLVM version 16, up to at least LLVM version 19, now checks that we detect and handle errors for snprintf() as requested by CERT C rule ERR33-C. These warnings were logged with LLVM version 19.1.2 (at least Debian and Fedora match): /home/sbrivio/passt/arch.c:43:3: error: the value returned by this function should not be disregarded; neglecting it may lead to errors [cert-err33-c,-warnings-as-errors] 43 | snprintf(new_path, PATH_MAX + sizeof(".avx2"), "%s.avx2", exe); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /home/sbrivio/passt/arch.c:43:3: note: cast the expression to void to silence this warning /home/sbrivio/passt/conf.c:577:4: error: the value returned by this function should not be disregarded; neglecting it may lead to errors [cert-err33-c,-warnings-as-errors] 577 | snprintf(netns, PATH_MAX, "/proc/%ld/ns/net", pidval); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /home/sbrivio/passt/conf.c:577:4: note: cast the expression to void to silence this warning /home/sbrivio/passt/conf.c:579:5: error: the value returned by this function should not be disregarded; neglecting it may lead to errors [cert-err33-c,-warnings-as-errors] 579 | snprintf(userns, PATH_MAX, "/proc/%ld/ns/user", | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 580 | pidval); | ~~~~~~~ /home/sbrivio/passt/conf.c:579:5: note: cast the expression to void to silence this warning /home/sbrivio/passt/pasta.c:105:2: error: the value returned by this function should not be disregarded; neglecting it may lead to errors [cert-err33-c,-warnings-as-errors] 105 | snprintf(ns, PATH_MAX, "/proc/%i/ns/net", pasta_child_pid); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /home/sbrivio/passt/pasta.c:105:2: note: cast the expression to void to silence this warning /home/sbrivio/passt/pasta.c:242:2: error: the value returned by this function should not be disregarded; neglecting it may lead to errors [cert-err33-c,-warnings-as-errors] 242 | snprintf(uidmap, BUFSIZ, "0 %u 1", uid); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /home/sbrivio/passt/pasta.c:242:2: note: cast the expression to void to silence this warning /home/sbrivio/passt/pasta.c:243:2: error: the value returned by this function should not be disregarded; neglecting it may lead to errors [cert-err33-c,-warnings-as-errors] 243 | snprintf(gidmap, BUFSIZ, "0 %u 1", gid); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /home/sbrivio/passt/pasta.c:243:2: note: cast the expression to void to silence this warning /home/sbrivio/passt/tap.c:1155:4: error: the value returned by this function should not be disregarded; neglecting it may lead to errors [cert-err33-c,-warnings-as-errors] 1155 | snprintf(path, UNIX_PATH_MAX - 1, UNIX_SOCK_PATH, i); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /home/sbrivio/passt/tap.c:1155:4: note: cast the expression to void to silence this warning Don't silence the warnings as they might actually have some merit. Add an snprintf_check() function, instead, checking that we're not truncating messages while printing to buffers, and terminate if the check fails. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
author: Stefano Brivio <sbrivio@redhat.com> 2024-10-24 23:25:33 +0200
committer: Stefano Brivio <sbrivio@redhat.com> 2024-10-30 12:37:25 +0100
commit: 98efe7c2fdd82a2822e1be8e5c5c8caed846ae76 (patch)
tree: be87f98e9668100e22d76b5bb11fd0b5ac45e491 /util.c
parent: 988a4d75f89473cbf76e09852a03f21658859710 (diff)
download: passt-98efe7c2fdd82a2822e1be8e5c5c8caed846ae76.tar
passt-98efe7c2fdd82a2822e1be8e5c5c8caed846ae76.tar.gz
passt-98efe7c2fdd82a2822e1be8e5c5c8caed846ae76.tar.bz2
passt-98efe7c2fdd82a2822e1be8e5c5c8caed846ae76.tar.lz
passt-98efe7c2fdd82a2822e1be8e5c5c8caed846ae76.tar.xz
passt-98efe7c2fdd82a2822e1be8e5c5c8caed846ae76.tar.zst
passt-98efe7c2fdd82a2822e1be8e5c5c8caed846ae76.zip
1 files changed, 30 insertions, 0 deletions
diff --git a/util.c b/util.c
index eba7d52..21ce0a8 100644
--- a/util.c
+++ b/util.c
@@ -749,3 +749,33 @@ void close_open_files(int argc, char **argv)
 	if (rc)
 		die_perror("Failed to close files leaked by parent");
 }
+
+/**
+ * snprintf_check() - snprintf() wrapper, checking for truncation and errors
+ * @str:	Output buffer
+ * @size:	Maximum size to write to @str
+ * @format:	Message
+ *
+ * Return: false on success, true on truncation or error, sets errno on failure
+ */
+bool snprintf_check(char *str, size_t size, const char *format, ...)
+{
+	va_list ap;
+	int rc;
+
+	va_start(ap, format);
+	rc = vsnprintf(str, size, format, ap);
+	va_end(ap);
+
+	if (rc < 0) {
+		errno = EIO;
+		return true;
+	}
+
+	if ((size_t)rc >= size) {
+		errno = ENOBUFS;
+		return true;
+	}
+
+	return false;
+}
author	Stefano Brivio <sbrivio@redhat.com>	2024-10-24 23:25:33 +0200
committer	Stefano Brivio <sbrivio@redhat.com>	2024-10-30 12:37:25 +0100
commit	98efe7c2fdd82a2822e1be8e5c5c8caed846ae76 (patch)
tree	be87f98e9668100e22d76b5bb11fd0b5ac45e491 /util.c
parent	988a4d75f89473cbf76e09852a03f21658859710 (diff)
download	passt-98efe7c2fdd82a2822e1be8e5c5c8caed846ae76.tar passt-98efe7c2fdd82a2822e1be8e5c5c8caed846ae76.tar.gz passt-98efe7c2fdd82a2822e1be8e5c5c8caed846ae76.tar.bz2 passt-98efe7c2fdd82a2822e1be8e5c5c8caed846ae76.tar.lz passt-98efe7c2fdd82a2822e1be8e5c5c8caed846ae76.tar.xz passt-98efe7c2fdd82a2822e1be8e5c5c8caed846ae76.tar.zst passt-98efe7c2fdd82a2822e1be8e5c5c8caed846ae76.zip