This is an archive of the discontinued LLVM Phabricator instance.

Differential D58835

[Support] Treat truncation of fullpath as error
ClosedPublic

Authored by Hahnfeld on Mar 1 2019, 10:26 AM.

Details

Reviewers
sylvestre.ledru
chandlerc
hans
efriedma
Commits
rGe59746f8f823: [Support] Treat truncation of fullpath as error
rL356036: [Support] Treat truncation of fullpath as error
Summary

If the concatenation of arguments dir and bin has at least PATH_MAX
characters the call to snprintf will truncate. The result will usually
not exist, but if it does it's actually incorrect to return that the
path exists.
(Motivated by GCC compiler warning about format truncation.)

Diff Detail

Repository
rL LLVM

Event Timeline

Hahnfeld created this revision.Mar 1 2019, 10:26 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 1 2019, 10:26 AM
Herald added subscribers: llvm-commits, jdoerfert, kristina, hiraditya. · View Herald Transcript
mgrang edited reviewers, added: efriedma; removed: eli.friedman.Mar 1 2019, 11:46 AM
efriedma added inline comments.Mar 1 2019, 12:36 PM
llvm/lib/Support/Unix/Path.inc
114 ↗(On Diff #188938)

The use of PATH_MAX here seems dubious; in practice, many targets support paths longer than PATH_MAX. Probably should just use a raw_string_ostream or something like that instead of snprintf to a fixed buffer.

zturner added a subscriber: zturner.Mar 1 2019, 12:44 PM
zturner added inline comments.
llvm/lib/Support/Unix/Path.inc
114 ↗(On Diff #188938)

Even better, llvm::sys::path::join(). I'm not sure why all of these global functions operate on raw pointers instead of LLVM's string ADTs.

Hahnfeld marked 3 inline comments as done.Mar 3 2019, 12:44 PM
Hahnfeld added inline comments.
llvm/lib/Support/Unix/Path.inc
114 ↗(On Diff #188938)

I played a bit on my Arch Linux system: It's indeed possible to create paths that are longer than PATH_MAX = 4096. But I can't get the realpath nor even cd into there, and I'd guess that many more tools are broken.

In that case I think there's no difference between fixed buffers and the string ADTs, except that the latter are probably slower.

Hahnfeld added a comment.Mar 12 2019, 2:57 AM

Ping. As I said I think the current approach with a fixed-size buffer makes sense because anything larger likely won't work anyhow.

efriedma accepted this revision.Mar 12 2019, 11:34 AM

LGTM

llvm/lib/Support/Unix/Path.inc
114 ↗(On Diff #188938)

I guess this is okay given the way the code is currently written.

It should probably be rewritten eventually to work in a more consistent way on systems which don't have a PATH_MAX, like Hurd, but that shouldn't block this patch, I think.

This revision is now accepted and ready to land.Mar 12 2019, 11:34 AM
Closed by commit rL356036: [Support] Treat truncation of fullpath as error (authored by Hahnfeld). · Explain WhyMar 13 2019, 3:38 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
llvm/
trunk/
lib/
Support/
Unix/
6 lines

Diff 190389

llvm/trunk/lib/Support/Unix/Path.inc

Show First 20 LinesShow All 101 Lines▼ Show 20 Lines#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || \
defined(__minix) || defined(__FreeBSD_kernel__) || defined(__linux__) || \ defined(__minix) || defined(__FreeBSD_kernel__) || defined(__linux__) || \
defined(__CYGWIN__) || defined(__DragonFly__) || defined(_AIX) || defined(__GNU__) defined(__CYGWIN__) || defined(__DragonFly__) || defined(_AIX) || defined(__GNU__)
static int static int
test_dir(char ret[PATH_MAX], const char *dir, const char *bin) test_dir(char ret[PATH_MAX], const char *dir, const char *bin)
{ {
struct stat sb; struct stat sb;
char fullpath[PATH_MAX]; char fullpath[PATH_MAX];
snprintf(fullpath, PATH_MAX, "%s/%s", dir, bin); int chars = snprintf(fullpath, PATH_MAX, "%s/%s", dir, bin);
// We cannot write PATH_MAX characters because the string will be terminated
// with a null character. Fail if truncation happened.
if (chars >= PATH_MAX)
return 1;
if (!realpath(fullpath, ret)) if (!realpath(fullpath, ret))
return 1; return 1;
if (stat(fullpath, &sb) != 0) if (stat(fullpath, &sb) != 0)
return 1; return 1;
return 0; return 0;
} }
▲ Show 20 LinesShow All 948 LinesShow Last 20 Lines