Commit Graph

4 Commits

Author SHA1 Message Date
Alejandro Colomar c1fd94d7d5 lib/mempcpy.[ch]: Remove our definition of mempcpy(3)
It is provided by glibc, musl, and FreeBSD.

Reported-by: Sam James <sam@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-09-04 08:57:43 -05:00
Alejandro Colomar 9514a841bc zustr2stp.h: Assert some assumptions about the size
If the destination buffer is an array, we can check our assumptions.
This adds a readable way to explain that dsize must be strictly > ssize.
The reason is that the destination string is the source + '\0'.

If the destination is not an array, it's up to _FORTIFY_SOURCE or
-fanalyzer to catch newly introduced errors.  There's nothing we can do;
at least not portably.

Suggested-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-09-01 09:39:23 +02:00
Alejandro Colomar 983a844633 zustr2stp.h: Add ZUSTR2STP() macro
It's a wrapper around zustr2stp() that calls SIZEOF_ARRAY() internally.
The function call is usually --in our code base, always-- called with an
array as the second argument.  For such an argument, one should call
SIZEOF_ARRAY().  To avoid mistakes, and simplify usage, let's add this
macro that does it internally.

BTW, this macro doesn't have any issues of double evaluation, because
sizeof() doesn't evaluate its argument (unless it's a VLA, but then
the static_assert(3) within SIZEOF_ARRAY() makes sure VLAs are not
allowed).

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-09-01 09:39:23 +02:00
Alejandro Colomar 6a576391d6 zustr2stp.[ch]: Add zustr2stp()
There's no standard function that copies from a null-padded character
sequence into a string.

A few standard functions can be workarounded to do that:

-  strncat(3):  This function is designed to catenate from a null-padded
   character sequence into a string.  The catch is that there's no
   *cpy() equivalent of it --strncpy(3) is not at all related to
   strncat(3); don't be fooled by the confusing name--, so one would
   need to zero the first byte before the call to strncat(3).  It also
   has the inconvenient that it returns a useless value.

-  strncpy(3):  This function is designed to copy from a string to a
   null-padded character sequence; the opposite of what we want to do.
   If one passes the size of src instead of the size of dst, and then
   manually zeroes the last byte of the dst buffer, something similar
   to what we want happens.  However, this does more than what we want:
   it also padds with NUL the remaining bytes after the terminating NUL.
   That extra work can confuse maintainers to believe that it's
   necessary.  That is exactly what happens in logout.c.

src/logoutd.c-46-	/*
src/logoutd.c-47-	 * ut_user may not have the terminating NUL.
src/logoutd.c-48-	 */
src/logoutd.c:49:	strncpy (user, ut->ut_user, sizeof (ut->ut_user));
src/logoutd.c-50-	user[sizeof (ut->ut_user)] = '\0';

   In that logout.c case --and in most invocations of strncpy(3), which
   is usually a wrong tool-- the extra work is not wanted, so it's
   preferrable to use the right tool, a function that does exactly
   what's needed and nothing more than that.  That tool is zustr2stp().

Read string_copying(7) for a more complete comparison of string copying
functions.

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-09-01 09:39:23 +02:00