Experimental Physics and
Industrial Control System

On 9/16/20 5:22 AM, Ralph Lange via Core-talk wrote:
> My 2cts...
> 
> I would rather have a safe implementation for copying C strings (taking both the length of source and target as arguments and null-terminating the target) in libCom. Better than having each software module use a different implementation.
> Using strncpy() also produces loads of issues on static code analysis systems, as it is declared "forbidden" on Windows.

Well, yes.  We could have our out bespoke "safe" string copying
function.  This would certainly do away with at least some warnings as
analysis tools would not assign it any special significance.


> Cheers,
> ~Ralph
> 
> 
> On Wed, 16 Sep 2020 at 08:41, Torsten Bögershausen via Core-talk <core-talk at aps.anl.gov <mailto:core-talk at aps.anl.gov>> wrote:
> 
>     Hej Mark,
>     it seams as if new compilers don't like strncpy() any more ?
>     The problem that strncpy() solves against strcpy() is that
>     we don't everwrite memory.
>     The problem that strncpy() does not solve is to make sure that
>     there is always a terminating NUL byte.
>     The BSD world has invented strlcpy() for this.
> 
>     One alternative would be to simply use memcpy(), but one count less,
>     leaving place for the '\0' byte, and then adding a '\0' at the reserved
>     space.
>     The following works for me (gcc 8.3 Debian)
> 
> 
>     diff --git a/asyn/devEpics/devAsynInt32.c b/asyn/devEpics/devAsynInt32.c
>     index 52a1dacd..8669bf63 100644
>     --- a/asyn/devEpics/devAsynInt32.c
>     +++ b/asyn/devEpics/devAsynInt32.c
>     @@ -427,7 +427,14 @@ static void setEnums(char *outStrings, int
>     *outVals, epicsEnum16 *outSeverities,
>               if (outSeverities) outSeverities[i] = 0;
>           }
>           for (i=0; (i<numIn && i<numOut); i++) {
>     -        if (outStrings) strncpy(&outStrings[i*MAX_ENUM_STRING_SIZE],
>     inStrings[i], MAX_ENUM_STRING_SIZE);
>     +        if (outStrings) {
>     +            /* memcpy nearly all, leave one byte for '\0' */
>     +            memcpy(&outStrings[i*MAX_ENUM_STRING_SIZE],
>     +                   inStrings[i],
>     +                   MAX_ENUM_STRING_SIZE-1);
>     +            /* make sure that we have a terminating '\0' */
>     +            outStrings[i*MAX_ENUM_STRING_SIZE + MAX_ENUM_STRING_SIZE-1]
>     = '\0';
>     +        }
>               if (outVals) outVals[i] = inVals[i];
>               if (outSeverities) outSeverities[i] = inSeverities[i];
>           }
> 
> 
> 
>     On 9/16/20 12:30 AM, Mark Rivers via Core-talk wrote:
>     > With gcc 8.3.1 I am getting warnings in asyn that I don’t get with older
>     > versions of gcc (e.g. 4.8.5).
>     >
>     > [epics@viper asyn]$ make -s
>     >
>     > In function ‘setEnums.constprop’,
>     >
>     >      inlined from ‘interruptCallbackEnumBi’ at
>     > ../../asyn/devEpics/devAsynInt32.c:759:5:
>     >
>     > ../../asyn/devEpics/devAsynInt32.c:444:25: warning: ‘strncpy’ forming
>     > offset [27, 51] is out of the bounds [0, 26] [-Warray-bounds]
>     >
>     >           if (outStrings) strncpy(&outStrings[i*MAX_ENUM_STRING_SIZE],
>     > inStrings[i], MAX_ENUM_STRING_SIZE-1);
>     >
>     >                           
>     > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>     >
>     > In function ‘setEnums.constprop’,
>     >
>     >      inlined from ‘interruptCallbackEnumBo’ at
>     > ../../asyn/devEpics/devAsynInt32.c:773:5:
>     >
>     > ../../asyn/devEpics/devAsynInt32.c:444:25: warning: ‘strncpy’ forming
>     > offset [27, 51] is out of the bounds [0, 26] [-Warray-bounds]
>     >
>     >           if (outStrings) strncpy(&outStrings[i*MAX_ENUM_STRING_SIZE],
>     > inStrings[i], MAX_ENUM_STRING_SIZE-1);
>     >
>     >                           
>     > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>     >
>     > These warnings are when writing enum strings to the ONST, TWST, … fields
>     > of bo, bi, mbbo, and mbbi records.  The function is passed the address
>     > of the ZRST field, and computes the addresses of the other fields based
>     > on the knowledge of how large each field is (26 bytes) and that the
>     > fields are consecutive.  The compiler now is smart enough to say that
>     > the array I passed is actually only 26 bytes and so complains about
>     > writing to the other fields.
>     >
>     > Is there a way to fix this via a cast to avoid that warning?
>     >
>     > Mark
>     >
> 

Attachment: signature.asc
Description: OpenPGP digital signature

Replies:

Re: Compiler warning question Chris Johns via Core-talk

References:

Compiler warning question Mark Rivers via Core-talk

Re: Compiler warning question Torsten Bögershausen via Core-talk

Re: Compiler warning question Ralph Lange via Core-talk

Navigate by Date:

Prev: Re: Compiler warning question Ralph Lange via Core-talk

Next: Build failed: EPICS Base 7 base-7.0-87 AppVeyor via Core-talk

Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  <2020>  2021  2022  2023  2024 

Navigate by Thread:

Prev: Re: Compiler warning question Ralph Lange via Core-talk

Next: Re: Compiler warning question Chris Johns via Core-talk

Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  <2020>  2021  2022  2023  2024