The -Wstringop-truncation option new in GCC 8 detects common misuses

of the strncat and strncpy function that may result in truncating
the copied string before the terminating NUL.  To avoid false positive
warnings for correct code that intentionally creates sequences of
characters that aren't guaranteed to be NUL-terminated, arrays that
are intended to store such sequences should be decorated with a new
nonstring attribute.  This change add this attribute to Glibc and
uses it to suppress such false positives.

ChangeLog:
	* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
	* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
	* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.

diff --git a/ChangeLog b/ChangeLog
index 167ff200e89d600704d96dcd988cf83ea80bcaa0..d7d81aceb70a73c135d5cf78de6ee78bb330892c 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2017-11-15  Martin Sebor  <msebor@redhat.com>
+
+       * misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+       * sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+       * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
 2017-11-15  Luke Shumaker  <lukeshu@parabola.nu>
 
        [BZ #22145]

diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
index cfd39d530200cd81f7de90206bf6ac869a30fd44..a603cb9df0f2522354e2da6ffac1f8d3f1ab0a0c 100644 (file)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -407,6 +407,15 @@
 # endif
 #endif
 
+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+   argument to strncpy and strncat, as the char array is not necessarily
+   a NUL-terminated string.  */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
 #if (!defined _Static_assert && !defined __cplusplus \
      && (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \
      && (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__))

diff --git a/sysdeps/gnu/bits/utmp.h b/sysdeps/gnu/bits/utmp.h
index 2ee11cb706fb239a2250b39f9dfe554db66c91e1..71c9fa2a9f95b89ef2ac5e0519293bbab7b5f14d 100644 (file)
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@@ -59,10 +59,13 @@ struct utmp
 {
   short int ut_type;           /* Type of login.  */
   pid_t ut_pid;                        /* Process ID of login process.  */
-  char ut_line[UT_LINESIZE];   /* Devicename.  */
+  char ut_line[UT_LINESIZE]
+    __attribute_nonstring__;   /* Devicename.  */
   char ut_id[4];               /* Inittab ID.  */
-  char ut_user[UT_NAMESIZE];   /* Username.  */
-  char ut_host[UT_HOSTSIZE];   /* Hostname for remote login.  */
+  char ut_user[UT_NAMESIZE]
+    __attribute_nonstring__;   /* Username.  */
+  char ut_host[UT_HOSTSIZE]
+    __attribute_nonstring__;   /* Hostname for remote login.  */
   struct exit_status ut_exit;  /* Exit status of a process marked
                                   as DEAD_PROCESS.  */
 /* The ut_session and ut_tv fields must be the same size when compiled

diff --git a/sysdeps/unix/sysv/linux/s390/bits/utmp.h b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
index 36114c3b0e672496d3f69e67fb21633d3273245b..f754f374b52349765220f88184753c0eb2b184a2 100644 (file)
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@@ -59,10 +59,13 @@ struct utmp
 {
   short int ut_type;           /* Type of login.  */
   pid_t ut_pid;                        /* Process ID of login process.  */
-  char ut_line[UT_LINESIZE];   /* Devicename.  */
+  char ut_line[UT_LINESIZE]
+     __attribute_nonstring__;  /* Devicename.  */
   char ut_id[4];               /* Inittab ID.  */
-  char ut_user[UT_NAMESIZE];   /* Username.  */
-  char ut_host[UT_HOSTSIZE];   /* Hostname for remote login.  */
+  char ut_user[UT_NAMESIZE]
+     __attribute_nonstring__;  /* Username.  */
+  char ut_host[UT_HOSTSIZE]
+     __attribute_nonstring__;  /* Hostname for remote login.  */
   struct exit_status ut_exit;  /* Exit status of a process marked
                                   as DEAD_PROCESS.  */
 /* The ut_session and ut_tv fields must be the same size when compiled