Hey, Sorry for my late response, I sent a fix (v7): https://patches.dpdk.org/project/dpdk/patch/[email protected]/
I added another parameter to the parse function - the size of the memory pointed by addr. so the function signature now is: int XXX_parse(const char *name, void *addr, int addr_size, int *out_size) So I now use it in rte_strscpy. In addition, should I replace the call to rte_strscpy with strlcpy? > -----Original Message----- > From: Stephen Hemminger <[email protected]> > Sent: Tuesday, 11 February 2025 20:05 > To: Bruce Richardson <[email protected]> > Cc: Shani Peretz <[email protected]>; [email protected]; Parav Pandit > <[email protected]>; Xueming Li <[email protected]>; Nipun Gupta > <[email protected]>; Nikhil Agarwal <[email protected]>; Hemant > Agrawal <[email protected]>; Sachin Saxena > <[email protected]>; Rosen Xu <[email protected]>; Chenbo Xia > <[email protected]>; Tomasz Duszynski <[email protected]>; > Chengwen Feng <[email protected]>; NBU-Contact-longli > (EXTERNAL) <[email protected]>; Wei Hu <[email protected]>; Kevin > Laatz <[email protected]>; Tyler Retzlaff <[email protected]>; > Jan Blunck <[email protected]> > Subject: Re: [PATCH v5 2/4] lib: fix comparison between devices > > External email: Use caution opening links or attachments > > > On Tue, 11 Feb 2025 17:54:26 +0000 > Bruce Richardson <[email protected]> wrote: > > > On Tue, Feb 11, 2025 at 09:48:32AM -0800, Stephen Hemminger wrote: > > > On Thu, 6 Feb 2025 02:08:36 +0200 > > > Shani Peretz <[email protected]> wrote: > > > > > > > static int > > > > -cdx_parse(const char *name, void *addr) > > > > +cdx_parse(const char *name, void *addr, int *size) > > > > { > > > > - const char **out = addr; > > > > int ret; > > > > > > > > ret = strncmp(name, CDX_DEV_PREFIX, strlen(CDX_DEV_PREFIX)); > > > > > > > > - if (ret == 0 && addr) > > > > - *out = name; > > > > + if (ret != 0) > > > > + return ret; > > > > + > > > > + if (size != NULL) > > > > + *size = strlen(name) + 1; > > > > + > > > > + if (addr != NULL) > > > > + rte_strscpy(addr, name, strlen(name) + 1); > > > > > > Why use rte_strscpy() here? > > > > > > The intention of strscpy() is to handle case where the resulting > > > buffer is limited in size. By using the input string length you > > > aren't really doing anything different than strcpy(). Still unsafe if > > > output > (addr) is not big enough. > > > > And using strlcpy is probably fine too, without having to use > > dpdk-specific string functions. > > > > /Bruce > > The issue is that any length argument needs to come from caller based on the > size of the target buffer. Not from length of source string. > > If you want to make parse code string safe, then either size needs to be > always > present and in/out parameter or need to have a src_size and resulting size as > separate params.
