diff mbox series

[v3,5/5] telemetry: remove VLA in json string format function

Message ID 20230405160326.186921-6-bruce.richardson@intel.com (mailing list archive)
State Accepted, archived
Delegated to: Thomas Monjalon
Headers
Series telemetry: remove variable length arrays |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/loongarch-compilation success Compilation OK
ci/loongarch-unit-testing fail Unit Testing FAIL
ci/github-robot: build success github build: passed
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS
ci/iol-broadcom-Functional success Functional Testing PASS
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/Intel-compilation success Compilation OK
ci/intel-Testing success Testing PASS
ci/intel-Functional success Functional PASS
ci/iol-aarch64-unit-testing success Testing PASS
ci/iol-abi-testing success Testing PASS
ci/iol-aarch64-compile-testing success Testing PASS
ci/iol-unit-testing fail Testing issues
ci/iol-x86_64-compile-testing success Testing PASS
ci/iol-testing success Testing PASS
ci/iol-x86_64-unit-testing fail Testing issues

Commit Message

Bruce Richardson April 5, 2023, 4:03 p.m. UTC 
  Since variable length arrays (VLAs) are potentially insecure and
unsupported by some compilers, rework the code to remove their use. As
with previous changes to remove VLAs in the telemetry code, this
function uses two methods to avoid modifying the buffer when adding to
it fails:
* if there are only a few characters in the buffer, save them off to
  restore on failure, then use the buffer as-is,
* otherwise use malloc rather than a VLA to allocate a temporary buffer
  and copy from that on success only.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
---
 app/test/test_telemetry_json.c |  2 +-
 lib/telemetry/telemetry_json.h | 19 +++++++++++++++++--
 2 files changed, 18 insertions(+), 3 deletions(-)

Comments

Tyler Retzlaff April 7, 2023, 7:54 p.m. UTC | #1 
On Wed, Apr 05, 2023 at 05:03:26PM +0100, Bruce Richardson wrote:
> Since variable length arrays (VLAs) are potentially insecure and
> unsupported by some compilers, rework the code to remove their use. As
> with previous changes to remove VLAs in the telemetry code, this
> function uses two methods to avoid modifying the buffer when adding to
> it fails:
> * if there are only a few characters in the buffer, save them off to
>   restore on failure, then use the buffer as-is,
> * otherwise use malloc rather than a VLA to allocate a temporary buffer
>   and copy from that on success only.
> 
> Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
> ---

Acked-by: Tyler Retzlaff <roretzla@linux.microsoft.com>
David Marchand May 25, 2023, 7:12 a.m. UTC | #2 
On Wed, Apr 5, 2023 at 6:05 PM Bruce Richardson
<bruce.richardson@intel.com> wrote:
>
> Since variable length arrays (VLAs) are potentially insecure and
> unsupported by some compilers, rework the code to remove their use. As
> with previous changes to remove VLAs in the telemetry code, this
> function uses two methods to avoid modifying the buffer when adding to
> it fails:
> * if there are only a few characters in the buffer, save them off to
>   restore on failure, then use the buffer as-is,
> * otherwise use malloc rather than a VLA to allocate a temporary buffer
>   and copy from that on success only.
>
> Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
> ---
>  app/test/test_telemetry_json.c |  2 +-
>  lib/telemetry/telemetry_json.h | 19 +++++++++++++++++--
>  2 files changed, 18 insertions(+), 3 deletions(-)

This change triggers a unit test failure ("interestingly" only with
gcc, I can't reproduce with clang).

$ ninja -C build-gcc && ./build-gcc/app/test/dpdk-test --no-huge -m
2048 --iova=va -- telemetry_json_autotest
ninja: Entering directory `build-gcc'
ninja: no work to do.
EAL: Detected CPU lcores: 16
EAL: Detected NUMA nodes: 1
EAL: Detected shared linkage of DPDK
EAL: Multi-process socket /run/user/114840/dpdk/rte/mp_socket
EAL: Selected IOVA mode 'VA'
APP: HPET is not enabled, using TSC as default timer
RTE>>telemetry_json_autotest
test_basic_array: buf = '["meaning of life",42]', expected =
'["meaning of life",42]'
OK
test_basic_obj: buf = '{"weddings":4,"funerals":1}', expected =
'{"weddings":4,"funerals":1}'
OK
test_overflow_array: buf = '', expected = '["Arsenal","Chelsea"]'
ERROR
Test Failed


I guess we need:

diff --git a/lib/telemetry/telemetry_json.h b/lib/telemetry/telemetry_json.h
index 7999535848..7a246deacb 100644
--- a/lib/telemetry/telemetry_json.h
+++ b/lib/telemetry/telemetry_json.h
@@ -153,7 +153,7 @@ __json_format_str(char *buf, const int len, const
char *prefix, const char *str,

        ret = __json_format_str_to_buf(tmp, len, prefix, str, suffix);
        if (ret > 0)
-               strcpy(buf, saved);
+               strcpy(buf, tmp);

        free(tmp);
        return ret;
diff mbox series

Patch

diff --git a/app/test/test_telemetry_json.c b/app/test/test_telemetry_json.c
index e81e3a8a98..5617eac540 100644
--- a/app/test/test_telemetry_json.c
+++ b/app/test/test_telemetry_json.c
@@ -129,7 +129,7 @@  test_string_char_escaping(void)
 {
 	static const char str[] = "A string across\ntwo lines and \"with quotes\"!";
 	const char *expected = "\"A string across\\ntwo lines and \\\"with quotes\\\"!\"";
-	char buf[sizeof(str) + 10];
+	char buf[sizeof(str) + 10] = "";
 	int used = 0;
 
 	used = rte_tel_json_str(buf, sizeof(buf), used, str);
diff --git a/lib/telemetry/telemetry_json.h b/lib/telemetry/telemetry_json.h
index c087b833eb..7999535848 100644
--- a/lib/telemetry/telemetry_json.h
+++ b/lib/telemetry/telemetry_json.h
@@ -134,13 +134,28 @@  __json_format_str_to_buf(char *buf, const int len,
 static inline int
 __json_format_str(char *buf, const int len, const char *prefix, const char *str, const char *suffix)
 {
-	char tmp[len];
 	int ret;
+	char saved[4] = "";
+	char *tmp;
+
+	if (strnlen(buf, sizeof(saved)) < sizeof(saved)) {
+		/* we have only a few bytes in buffer, so save them off to restore on error*/
+		strcpy(saved, buf);
+		ret = __json_format_str_to_buf(buf, len, prefix, str, suffix);
+		if (ret == 0)
+			strcpy(buf, saved); /* restore */
+		return ret;
+	}
+
+	tmp = malloc(len);
+	if (tmp == NULL)
+		return 0;
 
 	ret = __json_format_str_to_buf(tmp, len, prefix, str, suffix);
 	if (ret > 0)
-		strcpy(buf, tmp);
+		strcpy(buf, saved);
 
+	free(tmp);
 	return ret;
 }