Consistent returns from ssnprintf/__ssnprintf wrappers, add ssnprintf2 for optional error handling. #3283
Conversation
Change-Id: Idab2c4ffa242a73b651f1b056f85f905e356c5ac
…ssnprintf wrapper
… on truncation in future
zebity
changed the title
zebity
changed the title
zebity
changed the title
zebity
changed the title
|
Thank you, I'll try to get back to this asap. |
| @@ -89,8 +89,7 @@ char *sstrncpy(char *dest, const char *src, size_t n) { | |||
| return dest; | |||
| } /* char *sstrncpy */ | |||
|
|
|||
| /* ssnprintf returns zero on success, one if truncation occurred | |||
| and a negative integer onerror. */ | |||
| /* ssnprintf returns result from vsnprintf conistent with snprintf */ | |||
There was a problem hiding this comment.
so how is this function different then from snprintf?
There was a problem hiding this comment.
Hi @rubenk the ssnprintf wrapper was introduced to get around GCC 8.2/.3 warning, only, there is no functional difference.
The original suggested fix included changing return to allow handling of truncation, however as this broke stuff.
So I to allow for future handling of truncation, case I added ssnprintf2 case.
Also to ensure that the other case that had the alternated return case (in collectdctl.c), I updated this to be consistent with snprintf.
As per discussion below, this was all driven by compiler behaviour rather than feature/fix need and yes the amount of code touched was greater than desired.
Cheers.
src/utils/common/common.c
Outdated
|
|
||
| /* ssnprintf2 returns zero on success, one if truncation occurred | ||
| and a negative integer on error. */ | ||
| int ssnprintf2(char *str, size_t sz, const char *format, ...) { |
There was a problem hiding this comment.
It seems that this does exactly the same as snprintf and ssnprintf, or am I missing something?
There was a problem hiding this comment.
The return value is different, and I assume the idea is to provide both.
There was a problem hiding this comment.
you can detect truncation with snprintf just fine, so I don't see how this helps.
|
I'm sorry for perhaps sounding so negative, but this has all turned into a bit of a mess.
Some of those truncation issues are real and we should fix them, some of them are not. Adding wrappers around them will never get them fixed. Admittingly checking every call site is a lot of work. What I'd rather see is that we stop building with -Werror by default (most distros already turn that of). We could then turn -Werror on in CI, but turn the truncation errors into warnings (-Wno-error=stringop-truncation or something like that). We'll still see the warnings and can fix them in due time. How does that sound? |
|
I agree, this sounds like a good plan to go forward. So the next step(s) would be to revert the ssnprintf changes and to fix potential truncation. Ideally, we'd remove ssnprintf and at the same time, fixing truncation warnings. I'd prefer to keep warnings as errors. |
|
sounds like a plan. Wrapper was put in place due to number of places that -Werror broke build. Remember that if you keep -Werror on in CI then all the builds will fail :-( The amount of work required to get rid of warnings (assuming change the compile flags) is around approximately 67 files that where updated originally. It was the large number of files being changed that blocked getting this done. I suspect that most of these files are dormant in terms of change so getting them fixed on an "as needs" basis will be slow process. BTW, if we do turn off of -Werror with -W-Wno-error=stringop-truncation then its pretty easy to wind out all the auto-edits back to where they were, as I have record of all the original changs. Cheers, zebity |
|
a quick find / grep indicates that there are 67 files with ssnprintf wrapper and 19 of these actually appear to use the return value. So if any rework is going to be done then it would make sense to start with ones that use the return value, as these are potentially sensitive to truncation. On different note, the number of plugins (there are around 60 libraries required to build for Debian package) and potential rate of change across these means that the release rate will have turn up substantially to allow collectd to keep up with changes forced to keep plugins current. I think this is reflected by the very number of forked repositories. Cheers, Zebity. |
|
@mrunge yes to #3318 and I commend and thank you for your hard graft in keeping the wheels turning. I was just doing some "out loud thinking...". I have been looking at the GitHub statistics and it would be really helpful to have some sense of rate of change across the entire code base (ie change with core vs change within pluggins and bug fix / currency driven change vs feature change. Also I am a bit stunned by the 1000 or so forks... are these all mostly dormant or is there a whole lot of work happening outside of main branch ? As I said I so just "thinking out loud" and will see if I can pull together some sort of statistical view. EDIT: Also so I have reviewed the 5.10 open list and see this merge is one of items. My proposal at this point is remove the wrapper from the 19 functions that use the return (or least try to.., with appropriate caution and testing) and to leave the others us is (otherwise we will never get 5.10 out the door). Let me know your thoughts and I will do my bit of the work. |
|
@rjablonx @mrunge I ask if you could please review and merge this request. I have now wound out anything that is pre-emptive of immediate need (ie ssnprintf2 proposal), so change now just ensures that collectdctl.c is aligned with @faxm0dem fix (#3237). I will not do any further changes related to the ssnprintf wrappers via this request. I think that is is consistent with approach of letting primary owner / maintainers of the various 67 files updated to be able to be involved in any further remediation. For the initial identified set of 29, I believe the best approach would be equivalent 29 individual pull requests, which can run then there own course and with their own priority. I will be good to get this initial bulk change (and associated formatting clean up) done and dusted. Cheers, Zebity |
|
@mrunge many thanks. FYI, I have updated test server to Ubuntu 19.10 so next step will be to test current 5.9.2/5.10.0 build against that and ensure all is ok on this update. Cheers, Zebity |
ChangeLog: collectd: Consistent ssnprintf/__ssnprintf returns, new ssnprintf2 for error handling.
@mrunge cherry picked fix for ssnprintf wrapper #3237 (mea culpa) back into master, thank you @faxm0dem . Applied same update to __ssnprintf wrapper in src/collectdctl.c for return result consistency and ensured opening comments consistent with code.
As per original suggestion from @octo (#2895) I have also added second wrapper ssnprintf2 into src/utils/common/common.c . This has the same return behaviour of original suggestion (which resulted in problem), so that in future if we want to add error handling for truncation (rather than ignore it) then this can be done on case by case basis.
The degree of impact of adding truncation error handling is to large to do in single hit, as I don't want to risk breaking code base a second time.
Thanks to all for continued updates into collectd.