replace sprintf with strcpy to avoid GCC warning [BZ#28439]
Checks
Commit Message
The patch below replaces a call to sprintf with an equivalent
pair of strcpy calls to avoid a GCC false positive due to
a recent optimizer improvement (still under review).
I considered using #pragma GCC diagnostic but using strcpy
here seems to me preferable than sprintf: thanks to
the precondition check it's equally as safe but lighter-weight
and no less readable.
Tested on x86_64-linux running Fedora 29.
Martin
index 75b0e5f2f7..31ab1db60b 100644
Comments
* Martin Sebor via Libc-alpha:
> The patch below replaces a call to sprintf with an equivalent
> pair of strcpy calls to avoid a GCC false positive due to
> a recent optimizer improvement (still under review).
What's the warning? Can we use __snprintf instead?
The context looks like this:
char nbuf[MAXDNAME];
size_t n, d;
n = strlen(name);
d = strlen(domain);
if (n + d + 1 >= MAXDNAME) {
RES_SET_H_ERRNO(statp, NO_RECOVERY);
return (-1);
}
sprintf(nbuf, "%s.%s", name, domain);
So it should be possible to use something like this (untested):
char nbuf[MAXDNAME + 1];
/* nbuf[MAXDNAME] is used to detect overlong inputs. */
nbuf[MAXDNAME] = '\0';
__snprintf (nbuf, sizeof (nbuf), "%s.%s", name, domain);
if (nbuf[MAXDNAME] != '\0')
{
RES_SET_H_ERRNO(statp, NO_RECOVERY);
return -1;
}
But I don't know what the warning is about, and if it would still
trigger.
@@ -610,7 +610,9 @@ __res_context_querydomain (struct resolv_context *ctx,
RES_SET_H_ERRNO(statp, NO_RECOVERY);
return (-1);
}
- sprintf(nbuf, "%s.%s", name, domain);
+ strcpy (nbuf, name);
+ nbuf[n] = '.';
+ strcpy (nbuf + n + 1, domain);
}
return __res_context_query (ctx, longname, class, type, answer,
anslen, answerp, answerp2, nanswerp2,