Replaced last sprintf with snprintf #4007
Conversation
seanm
requested review from
lrknox,
derobins,
byrnHDF,
fortnern,
jhendersonHDF,
qkoziol,
vchoi-hdfgroup,
bmribler,
glennsong09,
mattjala and
brtnfld
as code owners
|
@byrnHDF @jhendersonHDF @hyoklee this last one is non-trivial... thoughts? |
seanm
force-pushed
the
sprintf-API-change
branch
from
1248819 to
b92d0a8
Compare
|
This approach seems reasonable and in line with other changes we made to H5O code when trying to clear up buffer overflow issues due to not knowing the size of the message buffers. Of course if you update the For the former case, it looks like that function is currently called in 7 places and each of those places appear to have some calculated size that could be used, though in several places you will also have to make adjustments to the size value passed based on a pointer into the message buffer. In short, seems reasonable but will definitely be a decent bit of work to have a reasonable value to pass for |
Is this changing public API? Any need for some kind of API version bump or anything like that?
I don't want to do that now. But it's probably a good idea, and will become possible with this groundwork. My motivation now is just to fix the compiler warnings about sprintf. |
It doesn't look like any sort of public API changes are needed here. It looks to all be in private code.
As sort of a half-measure, you could consider passing |
Oh ok great! I thought this was more of a breaking change.
Yeah, where I can't trivially determine the size, I'll do that. As you say, it's no worse than today. :) |
seanm
force-pushed
the
sprintf-API-change
branch
from
0bc302d to
c76e88a
Compare
|
So, I had to use But that can be some future PR... |
|
LGTM |
To have the size of the buffer, it was required to change a function signature, and change all users of it. In most cases, determining the buffer size wasn't trivial and so SIZE_MAX is passed. But at least this improves the infrastructure. Someone can later figure out the correct sizes.
seanm
force-pushed
the
sprintf-API-change
branch
from
5c5115b to
ac86ce8
Compare
seanm
changed the title
|
@qkoziol thanks. I've updated the commit message and removed the Draft flag. |
derobins
added
Priority - 1. High 🔼
* Replaced last sprintf with snprintf To have the size of the buffer, it was required to change a function signature, and change all users of it. In most cases, determining the buffer size wasn't trivial and so SIZE_MAX is passed. But at least this improves the infrastructure. Someone can later figure out the correct sizes.
* Remove oneapi return value warning. (#4028) * Replaced last sprintf with snprintf (#4007) * Replaced last sprintf with snprintf To have the size of the buffer, it was required to change a function signature, and change all users of it. In most cases, determining the buffer size wasn't trivial and so SIZE_MAX is passed. But at least this improves the infrastructure. Someone can later figure out the correct sizes. * Test vlen sequence IO in API tests (#4027) * Check argument for CMake REGEX FCMangle.h. (#4029) * Replace deprecated Fortran 'include mpif.h' with 'USE mpi' (#4031) With MPI 4.1 the use of the mpif.h include file has been deprecated. Codes should transition to USE mpi or USE mpi_f08. Signed-off-by: Christoph Niethammer <[email protected]> * Fix H5F_get_access_plist to copy file locking settings (#4030) H5F_get_access_plist previously did not copy over the file locking settings from a file into the new File Access Property List that it creates. This would make it difficult to match the file locking settings between an external file and its parent file. * Fix missing NOT from if check in HL folder (#4036) * Fix the datatype passed to H5*exists_async APIs in tests. (#4033) Add a new testing function to verify C_BOOL values. * Add deb and rpm binaries to snapshots (#4035) * Update and Add general INSTALL (#4016) * Improve performance of flushing single objects (#4017) Improve performance of flushing a single object, and remove metadata cache flush markers * Fix memory leak in H5LTopen_file_image when H5LT_FILE_IMAGE_DONT_COPY flag is used (#4021) When the H5LT_FILE_IMAGE_DONT_COPY flag is passed to H5LTopen_file_image, the internally-allocated udata structure gets leaked as the core file driver doesn't have a way to determine when or if it needs to call the 'udata_free' callback. This has been fixed by freeing the udata structure when the 'image_free' callback gets made during file close, where the file is holding the last reference to the udata structure. * Fix allocating too much memory in dset API test (#4041) * Don't try to load general-19 warnings file for icc (#4042) The Autools Classic Intel compiler configuration attempts to load a file named `general-19` from the intel-warnings/classic directory, which does not exist. This removes the attempted load of the file. * Remove unused AIX cross-compile cache overrides (#4043) The ibm-aix Autotools config file had some unmaintained and unnecessary Autoconf cache overrides. These have been removed. * Consolidate Autotools linux files (#4044) There are many architecture-specific linux files in the config directory, all of which simply redirect to linux-gnulibc1. This change renames linux-gnulibc1 to linux-gnu and deletes the more specific files. * Remove check for gettimeofday + tz in CMake (#4045) This is not used in the library * Remove limitations on preset generators (#4051) * Fix issue with FAPL file locking setting inheriting test (#4053) Fixes an issue where the HDF5_USE_FILE_LOCKING environment variable being set can interfere with the file locking setting that the test expects to be returned. * Bump the github-actions group with 2 updates (#4054) Bumps the github-actions group with 2 updates: [actions/download-artifact](https://github.com/actions/download-artifact) and [github/codeql-action](https://github.com/github/codeql-action). * Fix VOL-compatibility issues in External Link API test (#4039) Fix link API tests with incorrect filename * Add upddated cmake tools from source location (#4040) * Add options to allow tools type selection and naming (#4046) * Improve error messages when tools attempt to use non-enabled S3 and HDFS VFDs. (#4047) * Correct several 1.15/1.15.0 references to 1.14/1.14.4. * Ignore HDF5Examples/CMakeUserPresets.json
To replace the only remaining
sprintfwith safersnprintfthe size of the buffer needs to be known.But in this case will require non-trivial changes that need thought/discussion.
This is just to show the issue...