[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libvirt] [PATCH] Ensure virStrerror always sets an error string
From: |
Eric Blake |
Subject: |
Re: [libvirt] [PATCH] Ensure virStrerror always sets an error string |
Date: |
Wed, 18 May 2011 11:27:28 -0600 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110428 Fedora/3.1.10-1.fc14 Lightning/1.0b3pre Mnenhy/0.8.3 Thunderbird/3.1.10 |
[adding bug-gnulib]
On 05/18/2011 11:07 AM, Daniel P. Berrange wrote:
> strerror_r() is free to not set any error string, if the passed
> errno is not valid. It may, however, still return a pointer to
> the original passed in buffer. This resulting in random garbage
> from the stack being present as the error string.
Indeed. However, I'm inclined to NACK the libvirt patch, because:
Right now, gnulib guarantees that strerror() always gives a useful
result (non-empty string for all errno values, even though POSIX allows
an empty string), but the strerror_r-posix module is not making those
same guarantees.
Therefore, I argue that this is a bug in gnulib. We should be changing
the strerror_r-posix module to guarantee sane behavior, rather than just
bare-minimum compliance, even if that means replacing strerror_r on a
few more platforms.
> +++ b/src/util/virterror.c
> @@ -1267,9 +1267,13 @@ const char *virStrerror(int theerrno, char *errBuf,
> size_t errBufLen)
> int save_errno = errno;
> const char *ret;
>
> + memset(errBuf, 0, errBufLen);
That's a bit time-consuming, especially if errBufLen is MUCH bigger than
the message to be printed. It would suffice to simply do *errbuf=0.
> strerror_r(theerrno, errBuf, errBufLen);
> ret = errBuf;
> errno = save_errno;
> +
> + if (ret[0] == '\0')
> + strncpy(errBuf, _("Unknown errno"), errBufLen);
> return ret;
> }
>
--
Eric Blake address@hidden +1-801-349-2682
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
- Re: [libvirt] [PATCH] Ensure virStrerror always sets an error string,
Eric Blake <=