ports/openmpi
ports/openmpi
1
1
Форкнуть 0
Код Релизы Активность

string_copy: assert() fail if the copy is too long

Просмотр исходного кода 
Add a hueristic: if the string copy is "too long", fail an assert().
This is based on the premise that Open MPI doesn't do large string
copies.  So if we see a dest_len that is over a certain threshhold
(currently set at 128K), this is likely a programmer error, and on
debug builds, we should fail an assert().  In production builds, it
will work just fine (assuming that it's not a programmer error).

Signed-off-by: Jeff Squyres <jsquyres@cisco.com>
Этот коммит содержится в:
Jeff Squyres 2018-10-01 13:34:15 -07:00
родитель 0379a44678
Коммит 293a938d29
2 изменённых файлов: 30 добавлений и 5 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

16
opal/util/string_copy.c
Просмотреть файл

@ -9,15 +9,27 @@
#include "opal_config.h" #include "opal_config.h"
#include <assert.h>
#include "opal/util/string_copy.h" #include "opal/util/string_copy.h"
void opal_string_copy(char *dest, const char *src, size_t len) void opal_string_copy(char *dest, const char *src, size_t dest_len)
{ {
size_t i; size_t i;
char *new_dest = dest; char *new_dest = dest;
for (i = 0; i < len; ++i, ++src, ++new_dest) { // Open MPI does not do *giant* string copies. Hence, we use the
// hueristic: if "dest_len" is too large, this is a programmer
// error. We pseudo-arbitrarily pick a large value to be the max
// allowable dest_len: 128K. If we ever need to increase this
// value someday (because something has a legit reason to
// opal_string_copy() more than 128K), the core dumps that are
// generated by the assert() failure should make this fairly
// obvious.
assert(dest_len <= OPAL_MAX_SIZE_ALLOWED_BY_OPAL_STRING_COPY);
for (i = 0; i < dest_len; ++i, ++src, ++new_dest) {
*new_dest = *src; *new_dest = *src;
if ('\0' == *src) { if ('\0' == *src) {
return; return;

19
opal/util/string_copy.h
Просмотреть файл

@ -28,17 +28,23 @@ BEGIN_C_DECLS
/** /**
* Do a "safe" string copy (i.e., guarantee to \0-terminate the * Do a "safe" string copy (i.e., guarantee to \0-terminate the
* destination string). * destination string), and assert() fail if the copy length is too
* large (because we assume it is a programmer error).
* *
* @param dest Destination string buffer. * @param dest Destination string buffer.
* @param src Source string buffer. * @param src Source string buffer.
* @param len Length of the destination string buffer. * @param dest_len Length of the destination string buffer.
* *
* This function is similar to, but different than, strcpy() and * This function is similar to, but different than, strcpy() and
* strncpy(). * strncpy().
* *
* It is invalid to pass NULL for either dest or src. * It is invalid to pass NULL for either dest or src.
* *
* If dest_len is larger than
* OPAL_MAX_SIZE_ALLOWED_BY_OPAL_STRING_COPY, we assume that this is
* a programmer error (because Open MPI does not generally need to do
* large string copies), and will assert() fail / abort.
*
* There is no return value. * There is no return value.
* *
* This function will essentially do the same thing as strncpy(), * This function will essentially do the same thing as strncpy(),
@ -54,9 +60,16 @@ BEGIN_C_DECLS
* destination, and dest[len-1] will be set to '\0'. * destination, and dest[len-1] will be set to '\0'.
*/ */
OPAL_DECLSPEC void opal_string_copy(char *dest, const char *src, OPAL_DECLSPEC void opal_string_copy(char *dest, const char *src,
size_t len) size_t dest_len)
__opal_attribute_nonnull__(1) __opal_attribute_nonnull__(2); __opal_attribute_nonnull__(1) __opal_attribute_nonnull__(2);
/**
* Max dest_size allowed by opal_string_copy().
*
* See the description of opal_string_copy() for an explanation.
*/
#define OPAL_MAX_SIZE_ALLOWED_BY_OPAL_STRING_COPY (128 * 1024)
END_C_DECLS END_C_DECLS
#endif /* OPAL_STRING_COPY_H */ #endif /* OPAL_STRING_COPY_H */