Convert miscellaneous instances of sprintf to snprintf
#3077
Conversation
|
As in #3076 (comment), it appears that the buildbot/CI failures on this PR are not due to changes in the PR, but rather they are "preexisting" failures on the upstream source branch. |
tgross35
force-pushed
the
remove-sprintf-client-backup
branch
3 times, most recently
from
208739c
to
0d71656
Compare
|
This one should be ready for another look when you get the chance @dlenski |
| int res= snprintf(p, dstsize_available, "%x", ipv6_words[i]); | ||
| DBUG_ASSERT(res >= 0); |
There was a problem hiding this comment.
I don't think the return value of snprintf tells you anything useful here. https://linux.die.net/man/3/snprintf#:~:text=Concerning%20the%20return%20value%20of,large%20enough.
There was a problem hiding this comment.
It can return -1 if printing to a file fails or if there is an error in the format string. No chance of that as-is, but figure it's a trivial check to make sure we never accidentally increment the available size.
I only added this check in cases where we actually use the result, though it wouldn't be a terrible thing (if annoying) to have elsewhere
| dstsize_available= dstend - p; | ||
| int res= snprintf(p, dstsize_available, "%x", ipv6_words[i]); | ||
| DBUG_ASSERT(res >= 0); | ||
| p += res; |
There was a problem hiding this comment.
Should dstsize_available be decreased here as well? E.g. p += res; dstsize_available -= res;
There was a problem hiding this comment.
Actually it doesn't have to be set at all since it is only read once per block, I removed line 502 here. The other blocks do not update dstsize_available after doing the pointer math.
There was a problem hiding this comment.
Hm, https://github.com/MariaDB/server/compare/0d716561e096ffb2c71f83c1e5f3131cf7a02e8d..d457f92c44acb8f62fceb649a94672972b511102 failed CI which doesn't make sense. Maybe a fluke, will retry.
There was a problem hiding this comment.
Must have just been flaky, all required tests pass now
tgross35
force-pushed
the
remove-sprintf-client-backup
branch
4 times, most recently
from
e378995
to
e29c8a0
Compare
tgross35
force-pushed
the
remove-sprintf-client-backup
branch
from
e29c8a0
to
08b950f
Compare
tgross35
force-pushed
the
remove-sprintf-client-backup
branch
from
08b950f
to
cf87f76
Compare
Remove use of `sprintf` in favor of `snprintf` where indicated by deprecation warnings. Signed-off-by: Trevor Gross <[email protected]>
tgross35
force-pushed
the
remove-sprintf-client-backup
branch
from
cf87f76
to
bfda187
Compare
|
@LinuxJedi thanks, I changed the base to 10.5. Side question, about how often do syncs among the versions happen? |
| @@ -1428,10 +1428,12 @@ static void usage(void) | |||
| version Get version info from server"); | |||
| } | |||
|
|
|||
| #define SHOW_MSG_LEN (FN_REFLEN + 20) | |||
There was a problem hiding this comment.
Why introduce this #define SHOW_MSG_LEN? It only makes it harder to understand the code, that the right size is being passed to snprintf() (as opposed to just sizeof()), and that the buffer is large enough that it will not be truncated and corrupt the command to be contructed.
There was a problem hiding this comment.
You are right, I was thinking this existed elsewhere too somehow
There was a problem hiding this comment.
Actually this was by request to remove the magic values #3077 (comment)
There was a problem hiding this comment.
To be fair to @tgross35, our coding standards document is unclear for this specific instance. We should maybe update that section. In other projects, this would be the way to do things, maybe with a comment.
| @@ -1428,10 +1428,12 @@ static void usage(void) | |||
| version Get version info from server"); | |||
| } | |||
|
|
|||
| #define SHOW_MSG_LEN (FN_REFLEN + 20) | |||
| #define UINPUT_BUF_LEN 10 | |||
There was a problem hiding this comment.
Why introduce this #define UINPUT_BUF_LEN? This is unrelated to sprintf/snprintf(), should be done as a separate patch (or why do it at all, the code is simpler without the #define, it's only used in one place)
| snprintf(safe_process_name, SAFE_PROCESS_NAME_LEN, | ||
| "safe_process[%ld]", (long) own_pid); |
There was a problem hiding this comment.
Again, don't introduce SAFE_PROCESS_NAME_LEN. It only makes it harder to see that the buffer size is correct for the string being constructed, and that the correct length is passed to sprintf() (as opposed to using sizeof())
|
Also what about testing? The patch contains no test cases. The mysqladmin changes have a restriction on the database name of FN_REFLEN. It needs to be tested that database names up to this length work, and longer (eg. FN_REFLEN+1) throw an error higher in the code, so the snprintf() doesn't silently truncate the name and send a corrupted command to the server. If this is already covered by existing tests, it would be good to mention this in the commit comment. |
Remove use of
sprintfin favor ofsnprintfwhere indicated by deprecation warnings.Description
This is a portion of #2958
Release Notes
None needed
How can this PR be tested?
Compile with -Wdeprecated-declarations (I believe it is enabled by default for the relevant files) and use a version of libc that marks sprintf deprecated.
Basing the PR against the correct MariaDB version
PR quality check