• Linus Torvalds's avatar
    qnx4: avoid stringop-overread errors · b7213ffa
    Linus Torvalds authored
    The qnx4 directory entries are 64-byte blocks that have different
    contents depending on the a status byte that is in the last byte of the
    block.
    
    In particular, a directory entry can be either a "link info" entry with
    a 48-byte name and pointers to the real inode information, or an "inode
    entry" with a smaller 16-byte name and the full inode information.
    
    But the code was written to always just treat the directory name as if
    it was part of that "inode entry", and just extend the name to the
    longer case if the status byte said it was a link entry.
    
    That work just fine and gives the right results, but now that gcc is
    tracking data structure accesses much more, the code can trigger a
    compiler error about using up to 48 bytes (the long name) in a structure
    that only has that shorter name in it:
    
       fs/qnx4/dir.c: In function ‘qnx4_readdir’:
       fs/qnx4/dir.c:51:32: error: ‘strnlen’ specified bound 48 exceeds source size 16 [-Werror=stringop-overread]
          51 |                         size = strnlen(de->di_fname, size);
             |                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~
       In file included from fs/qnx4/qnx4.h:3,
                        from fs/qnx4/dir.c:16:
       include/uapi/linux/qnx4_fs.h:45:25: note: source object declared here
          45 |         char            di_fname[QNX4_SHORT_NAME_MAX];
             |                         ^~~~~~~~
    
    which is because the source code doesn't really make this whole "one of
    two different types" explicit.
    
    Fix this by introducing a very explicit union of the two types, and
    basically explaining to the compiler what is really going on.
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    b7213ffa
dir.c 2.5 KB