From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Y5akW7yP; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id 472805A0BB9 for ; Fri, 14 Nov 2025 01:01:42 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1763078501; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fmD1Liau+uNMYLV3M2OOi0Wz4qcqg8zkMtIeoRN98SM=; b=Y5akW7yPDJrbsYdNOTf9KRAKp8gHAozUCZwpJh9UsnVg8XxI8JCwl2wjBT20qkQYgVUXd8 kpVZGFLWvrbvc/Pu+P+OygrggmDLlEbLsqFxK4o2q46aHcNF9FkGd3hC/D5ZgZxdkNGeL6 7HbN6HtfbNR2JvSjc7VTn4WeqgIR2Cs= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-102-tembpbufMMOkH5pRavAVrA-1; Thu, 13 Nov 2025 19:01:39 -0500 X-MC-Unique: tembpbufMMOkH5pRavAVrA-1 X-Mimecast-MFC-AGG-ID: tembpbufMMOkH5pRavAVrA_1763078499 Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-429cbed2b8fso568312f8f.1 for ; Thu, 13 Nov 2025 16:01:39 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763078498; x=1763683298; h=content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:date:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=fmD1Liau+uNMYLV3M2OOi0Wz4qcqg8zkMtIeoRN98SM=; b=Xe2c9DrcW3cqI5fm0btBRqr317RNEVJJBBwYHGqHQZMlQWrm9AS4dBthxAftnnejaV iZvntB8VqmlI+DcW9NdqdXeZ902/s+cnq+uLUvNV++DwrynTnDgEWZ5O2XfsJCLT8dLS S5dUZ4NZafdXbBZNv7Ni2qU7Q0ugYhlYmIyAJRZNZsLGd1j4lfiuWJaMr7D6oD/hAU0J 3uRtRElUwsEE0uUdVmiW3ABUDKHlmuUb4erdws1HU6vJQA/LVFjCGTpXYwt4kjV65dCu QfC6i1XJsmIkoFkzLgyGmjXZQaKO8h/Hfj6bo1INk6SA1XMAvmir47lJze6o3PZfMeCq 2JaA== X-Gm-Message-State: AOJu0YzgfwHLGKoA9FjJIyxyKNt1MPcYOPKs027tizqMF6Rg0qtG8DBc ET7b1KvzHgepbfhB/ONjh3Cfy5j7t8pHGqMvR7rqlmXgKnrMo+nqpU+/1OtlvNj3MhOBIcGbxnU azL787C3aSKcHXTcWiM6ToIdZMZL4cSv8MQTtmx6fxjwI4t/VHtp4xg== X-Gm-Gg: ASbGncsapL3SDkILYw02F0vjeFp0HL6936AUareAJeUWr3dU8csjxXjjIme93HDvQ4I lLYUs5x9UxGnEuth1Y5WlZ3Bx7FqifI96tlyGgJKx/36AKxjXjrqJHA3C1ZM0s7QO6AsF8qPiNO q7EM3tFLf5P0FDesS/8YsIumAxa4rDBMXIrct6LydLvxx8+kbY1C2k5mS4eQaHvwF9zX47h91n/ Ryyyk3h1hWTMiDQjGXTD7IGOZh5sm77GQYjHeZSlx4m8XJydUEEz06IrVxzMrdml2kRVB58j6UM pqxCkGAyCV/yTgbsthRmnZmjBMxuWmmXM/2LodpIHp7NuJJ7Bdu2/zAL5Y4DbsHB9WjPUDjjuQY 6GJtoTyBlmEyLHTxBBEz2GVkueA2zYNuN0KgcWA== X-Received: by 2002:a05:6000:420a:b0:429:d725:410c with SMTP id ffacd0b85a97d-42b59373658mr924232f8f.44.1763078498406; Thu, 13 Nov 2025 16:01:38 -0800 (PST) X-Google-Smtp-Source: AGHT+IHBXBaQoAS1wwomvHwfE5fggE0xJxQWXGOaiMqBr7DOztnPbyH5d8ys0WFok+OTBjKmbBxA2A== X-Received: by 2002:a05:6000:420a:b0:429:d725:410c with SMTP id ffacd0b85a97d-42b59373658mr924211f8f.44.1763078497920; Thu, 13 Nov 2025 16:01:37 -0800 (PST) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [176.103.220.4]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-42b53e7b074sm6310526f8f.7.2025.11.13.16.01.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 16:01:37 -0800 (PST) Date: Fri, 14 Nov 2025 01:01:34 +0100 From: Stefano Brivio To: Yumei Huang Subject: Re: [PATCH v8 2/6] util: Introduce read_file() and read_file_integer() function Message-ID: <20251114010134.6a79cb30@elisabeth> In-Reply-To: <20251110093137.87705-3-yuhuang@redhat.com> References: <20251110093137.87705-1-yuhuang@redhat.com> <20251110093137.87705-3-yuhuang@redhat.com> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: OxLsHVZEyTM2V-dnb_n8aJ9kMZBWntprrO7-mUXc1JQ_1763078499 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID-Hash: SBKYZBX6AGKG6VFLFPZUHCOETZAUQGP6 X-Message-ID-Hash: SBKYZBX6AGKG6VFLFPZUHCOETZAUQGP6 X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, david@gibson.dropbear.id.au X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Mon, 10 Nov 2025 17:31:33 +0800 Yumei Huang wrote: > Signed-off-by: Yumei Huang > Reviewed-by: David Gibson > --- > util.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > util.h | 2 ++ > 2 files changed, 88 insertions(+) > > diff --git a/util.c b/util.c > index 44c21a3..c4c849c 100644 > --- a/util.c > +++ b/util.c > @@ -590,6 +590,92 @@ int write_file(const char *path, const char *buf) > return len == 0 ? 0 : -1; > } > > +/** > + * read_file() - Read contents of file into a NULL-terminated buffer > + * @path: Path to file to read > + * @buf: Buffer to store file contents > + * @buf_size: Size of buffer > + * > + * Return: number of bytes read on success, -1 on error, -ENOBUFS on truncation > + */ > +ssize_t read_file(const char *path, char *buf, size_t buf_size) > +{ > + int fd = open(path, O_RDONLY | O_CLOEXEC); > + size_t total_read = 0; > + ssize_t rc; > + > + if (fd < 0) { > + warn_perror("Could not open %s", path); > + return -1; > + } > + > + while (total_read < buf_size) { > + rc = read(fd, buf + total_read, buf_size - total_read); cppcheck rightfully says that: util.c:604:10: style: The scope of the variable 'rc' can be reduced. [variableScope] ssize_t rc; ^ > + > + if (rc < 0) { > + warn_perror("Couldn't read from %s", path); > + close(fd); > + return -1; > + } > + > + if (rc == 0) > + break; > + > + total_read += rc; > + } > + > + close(fd); > + > + if (total_read == buf_size) { > + warn("File %s contents exceed buffer size %zu", path, > + buf_size); > + buf[buf_size - 1] = '\0'; I suggested we need this, but Coverity Scan points out that: --- /home/sbrivio/passt/util.c:631:3: Type: Overflowed constant (INTEGER_OVERFLOW) /home/sbrivio/passt/util.c:606:2: 1. path: Condition "fd < 0", taking false branch. /home/sbrivio/passt/util.c:611:2: 2. path: Condition "total_read < buf_size", taking false branch. /home/sbrivio/passt/util.c:628:2: 3. path: Condition "total_read == buf_size", taking true branch. /home/sbrivio/passt/util.c:631:3: 4. overflow_const: Expression "buf_size - 1UL", where "buf_size" is known to be equal to 0, underflows the type of "buf_size - 1UL", which is type "unsigned long". --- in the (faulty) case where somebody calls this with 0 as buf_size. On the other hand, the passed value of buf_size might be a result of a wrong calculation, and in that case we don't want to write some unrelated value on the stack of the caller or smash the stack. We could ASSERT(buf_size), but in the future we might abuse read_file() to just check that a file is there and can be read, instead of actually reading it. So maybe we could just return (after closing fd) before read() on !buf_size? > + return -ENOBUFS; > + } > + > + buf[total_read] = '\0'; > + > + return total_read; > +} > + > +/** > + * read_file_integer() - Read an integer value from a file > + * @path: Path to file to read > + * @fallback: Default value if file can't be read > + * > + * Return: integer value, @fallback on failure > + */ > +intmax_t read_file_integer(const char *path, intmax_t fallback) > +{ > + ssize_t bytes_read; > + char buf[BUFSIZ]; > + intmax_t value; > + char *end; > + > + bytes_read = read_file(path, buf, sizeof(buf)); > + > + if (bytes_read < 0) > + return fallback; > + > + if (bytes_read == 0) { > + debug("Empty file %s", path); > + return fallback; > + } > + > + errno = 0; > + value = strtoimax(buf, &end, 10); > + if (*end && *end != '\n') { > + debug("Non-numeric content in %s", path); > + return fallback; > + } > + if (errno) { > + debug("Out of range value in %s: %s", path, buf); > + return fallback; > + } > + > + return value; > +} > + > #ifdef __ia64__ > /* Needed by do_clone() below: glibc doesn't export the prototype of __clone2(), > * use the description from clone(2). > diff --git a/util.h b/util.h > index a0b2ada..c1502cc 100644 > --- a/util.h > +++ b/util.h > @@ -229,6 +229,8 @@ void pidfile_write(int fd, pid_t pid); > int __daemon(int pidfile_fd, int devnull_fd); > int fls(unsigned long x); > int write_file(const char *path, const char *buf); > +ssize_t read_file(const char *path, char *buf, size_t buf_size); > +intmax_t read_file_integer(const char *path, intmax_t fallback); > int write_all_buf(int fd, const void *buf, size_t len); > int write_remainder(int fd, const struct iovec *iov, size_t iovcnt, size_t skip); > int read_all_buf(int fd, void *buf, size_t len); -- Stefano