| Message ID | 20210518140134.31541-1-julien@xen.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | Use const whenever we point to literal strings (take 1) | expand |
On 18/05/2021 15:01, Julien Grall wrote: > From: Julien Grall <jgrall@amazon.com> > > Hi all, > > By default, both Clang and GCC will happily compile C code where > non-const char * point to literal strings. This means the following > code will be accepted: > > char *str = "test"; > > str[0] = 'a'; > > Literal strings will reside in rodata, so they are not modifiable. > This will result to an permission fault at runtime if the permissions > are enforced in the page-tables (this is the case in Xen). > > I am not aware of code trying to modify literal strings in Xen. > However, there is a frequent use of non-const char * to point to > literal strings. Given the size of the codebase, there is a risk > to involuntarily introduce code that will modify literal strings. > > Therefore it would be better to enforce using const when pointing > to such strings. Both GCC and Clang provide an option to warn > for such case (see -Wwrite-strings) and therefore could be used > by Xen. > > This series doesn't yet make use of -Wwrite-strings because > the tree is not fully converted. Instead, it contains some easy > and non-controversial use of const in the code. > > Julien Grall (2): > xen/char: console: Use const whenever we point to literal strings > tools/console: Use const whenever we point to literal strings I have committed the two patches. > > tools/console/client/main.c | 4 ++-- > tools/console/daemon/io.c | 15 ++++++++------- > xen/drivers/char/console.c | 7 ++++--- > 3 files changed, 14 insertions(+), 12 deletions(-) >
From: Julien Grall <jgrall@amazon.com> Hi all, By default, both Clang and GCC will happily compile C code where non-const char * point to literal strings. This means the following code will be accepted: char *str = "test"; str[0] = 'a'; Literal strings will reside in rodata, so they are not modifiable. This will result to an permission fault at runtime if the permissions are enforced in the page-tables (this is the case in Xen). I am not aware of code trying to modify literal strings in Xen. However, there is a frequent use of non-const char * to point to literal strings. Given the size of the codebase, there is a risk to involuntarily introduce code that will modify literal strings. Therefore it would be better to enforce using const when pointing to such strings. Both GCC and Clang provide an option to warn for such case (see -Wwrite-strings) and therefore could be used by Xen. This series doesn't yet make use of -Wwrite-strings because the tree is not fully converted. Instead, it contains some easy and non-controversial use of const in the code. Julien Grall (2): xen/char: console: Use const whenever we point to literal strings tools/console: Use const whenever we point to literal strings tools/console/client/main.c | 4 ++-- tools/console/daemon/io.c | 15 ++++++++------- xen/drivers/char/console.c | 7 ++++--- 3 files changed, 14 insertions(+), 12 deletions(-)