public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/109352] New: Feature request: warn about "u64 = u32 * u32" and similar
@ 2023-03-31 7:01 zhangboyang.id at gmail dot com
2023-03-31 7:12 ` [Bug c/109352] " pinskia at gcc dot gnu.org
2023-03-31 7:16 ` pinskia at gcc dot gnu.org
0 siblings, 2 replies; 3+ messages in thread
From: zhangboyang.id at gmail dot com @ 2023-03-31 7:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109352
Bug ID: 109352
Summary: Feature request: warn about "u64 = u32 * u32" and
similar
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: zhangboyang.id at gmail dot com
Target Milestone: ---
Hi,
Please consider give warnings about "u64 = u32 * u32" and similar statements.
In most cases, programmers want "u64 = (uint64_t) u32 * (uint64_t) u32" instead
of "u64 = (uint32_t) u32 * (uint32_t) u32".
This cause real world problems. In a security bug of GNU GRUB2 (CVE-2022-2601,
reported by me), a similar expression causes interger overflow therefore heap
overwrite. The simplified code is like below:
struct bitmap {
uint32_t width, height;
uint8_t pixel[];
};
bmp = malloc(sizeof(struct bitmap) + width * height / 8);
In the above example, if width==65536 and height==65536, then width*height will
overflow to 0. Thus the allocated memory is smaller than expected.
I'm not a compiler expert, so I can't give a precise definition of which
statements should be warned. But I come up with some example code, please see
below:
1)
uint64_t pow2(int n)
{
return 1 << n; // I think almost everyone was hit by this :)
return 1U << n; // or this
}
2)
double area(float b, float h)
{
return b * h / 2.0; // lose precision
}
3)
uint64_t add(uint64_t base, uint32_t a, uint32_t b)
{
return base + (a + b); // it's different from "base + a + b"
}
By the way, if a programmer think a warning is unnecessary, it should be able
to suppressed by "u64 = (uint32_t)(u32 * u32);"
Zhang Boyang
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug c/109352] Feature request: warn about "u64 = u32 * u32" and similar
2023-03-31 7:01 [Bug c/109352] New: Feature request: warn about "u64 = u32 * u32" and similar zhangboyang.id at gmail dot com
@ 2023-03-31 7:12 ` pinskia at gcc dot gnu.org
2023-03-31 7:16 ` pinskia at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-03-31 7:12 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109352
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
"similar expression causes interger overflow ". No it causes wrapping.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug c/109352] Feature request: warn about "u64 = u32 * u32" and similar
2023-03-31 7:01 [Bug c/109352] New: Feature request: warn about "u64 = u32 * u32" and similar zhangboyang.id at gmail dot com
2023-03-31 7:12 ` [Bug c/109352] " pinskia at gcc dot gnu.org
@ 2023-03-31 7:16 ` pinskia at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-03-31 7:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109352
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |DUPLICATE
Status|UNCONFIRMED |RESOLVED
--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Dup. We rejected implementing this back in 2006.
The code has a well defined behavior and the warning will most likely find way
too many false positives.
*** This bug has been marked as a duplicate of bug 24542 ***
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-03-31 7:16 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-31 7:01 [Bug c/109352] New: Feature request: warn about "u64 = u32 * u32" and similar zhangboyang.id at gmail dot com
2023-03-31 7:12 ` [Bug c/109352] " pinskia at gcc dot gnu.org
2023-03-31 7:16 ` pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).