Re: [PATCH] avoid calling memset et al. with excessively large sizes (PR 79095)

public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed

From: Jeff Law <law@redhat.com>
To: Martin Sebor <msebor@gmail.com>,
	Gcc Patch List <gcc-patches@gcc.gnu.org>
Subject: Re: [PATCH] avoid calling memset et al. with excessively large sizes (PR 79095)
Date: Tue, 17 Jan 2017 18:00:00 -0000	[thread overview]
Message-ID: <661df20e-3446-e303-a125-80adf3a74359@redhat.com> (raw)
In-Reply-To: <e79b9029-8914-5a3f-3423-04ba5fd2900c@gmail.com>

On 01/17/2017 09:12 AM, Martin Sebor wrote:
> On 01/17/2017 08:26 AM, Jeff Law wrote:
>> On 01/16/2017 05:06 PM, Martin Sebor wrote:
>>> The test case submitted in bug 79095 - [7 regression] spurious
>>> stringop-overflow warning shows that GCC optimizes some loops
>>> into calls to memset with size arguments in excess of the object
>>> size limit.  Since such calls will unavoidably lead to a buffer
>>> overflow and memory corruption the attached patch detects them
>>> and replaces them with a trap.  That both prevents the buffer
>>> overflow and eliminates the warning.
>> But doesn't the creation of the bogus memset signal an invalid
>> transformation in the loop optimizer?  ie, if we're going to convert a
>> loop into a memset, then we'd damn well better be sure the loop bounds
>> are reasonable.
>
> I'm not sure that emitting the memset call is necessarily a bug in
> the loop optimizer (which in all likelihood wasn't written with
> the goal of preventing or detecting possible buffer overflows).
> The loop with the excessive bound is in the source code and can
> be reached given the right inputs (calling v.resize(v.size() - 1)
> on an empty vector.  It's a lurking bug in the program that, if
> triggered, will overflow the vector and crash the program (or worse)
> with or without the optimization.
Right, but that doesn't mean that the loop optimizer can turn it into a 
memset.  If the bounds are such that we're going to invoke undefined 
behaviour from memset, then the loop optimizer must leave the loop alone.

>
> What else could the loop optimizer could do in this instance?
> I suppose it could just leave the loop alone and avoid emitting
> the memset call.  That would avoid the warning but mask the
> problem with the overflow.  In my mind, preventing the overflow
> given that we have the opportunity is the right thing to do.
> That is, after all, the goal of the warning.
The right warning in this case is WRT the loop iteration space 
independent of mem*.


>
> As I mentioned privately yesterday, I'm actually pleasantly
> surprised that it's helped identify this opportunity in GCC itself.
> My hope was to eventually go and find the places where GCC emits
> potentially out of bounds calls (based on user inputs) and fix them
> to emit better code on the assumption that they can't be valid or
> replace them with traps if they could happen in a running program.
> It didn't occur to me that the warning itself would help find them.
>
> Martin
>

next prev parent reply	other threads:[~2017-01-17 17:57 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-17  0:06 Martin Sebor
2017-01-17  7:38 ` Jakub Jelinek
2017-01-18  3:38   ` Martin Sebor
2017-01-18  7:54     ` Jeff Law
2017-01-18  8:55       ` Jakub Jelinek
2017-01-18 18:08         ` Martin Sebor
2017-01-20 23:32           ` Jeff Law
2017-01-21  6:42             ` A + B CMP A -> A CMP' CST' match.pd patterns [was [PATCH] avoid calling memset et al. with excessively large sizes (PR 79095)] Jeff Law
2017-01-21  8:18               ` Marc Glisse
2017-01-24  0:21                 ` Jeff Law
2017-01-24 10:49                   ` Richard Biener
2017-01-24 14:46                     ` Marc Glisse
2017-01-24 15:21                       ` Jeff Law
2017-01-24 16:02                         ` Marc Glisse
2017-01-24 16:28                           ` Richard Biener
2017-01-25 10:36                         ` Richard Biener
2017-01-25 17:45                           ` Jeff Law
2017-01-23  9:14               ` Richard Biener
2017-01-23 21:13                 ` Jeff Law
2017-01-20 23:32         ` [PATCH] avoid calling memset et al. with excessively large sizes (PR 79095) Jeff Law
2017-01-20 23:39           ` Jakub Jelinek
2017-01-21  0:19             ` Jeff Law
2017-01-17 15:26 ` Jeff Law
2017-01-17 16:14   ` Martin Sebor
2017-01-17 18:00     ` Jeff Law [this message]
2017-01-18  3:19       ` Martin Sebor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=661df20e-3446-e303-a125-80adf3a74359@redhat.com \
    --to=law@redhat.com \
    --cc=gcc-patches@gcc.gnu.org \
    --cc=msebor@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).