From: Harald Anlauf <anlauf@gmx.de>
To: gcc-patches@gcc.gnu.org
Cc: fortran@gcc.gnu.org
Subject: Re: [patch, libgfortran] Part 2: PR105456 Child I/O does not propage iostat
Date: Tue, 5 Mar 2024 22:37:27 +0100 [thread overview]
Message-ID: <e2be9c0a-f668-4d18-a28b-50751e615338@gmx.de> (raw)
In-Reply-To: <65b13e02-bc1d-4cad-98cc-cf5d6090b742@gmail.com>
Hi Jerry,
I think there is the risk of buffer overrun in the following places:
+ char message[IOMSG_LEN];
+ child_iomsg_len = string_len_trim (IOMSG_LEN, child_iomsg)
+ 1;
free_line (dtp);
snprintf (message, child_iomsg_len, child_iomsg);
generate_error (&dtp->common, dtp->u.p.child_saved_iostat,
plus several more. Wouldn't it be better to increase the size of
message by one?
Thanks,
Harald
On 3/5/24 04:15, Jerry D wrote:
> On 3/1/24 11:24 AM, rep.dot.nop@gmail.com wrote:
>> Hi Jerry and Steve,
>>
>> On 29 February 2024 19:28:19 CET, Jerry D <jvdelisle2@gmail.com> wrote:
>>> On 2/29/24 10:13 AM, Steve Kargl wrote:
>>>> On Thu, Feb 29, 2024 at 09:36:43AM -0800, Jerry D wrote:
>>>>> On 2/29/24 1:47 AM, Bernhard Reutner-Fischer wrote:
>>>>>
>>>>>> And, just for my own education, the length limitation of iomsg to 255
>>>>>> chars is not backed by the standard AFAICS, right? It's just our
>>>>>> STRERR_MAXSZ?
>>>>>
>>>>> Yes, its what we have had for a long lone time. Once you throw an
>>>>> error
>>>>> things get very processor dependent. I found MSGLEN set to 100 and
>>>>> IOMSG_len
>>>>> to 256. Nothing magic about it.
>>>>>
>>>>
>>>> There is no restriction on the length for the iomsg-variable
>>>> that receives the generated error message. In fact, if the
>>>> iomsg-variable has a deferred-length type parameter, then
>>>> (re)-allocation to the exact length is expected.
>>>>
>>>> F2023
>>>>
>>>> 12.11.6 IOMSG= specifier
>>>>
>>>> If an error, end-of-file, or end-of-record condition occurs during
>>>> execution of an input/output statement, iomsg-variable is assigned
>>>> an explanatory message, as if by intrinsic assignment. If no such
>>>> condition occurs, the definition status and value of iomsg-variable
>>>> are unchanged.
>>>> character(len=23) emsg
>>>> read(fd,*,iomsg=emsg)
>>>>
>>>> Here, the generated iomsg is either truncated to a length of 23
>>>> or padded with blanks to a length of 23.
>>>>
>>>> character(len=:), allocatable :: emsg
>>>> read(fd,*,iomsg=emsg)
>>>>
>>>> Here, emsg should have the length of whatever error message was
>>>> generated.
>>>> HTH
>>>>
>>>
>>> Well, currently, if someone uses a larger string than 256 we are
>>> going to chop it off.
>>>
>>> Do we want to process this differently now?
>>
>> Yes. There is some odd hunk about discrepancy of passed len and actual
>> len afterwards in 22-007-r1, IIRC. Didn't look closely though.
>>
> --- snip ---
>
> Attached is the revised patch using the already available
> string_len_trim function.
>
> This hunk is only executed if a user has not passed an iostat or iomsg
> variable in the parent I/O statement and an error is triggered which
> terminates execution of the program. In this case, the iomsg string is
> provided in the usual error message in a "processor defined" way.
>
> (F2023):
>
> 12.6.4.8.3 Executing defined input/output data transfers
> ---
> 11 If the iostat argument of the defined input/output procedure has a
> nonzero value when that procedure returns, and the processor therefore
> terminates execution of the program as described in 12.11, the processor
> shall make the value of the iomsg argument available in a
> processor-dependent manner.
> ---
>
> OK for trunk?
>
> Regards,
>
> Jerry
>
>
WARNING: multiple messages have this Message-ID
From: Harald Anlauf <anlauf@gmx.de>
To: Jerry D <jvdelisle2@gmail.com>,
rep.dot.nop@gmail.com, sgk@troutmask.apl.washington.edu,
gfortran <fortran@gcc.gnu.org>
Cc: gcc-patches <gcc-patches@gcc.gnu.org>
Subject: Re: [patch, libgfortran] Part 2: PR105456 Child I/O does not propage iostat
Date: Tue, 5 Mar 2024 22:37:27 +0100 [thread overview]
Message-ID: <e2be9c0a-f668-4d18-a28b-50751e615338@gmx.de> (raw)
Message-ID: <20240305213727.fTzDazcvg86r8_F6Ajvyuxef3Li4FGuJkndqUoGzon8@z> (raw)
In-Reply-To: <65b13e02-bc1d-4cad-98cc-cf5d6090b742@gmail.com>
Hi Jerry,
I think there is the risk of buffer overrun in the following places:
+ char message[IOMSG_LEN];
+ child_iomsg_len = string_len_trim (IOMSG_LEN, child_iomsg)
+ 1;
free_line (dtp);
snprintf (message, child_iomsg_len, child_iomsg);
generate_error (&dtp->common, dtp->u.p.child_saved_iostat,
plus several more. Wouldn't it be better to increase the size of
message by one?
Thanks,
Harald
On 3/5/24 04:15, Jerry D wrote:
> On 3/1/24 11:24 AM, rep.dot.nop@gmail.com wrote:
>> Hi Jerry and Steve,
>>
>> On 29 February 2024 19:28:19 CET, Jerry D <jvdelisle2@gmail.com> wrote:
>>> On 2/29/24 10:13 AM, Steve Kargl wrote:
>>>> On Thu, Feb 29, 2024 at 09:36:43AM -0800, Jerry D wrote:
>>>>> On 2/29/24 1:47 AM, Bernhard Reutner-Fischer wrote:
>>>>>
>>>>>> And, just for my own education, the length limitation of iomsg to 255
>>>>>> chars is not backed by the standard AFAICS, right? It's just our
>>>>>> STRERR_MAXSZ?
>>>>>
>>>>> Yes, its what we have had for a long lone time. Once you throw an
>>>>> error
>>>>> things get very processor dependent. I found MSGLEN set to 100 and
>>>>> IOMSG_len
>>>>> to 256. Nothing magic about it.
>>>>>
>>>>
>>>> There is no restriction on the length for the iomsg-variable
>>>> that receives the generated error message. In fact, if the
>>>> iomsg-variable has a deferred-length type parameter, then
>>>> (re)-allocation to the exact length is expected.
>>>>
>>>> F2023
>>>>
>>>> 12.11.6 IOMSG= specifier
>>>>
>>>> If an error, end-of-file, or end-of-record condition occurs during
>>>> execution of an input/output statement, iomsg-variable is assigned
>>>> an explanatory message, as if by intrinsic assignment. If no such
>>>> condition occurs, the definition status and value of iomsg-variable
>>>> are unchanged.
>>>> character(len=23) emsg
>>>> read(fd,*,iomsg=emsg)
>>>>
>>>> Here, the generated iomsg is either truncated to a length of 23
>>>> or padded with blanks to a length of 23.
>>>>
>>>> character(len=:), allocatable :: emsg
>>>> read(fd,*,iomsg=emsg)
>>>>
>>>> Here, emsg should have the length of whatever error message was
>>>> generated.
>>>> HTH
>>>>
>>>
>>> Well, currently, if someone uses a larger string than 256 we are
>>> going to chop it off.
>>>
>>> Do we want to process this differently now?
>>
>> Yes. There is some odd hunk about discrepancy of passed len and actual
>> len afterwards in 22-007-r1, IIRC. Didn't look closely though.
>>
> --- snip ---
>
> Attached is the revised patch using the already available
> string_len_trim function.
>
> This hunk is only executed if a user has not passed an iostat or iomsg
> variable in the parent I/O statement and an error is triggered which
> terminates execution of the program. In this case, the iomsg string is
> provided in the usual error message in a "processor defined" way.
>
> (F2023):
>
> 12.6.4.8.3 Executing defined input/output data transfers
> ---
> 11 If the iostat argument of the defined input/output procedure has a
> nonzero value when that procedure returns, and the processor therefore
> terminates execution of the program as described in 12.11, the processor
> shall make the value of the iomsg argument available in a
> processor-dependent manner.
> ---
>
> OK for trunk?
>
> Regards,
>
> Jerry
>
>
next prev parent reply other threads:[~2024-03-05 21:37 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-29 5:29 Jerry D
2024-02-29 9:47 ` Bernhard Reutner-Fischer
2024-02-29 17:36 ` Jerry D
2024-02-29 18:13 ` Steve Kargl
[not found] ` <033ebcdd-6e25-4af7-9012-3338978751d8@gmail.com>
[not found] ` <05A1AEE6-6A68-4D4F-8BEA-6E87969E19E7@gmail.com>
2024-03-05 3:15 ` Jerry D
2024-03-05 21:30 ` rep.dot.nop
2024-03-05 21:37 ` Harald Anlauf [this message]
2024-03-05 21:37 ` Harald Anlauf
2024-03-05 21:51 ` Harald Anlauf
2024-03-05 21:51 ` Harald Anlauf
2024-03-06 4:06 ` Jerry D
2024-03-06 6:06 ` Steve Kargl
2024-03-06 17:13 ` Harald Anlauf
2024-03-06 17:13 ` Harald Anlauf
2024-03-07 4:01 ` Jerry D
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e2be9c0a-f668-4d18-a28b-50751e615338@gmx.de \
--to=anlauf@gmx.de \
--cc=fortran@gcc.gnu.org \
--cc=gcc-patches@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).