public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug build/26687] New: -Warray-bounds instances building with GCC 11
@ 2020-10-01 0:28 msebor at gmail dot com
2020-10-05 21:02 ` [Bug build/26687] " msebor at gmail dot com
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: msebor at gmail dot com @ 2020-10-01 0:28 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26687
Bug ID: 26687
Summary: -Warray-bounds instances building with GCC 11
Product: glibc
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: build
Assignee: unassigned at sourceware dot org
Reporter: msebor at gmail dot com
CC: carlos at redhat dot com
Target Milestone: ---
GCC 11 has recently enhanced the -Warray-bounds warning to detect accesses
whose starting address is in bounds but whose ending address is beyond the end
of the accessed object. A Glibc build with the latest GCC shows the following
instances of this warning. I haven't fully investigated them yet but going by
the first message alone, the access newp->sigev_notify implies that newp points
to memory big enough for the whole of *newp (i.e., sizeof *newp big). If
that's not the case as the malloc argument seems to suggest the warning will
trigger.
../sysdeps/unix/sysv/linux/timer_create.c:83:17: warning: array subscript
‘struct timer[0]’ is partly outside array bounds of ‘unsigned char[8]’
[-Warray-bounds]
83 | newp->sigev_notify = (evp != NULL
| ^~
../sysdeps/unix/sysv/linux/timer_create.c:59:47: note: referencing an object of
size 8 allocated by ‘malloc’
59 | struct timer *newp = (struct timer *) malloc (offsetof (struct
timer,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
60 |
thrfunc));
|
~~~~~~~~~
../sysdeps/unix/sysv/linux/timer_create.c:85:17: warning: array subscript
‘struct timer[0]’ is partly outside array bounds of ‘unsigned char[8]’
[-Warray-bounds]
85 | newp->ktimerid = ktimerid;
| ^~
../sysdeps/unix/sysv/linux/timer_create.c:59:47: note: referencing an object of
size 8 allocated by ‘malloc’
59 | struct timer *newp = (struct timer *) malloc (offsetof (struct
timer,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
60 |
thrfunc));
|
~~~~~~~~~
./sysdeps/unix/sysv/linux/timer_create.c:83:17: warning: array subscript
‘struct timer[0]’ is partly outside array bounds of ‘unsigned char[8]’
[-Warray-bounds]
83 | newp->sigev_notify = (evp != NULL
| ^~
../sysdeps/unix/sysv/linux/timer_create.c:59:47: note: referencing an object of
size 8 allocated by ‘malloc’
59 | struct timer *newp = (struct timer *) malloc (offsetof (struct
timer,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
60 |
thrfunc));
|
~~~~~~~~~
../sysdeps/unix/sysv/linux/timer_create.c:85:17: warning: array subscript
‘struct timer[0]’ is partly outside array bounds of ‘unsigned char[8]’
[-Warray-bounds]
85 | newp->ktimerid = ktimerid;
| ^~
../sysdeps/unix/sysv/linux/timer_create.c:59:47: note: referencing an object of
size 8 allocated by ‘malloc’
59 | struct timer *newp = (struct timer *) malloc (offsetof (struct
timer,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
60 |
thrfunc));
|
~~~~~~~~~
ypclnt.c:376:54: warning: array subscript ‘struct ypresp_val[0]’ is partly
outside array bounds of ‘ypresp_master[1]’ [-Warray-bounds]
376 | status = ypprot_err (((struct ypresp_val *) resp)->stat);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~
ypclnt.c:592:17: note: while referencing ‘resp’
592 | ypresp_master resp;
| ^~~~
ypclnt.c: In function ‘yp_order’:
ypclnt.c:376:54: warning: array subscript ‘struct ypresp_val[0]’ is partly
outside array bounds of ‘struct ypresp_order[1]’ [-Warray-bounds]
376 | status = ypprot_err (((struct ypresp_val *) resp)->stat);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~
ypclnt.c:622:23: note: while referencing ‘resp’
622 | struct ypresp_order resp;
| ^~~~
ypclnt.c: In function ‘yp_maplist’:
ypclnt.c:376:54: warning: array subscript ‘struct ypresp_val[0]’ is partly
outside array bounds of ‘struct ypresp_maplist[1]’ [-Warray-bounds]
376 | status = ypprot_err (((struct ypresp_val *) resp)->stat);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~
ypclnt.c:795:25: note: while referencing ‘resp’
795 | struct ypresp_maplist resp;
| ^~~~
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug build/26687] -Warray-bounds instances building with GCC 11
2020-10-01 0:28 [Bug build/26687] New: -Warray-bounds instances building with GCC 11 msebor at gmail dot com
@ 2020-10-05 21:02 ` msebor at gmail dot com
2020-10-06 18:28 ` adhemerval.zanella at linaro dot org
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: msebor at gmail dot com @ 2020-10-05 21:02 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26687
--- Comment #1 from Martin Sebor <msebor at gmail dot com> ---
After inspecting the Glibc code I believe the warning works as designed and
this instance is justified. But the comment above the malloc call explains
that it's written this way deliberately so it's in all likelihood safe.
/* We avoid allocating too much memory by basically
using struct timer as a derived class with the
first two elements being in the superclass. We only
need these two elements here. */
struct timer *newp = (struct timer *) malloc (offsetof (struct timer,
thrfunc));
if (newp == NULL)
/* No more memory. */
return -1;
...
kernel_timer_t ktimerid;
int retval = INLINE_SYSCALL (timer_create, 3, syscall_clockid, evp,
&ktimerid);
if (retval != -1)
{
newp->sigev_notify = (evp != NULL
? evp->sigev_notify : SIGEV_SIGNAL);
newp->ktimerid = ktimerid;
*timerid = (timer_t) newp;
}
That said, if I saw it in any other code base I'd consider the code unsafe and
recommend rewriting it in a cleaner, safer way. Here's one attempt:
diff --git a/sysdeps/unix/sysv/linux/timer_create.c
b/sysdeps/unix/sysv/linux/timer_create.c
index 370c99a517..f3b309a9b2 100644
--- a/sysdeps/unix/sysv/linux/timer_create.c
+++ b/sysdeps/unix/sysv/linux/timer_create.c
@@ -56,8 +56,19 @@ timer_create (clockid_t clock_id, struct sigevent *evp,
timer_t *timerid)
using struct timer as a derived class with the
first two elements being in the superclass. We only
need these two elements here. */
- struct timer *newp = (struct timer *) malloc (offsetof (struct timer,
- thrfunc));
+ typedef struct
+ {
+ int sigev_notify;
+ kernel_timer_t ktimerid;
+ } timer_superclass;
+
+ static_assert (offsetof (struct timer, sigev_notify)
+ == offsetof (timer_superclass, sigev_notify));
+ static_assert (offsetof (struct timer, ktimerid)
+ == offsetof (timer_superclass, ktimerid));
+
+ timer_superclass *newp
+ = (timer_superclass *) malloc (sizeof (timer_superclass));
if (newp == NULL)
/* No more memory. */
return -1;
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug build/26687] -Warray-bounds instances building with GCC 11
2020-10-01 0:28 [Bug build/26687] New: -Warray-bounds instances building with GCC 11 msebor at gmail dot com
2020-10-05 21:02 ` [Bug build/26687] " msebor at gmail dot com
@ 2020-10-06 18:28 ` adhemerval.zanella at linaro dot org
2020-10-06 18:32 ` adhemerval.zanella at linaro dot org
2020-10-30 21:41 ` cvs-commit at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: adhemerval.zanella at linaro dot org @ 2020-10-06 18:28 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26687
Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
CC| |adhemerval.zanella at linaro dot o
| |rg
Status|UNCONFIRMED |NEW
Assignee|unassigned at sourceware dot org |adhemerval.zanella at linaro dot o
| |rg
Last reconfirmed| |2020-10-06
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug build/26687] -Warray-bounds instances building with GCC 11
2020-10-01 0:28 [Bug build/26687] New: -Warray-bounds instances building with GCC 11 msebor at gmail dot com
2020-10-05 21:02 ` [Bug build/26687] " msebor at gmail dot com
2020-10-06 18:28 ` adhemerval.zanella at linaro dot org
@ 2020-10-06 18:32 ` adhemerval.zanella at linaro dot org
2020-10-30 21:41 ` cvs-commit at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: adhemerval.zanella at linaro dot org @ 2020-10-06 18:32 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26687
Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
Target Milestone|--- |2.33
--- Comment #2 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> ---
Fixed on 2.33 (7a887dd537cd00fe3cdf42b788b3f0e3b430b0ed)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug build/26687] -Warray-bounds instances building with GCC 11
2020-10-01 0:28 [Bug build/26687] New: -Warray-bounds instances building with GCC 11 msebor at gmail dot com
` (2 preceding siblings ...)
2020-10-06 18:32 ` adhemerval.zanella at linaro dot org
@ 2020-10-30 21:41 ` cvs-commit at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-10-30 21:41 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26687
--- Comment #3 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Joseph Myers <jsm28@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=882774658cb8daee4c16677a3fd674f6052cc157
commit 882774658cb8daee4c16677a3fd674f6052cc157
Author: Joseph Myers <joseph@codesourcery.com>
Date: Fri Oct 30 21:40:25 2020 +0000
Disable spurious -Warray-bounds for ypclnt.c (bug 26687)
Included among the GCC 11 warnings listed in bug 26687, but not fixed
when that bug was marked as FIXED, are -Warray-bounds warnings in
nis/ypclnt.c. These are all for different calls to the same piece of
code, which already has a comment explaining that the element accessed
is in a common prefix of the various structures. On the basis of that
comment, this patch treats the warning as a false positive and
disables it for that code.
Tested with build-many-glibcs.py for arm-linux-gnueabi, where,
together with my previous two patches, this allows the build of glibc
to complete with GCC 11 (further build failures appear in the
testsuite).
Reviewed-by: DJ Delorie <dj@redhat.com>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-10-30 21:41 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-01 0:28 [Bug build/26687] New: -Warray-bounds instances building with GCC 11 msebor at gmail dot com
2020-10-05 21:02 ` [Bug build/26687] " msebor at gmail dot com
2020-10-06 18:28 ` adhemerval.zanella at linaro dot org
2020-10-06 18:32 ` adhemerval.zanella at linaro dot org
2020-10-30 21:41 ` cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).