* [Bug build/26779] benign use after realloc at localealias.c:329
2020-10-23 17:12 [Bug build/26779] New: benign use after realloc at localealias.c:329 msebor at gmail dot com
@ 2020-10-23 21:14 ` msebor at gmail dot com
2020-10-27 21:21 ` msebor at gmail dot com
` (10 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: msebor at gmail dot com @ 2020-10-23 21:14 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26779
--- Comment #1 from Martin Sebor <msebor at gmail dot com> ---
Another instance of the same idiom that triggers the new warning is in
setenv.c:
setenv.c: In function ‘__add_to_environ’:
setenv.c:162:10: warning: statement uses a freed pointer [-Wuse-after-free=]
162 | if (__environ != last_environ)
| ^
setenv.c:154:31: note: freed by ‘realloc’ here
154 | new_environ = (char **) realloc (last_environ,
| ^~~~~~~~~~~~~~~~~~~~~~
155 | (size + 2) * sizeof (char *));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The code:
/* We allocated this space; we can extend it. */
new_environ = (char **) realloc (last_environ,
(size + 2) * sizeof (char *));
if (new_environ == NULL)
{
UNLOCK;
return -1;
}
if (__environ != last_environ)
memcpy ((char *) new_environ, (char *) __environ,
size * sizeof (char *));
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug build/26779] benign use after realloc at localealias.c:329
2020-10-23 17:12 [Bug build/26779] New: benign use after realloc at localealias.c:329 msebor at gmail dot com
2020-10-23 21:14 ` [Bug build/26779] " msebor at gmail dot com
@ 2020-10-27 21:21 ` msebor at gmail dot com
2020-10-27 21:41 ` msebor at gmail dot com
` (9 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: msebor at gmail dot com @ 2020-10-27 21:21 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26779
--- Comment #2 from Martin Sebor <msebor at gmail dot com> ---
Another instance is in argz-insert.c:
argz-insert.c: In function ‘__argz_insert’:
argz-insert.c:52:39: warning: dereferencing a freed pointer [-Wuse-after-free=]
52 | before = new_argz + (before - *argz);
| ^~~~~
argz-insert.c:48:22: note: freed by ‘realloc’ here
48 | char *new_argz = realloc (*argz, new_argz_len);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The code is straightforward: the value of *argz after a successful call to
realloc with it as an argument is (strictly speaking) indeterminate.
char *new_argz = realloc (*argz, new_argz_len);
if (new_argz)
{
before = new_argz + (before - *argz);
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug build/26779] benign use after realloc at localealias.c:329
2020-10-23 17:12 [Bug build/26779] New: benign use after realloc at localealias.c:329 msebor at gmail dot com
2020-10-23 21:14 ` [Bug build/26779] " msebor at gmail dot com
2020-10-27 21:21 ` msebor at gmail dot com
@ 2020-10-27 21:41 ` msebor at gmail dot com
2022-01-12 17:16 ` msebor at gmail dot com
` (8 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: msebor at gmail dot com @ 2020-10-27 21:41 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26779
--- Comment #3 from Martin Sebor <msebor at gmail dot com> ---
And another one:
wordexp.c:1812:27: warning: statement uses a freed pointer [-Wuse-after-free=]
1812 | if (!colon_seen && value)
| ^~
wordexp.c: In function ‘parse_dollars’:
wordexp.c:1810:13: note: freed by ‘free’ here
1810 | free (value);
| ^~~~~~~~~~~~
in this code:
if (free_value)
free (value);
if (!colon_seen && value)
/* Substitute NULL */
goto success;
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug build/26779] benign use after realloc at localealias.c:329
2020-10-23 17:12 [Bug build/26779] New: benign use after realloc at localealias.c:329 msebor at gmail dot com
` (2 preceding siblings ...)
2020-10-27 21:41 ` msebor at gmail dot com
@ 2022-01-12 17:16 ` msebor at gmail dot com
2022-01-12 17:20 ` msebor at gmail dot com
` (7 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: msebor at gmail dot com @ 2022-01-12 17:16 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26779
--- Comment #4 from Martin Sebor <msebor at gmail dot com> ---
*** Bug 28521 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug build/26779] benign use after realloc at localealias.c:329
2020-10-23 17:12 [Bug build/26779] New: benign use after realloc at localealias.c:329 msebor at gmail dot com
` (3 preceding siblings ...)
2022-01-12 17:16 ` msebor at gmail dot com
@ 2022-01-12 17:20 ` msebor at gmail dot com
2022-01-14 0:28 ` msebor at gmail dot com
` (6 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: msebor at gmail dot com @ 2022-01-12 17:20 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26779
--- Comment #5 from Martin Sebor <msebor at gmail dot com> ---
The -Wunse-after-free patch was just approved for GCC 12. I'm retesting it and
barring serious problems I plan to commit it over the weekend or early next
week.
For reference, the instances of the warning I see with the top of GCC and Glibc
trunks are:
-Wuse-after-free Instances:
ldconfig.c:739
localealias.c:329
localealias.c:335
setenv.c:162
../sysdeps/wordsize-64/../../io/ftw.c:330
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug build/26779] benign use after realloc at localealias.c:329
2020-10-23 17:12 [Bug build/26779] New: benign use after realloc at localealias.c:329 msebor at gmail dot com
` (4 preceding siblings ...)
2022-01-12 17:20 ` msebor at gmail dot com
@ 2022-01-14 0:28 ` msebor at gmail dot com
2022-01-26 17:43 ` msebor at gmail dot com
` (5 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: msebor at gmail dot com @ 2022-01-14 0:28 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26779
--- Comment #6 from Martin Sebor <msebor at gmail dot com> ---
Created attachment 13906
--> https://sourceware.org/bugzilla/attachment.cgi?id=13906&action=edit
Patch to suppress all -Wuse-after-free instances.
The attached patch suppresses all instances of the warning at the strictest
setting (-Wuse-after-free=3), which includes even uses in equality expressions.
The default setting approved for GCC 12 is -Wuse-after-free=2, which doesn't
warn on such uses to accommodate the pointer-adjustment-after-realloc idiom.
At the default setting, the changes to ldconfig.c and setenv are not necessary.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug build/26779] benign use after realloc at localealias.c:329
2020-10-23 17:12 [Bug build/26779] New: benign use after realloc at localealias.c:329 msebor at gmail dot com
` (5 preceding siblings ...)
2022-01-14 0:28 ` msebor at gmail dot com
@ 2022-01-26 17:43 ` msebor at gmail dot com
2022-01-26 20:24 ` carlos at redhat dot com
` (4 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: msebor at gmail dot com @ 2022-01-26 17:43 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26779
Martin Sebor <msebor at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |FIXED
--- Comment #7 from Martin Sebor <msebor at gmail dot com> ---
Fixed by the changes below:
https://sourceware.org/pipermail/glibc-cvs/2022q1/076319.html
https://sourceware.org/pipermail/glibc-cvs/2022q1/076320.html
https://sourceware.org/pipermail/glibc-cvs/2022q1/076321.html
https://sourceware.org/pipermail/glibc-cvs/2022q1/076322.html
https://sourceware.org/pipermail/glibc-cvs/2022q1/076324.html
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug build/26779] benign use after realloc at localealias.c:329
2020-10-23 17:12 [Bug build/26779] New: benign use after realloc at localealias.c:329 msebor at gmail dot com
` (6 preceding siblings ...)
2022-01-26 17:43 ` msebor at gmail dot com
@ 2022-01-26 20:24 ` carlos at redhat dot com
2022-02-09 14:05 ` vvinayag at arm dot com
` (3 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: carlos at redhat dot com @ 2022-01-26 20:24 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26779
Carlos O'Donell <carlos at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |2.35
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug build/26779] benign use after realloc at localealias.c:329
2020-10-23 17:12 [Bug build/26779] New: benign use after realloc at localealias.c:329 msebor at gmail dot com
` (7 preceding siblings ...)
2022-01-26 20:24 ` carlos at redhat dot com
@ 2022-02-09 14:05 ` vvinayag at arm dot com
2022-02-09 14:59 ` schwab@linux-m68k.org
` (2 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: vvinayag at arm dot com @ 2022-02-09 14:05 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26779
vvinayag at arm dot com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |vvinayag at arm dot com
--- Comment #8 from vvinayag at arm dot com ---
(In reply to Martin Sebor from comment #7)
> Fixed by the changes below:
>
> https://sourceware.org/pipermail/glibc-cvs/2022q1/076319.html
> https://sourceware.org/pipermail/glibc-cvs/2022q1/076320.html
> https://sourceware.org/pipermail/glibc-cvs/2022q1/076321.html
> https://sourceware.org/pipermail/glibc-cvs/2022q1/076322.html
> https://sourceware.org/pipermail/glibc-cvs/2022q1/076324.html
Hi,
I am still seeing this error when building on aarch64-none-linux-gnu with
bootstrapping glibc.
Build = Host = Target = aarch64-none-linux-gnu
or
Build = Host = Target = arm-none-linux-gnueabihf
localealias.c: In function 'read_alias_file':
localealias.c:335:56: error: pointer may be used after 'realloc'
[-Werror=use-after-free]
335 | map[i].alias += new_pool - string_space;
| ~~~~~~~~~^~~~~~~~~~~~~~
localealias.c:325:49: note: call to 'realloc' here
325 | char *new_pool = (char *) realloc (string_space,
new_size);
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
localealias.c: In function 'read_alias_file':
localealias.c:335:56: error: pointer may be used after 'realloc'
[-Werror=use-after-free]
335 | map[i].alias += new_pool - string_space;
| ~~~~~~~~~^~~~~~~~~~~~~~
localealias.c:325:49: note: call to 'realloc' here
325 | char *new_pool = (char *) realloc (string_space,
new_size);
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug build/26779] benign use after realloc at localealias.c:329
2020-10-23 17:12 [Bug build/26779] New: benign use after realloc at localealias.c:329 msebor at gmail dot com
` (8 preceding siblings ...)
2022-02-09 14:05 ` vvinayag at arm dot com
@ 2022-02-09 14:59 ` schwab@linux-m68k.org
2022-02-09 16:13 ` vvinayag at arm dot com
2024-01-11 9:33 ` fweimer at redhat dot com
11 siblings, 0 replies; 13+ messages in thread
From: schwab@linux-m68k.org @ 2022-02-09 14:59 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26779
--- Comment #9 from Andreas Schwab <schwab@linux-m68k.org> ---
Did you update your sources?
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug build/26779] benign use after realloc at localealias.c:329
2020-10-23 17:12 [Bug build/26779] New: benign use after realloc at localealias.c:329 msebor at gmail dot com
` (9 preceding siblings ...)
2022-02-09 14:59 ` schwab@linux-m68k.org
@ 2022-02-09 16:13 ` vvinayag at arm dot com
2024-01-11 9:33 ` fweimer at redhat dot com
11 siblings, 0 replies; 13+ messages in thread
From: vvinayag at arm dot com @ 2022-02-09 16:13 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26779
--- Comment #10 from vvinayag at arm dot com ---
(In reply to Andreas Schwab from comment #9)
> Did you update your sources?
You are right, and thank you.
The build is not using the latest glibc sources due to a different issue.
Sorry about the false alarm.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug build/26779] benign use after realloc at localealias.c:329
2020-10-23 17:12 [Bug build/26779] New: benign use after realloc at localealias.c:329 msebor at gmail dot com
` (10 preceding siblings ...)
2022-02-09 16:13 ` vvinayag at arm dot com
@ 2024-01-11 9:33 ` fweimer at redhat dot com
11 siblings, 0 replies; 13+ messages in thread
From: fweimer at redhat dot com @ 2024-01-11 9:33 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26779
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |danglin at gcc dot gnu.org
--- Comment #11 from Florian Weimer <fweimer at redhat dot com> ---
*** Bug 29634 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread