public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "eblake at redhat dot com" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug network/30293] Socket API is not alias safe Date: Thu, 30 Mar 2023 21:24:04 +0000 [thread overview] Message-ID: <bug-30293-131-YkHRMfj1K6@http.sourceware.org/bugzilla/> (raw) In-Reply-To: <bug-30293-131@http.sourceware.org/bugzilla/> https://sourceware.org/bugzilla/show_bug.cgi?id=30293 --- Comment #1 from Eric Blake <eblake at redhat dot com> --- In particular, the intent of the POSIX amendment is that user code (such as this example abridged from 'man 2 bind' on Fedora 37) must compile without compiler diagnostics about an alias violation under default compiler warning levels, and must produce the intended semantics without the compiler mis-optimizing it on the grounds of undefined behavior from an alias violation: #include <sys/socket.h> #include <sys/un.h> #include <stdlib.h> #include <stdio.h> #include <string.h> #define MY_SOCK_PATH "/somepath" #define handle_error(msg) \ do { perror(msg); exit(EXIT_FAILURE); } while (0) int main(int argc, char *argv[]) { int sfd, cfd; struct sockaddr_un my_addr; sfd = socket(AF_UNIX, SOCK_STREAM, 0); if (sfd == -1) handle_error("socket"); memset(&my_addr, 0, sizeof(my_addr)); my_addr.sun_family = AF_UNIX; strncpy(my_addr.sun_path, MY_SOCK_PATH, sizeof(my_addr.sun_path) - 1); if (bind(sfd, (struct sockaddr *) &my_addr, sizeof(my_addr)) == -1) // compiler must not flag this handle_error("bind"); //... } However, other (bad) user code, such as the following, may still trigger undefined behavior, even if the compiler is no longer able to diagnose it because of whatever was done to the structs in order to make the sockaddr.sa_family/sockaddr_un.sun_family aliasing be well-defined behavior: struct sockaddr too_small = { .sa_family = AF_UNIX }; int sfd = socket(AF_UNIX, SOCK_STREAM, 0); bind(sfd, &too_small, sizeof(struct sockaddr_storage)); // BAD - don't do this; the compiler can't flag this as an aliasing violation, but might be able to flag it for potential out-of-bounds referencing Conversely, POSIX does not intend to require that the various sockaddr* types must be universal aliases (that is, sockaddr* does not have to be synonymous with void* or char*, if an implementation has a way to fine-tune how much it can alias): struct stat *st; struct sockaddr *sa = (struct sockaddr *)st; // BAD - compiler may, but not must, flag this as an obvious aliasing violation, as it is not one of the casts required by POSIX to be diagnostic-free [If the POSIX amendment is itself inaccurate, the Austin Group welcomes comments on how to improve the wording before Issue 8 is finalized] -- You are receiving this mail because: You are on the CC list for the bug.
next prev parent reply other threads:[~2023-03-30 21:24 UTC|newest] Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-03-30 17:41 [Bug network/30293] New: " rouca at debian dot org 2023-03-30 17:41 ` [Bug network/30293] " rouca at debian dot org 2023-03-30 20:11 ` sam at gentoo dot org 2023-03-30 20:11 ` sam at gentoo dot org 2023-03-30 21:24 ` eblake at redhat dot com [this message] 2023-07-21 19:28 ` rouca at debian dot org 2023-07-21 19:52 ` eblake at redhat dot com 2024-05-07 19:42 ` sam at gentoo dot org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-30293-131-YkHRMfj1K6@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).