public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/31383] New: _FORTIFY_SOURCE==3 and __fortified_attr_access vs size of 0 and zero size types
@ 2024-02-14 21:06 pinskia at gcc dot gnu.org
2024-02-14 21:13 ` [Bug libc/31383] " sam at gentoo dot org
` (10 more replies)
0 siblings, 11 replies; 12+ messages in thread
From: pinskia at gcc dot gnu.org @ 2024-02-14 21:06 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31383
Bug ID: 31383
Summary: _FORTIFY_SOURCE==3 and __fortified_attr_access vs size
of 0 and zero size types
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: pinskia at gcc dot gnu.org
CC: drepper.fsp at gmail dot com
Target Milestone: ---
__fortified_attr_access seems to be defined incorrectly for _FORTIFY_SOURCE==3.
The documentation for the size-index of access attribute
(https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-access-function-attribute)
has the following:
```
When no size-index argument is specified, the pointer argument must be either
null or point to a space that is suitably aligned and large for __at least one
object__ of the referenced type (this implies that a past-the-end pointer is
not a valid argument).
```
Notice the __at least__ part here. That means the definition of
__fortified_attr_access is wrong when _FORTIFY_SOURCE==3, when passing around 0
size structs.
An example is:
```
#include <stdio.h>
#include <unistd.h>
int main(void) {
struct test_st {};
int fd = 0;
int count = 0;
struct test_st test_info[16];
count = read(fd, test_info, sizeof(test_info));
return(0);
}
```
With _FORTIFY_SOURCE==3 we get:
__attribute__ ((__access__ (__write_only__, 2)))
Which means the size has to be at least 1 but test_info has size of 0 and we
are passing a size of 0 to read even.
This is moved from GCC bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113922
.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/31383] _FORTIFY_SOURCE==3 and __fortified_attr_access vs size of 0 and zero size types
2024-02-14 21:06 [Bug libc/31383] New: _FORTIFY_SOURCE==3 and __fortified_attr_access vs size of 0 and zero size types pinskia at gcc dot gnu.org
@ 2024-02-14 21:13 ` sam at gentoo dot org
2024-02-14 21:15 ` sergiodj at sergiodj dot net
` (9 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: sam at gentoo dot org @ 2024-02-14 21:13 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31383
Sam James <sam at gentoo dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sam at gentoo dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/31383] _FORTIFY_SOURCE==3 and __fortified_attr_access vs size of 0 and zero size types
2024-02-14 21:06 [Bug libc/31383] New: _FORTIFY_SOURCE==3 and __fortified_attr_access vs size of 0 and zero size types pinskia at gcc dot gnu.org
2024-02-14 21:13 ` [Bug libc/31383] " sam at gentoo dot org
@ 2024-02-14 21:15 ` sergiodj at sergiodj dot net
2024-02-14 21:20 ` sam at gentoo dot org
` (8 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: sergiodj at sergiodj dot net @ 2024-02-14 21:15 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31383
Sergio Durigan Junior <sergiodj at sergiodj dot net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sergiodj at sergiodj dot net
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/31383] _FORTIFY_SOURCE==3 and __fortified_attr_access vs size of 0 and zero size types
2024-02-14 21:06 [Bug libc/31383] New: _FORTIFY_SOURCE==3 and __fortified_attr_access vs size of 0 and zero size types pinskia at gcc dot gnu.org
2024-02-14 21:13 ` [Bug libc/31383] " sam at gentoo dot org
2024-02-14 21:15 ` sergiodj at sergiodj dot net
@ 2024-02-14 21:20 ` sam at gentoo dot org
2024-02-14 21:20 ` [Bug libc/31383] _FORTIFY_SOURCE=3 " sam at gentoo dot org
` (7 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: sam at gentoo dot org @ 2024-02-14 21:20 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31383
Sam James <sam at gentoo dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |siddhesh at sourceware dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/31383] _FORTIFY_SOURCE=3 and __fortified_attr_access vs size of 0 and zero size types
2024-02-14 21:06 [Bug libc/31383] New: _FORTIFY_SOURCE==3 and __fortified_attr_access vs size of 0 and zero size types pinskia at gcc dot gnu.org
` (2 preceding siblings ...)
2024-02-14 21:20 ` sam at gentoo dot org
@ 2024-02-14 21:20 ` sam at gentoo dot org
2024-02-14 23:40 ` andreas at canonical dot com
` (6 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: sam at gentoo dot org @ 2024-02-14 21:20 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31383
Sam James <sam at gentoo dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|_FORTIFY_SOURCE==3 and |_FORTIFY_SOURCE=3 and
|__fortified_attr_access vs |__fortified_attr_access vs
|size of 0 and zero size |size of 0 and zero size
|types |types
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/31383] _FORTIFY_SOURCE=3 and __fortified_attr_access vs size of 0 and zero size types
2024-02-14 21:06 [Bug libc/31383] New: _FORTIFY_SOURCE==3 and __fortified_attr_access vs size of 0 and zero size types pinskia at gcc dot gnu.org
` (3 preceding siblings ...)
2024-02-14 21:20 ` [Bug libc/31383] _FORTIFY_SOURCE=3 " sam at gentoo dot org
@ 2024-02-14 23:40 ` andreas at canonical dot com
2024-02-15 13:17 ` siddhesh at sourceware dot org
` (5 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: andreas at canonical dot com @ 2024-02-14 23:40 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31383
Andreas Hasenack <andreas at canonical dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |andreas at canonical dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/31383] _FORTIFY_SOURCE=3 and __fortified_attr_access vs size of 0 and zero size types
2024-02-14 21:06 [Bug libc/31383] New: _FORTIFY_SOURCE==3 and __fortified_attr_access vs size of 0 and zero size types pinskia at gcc dot gnu.org
` (4 preceding siblings ...)
2024-02-14 23:40 ` andreas at canonical dot com
@ 2024-02-15 13:17 ` siddhesh at sourceware dot org
2024-02-15 17:16 ` siddhesh at sourceware dot org
` (4 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: siddhesh at sourceware dot org @ 2024-02-15 13:17 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31383
--- Comment #1 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
```
When no size-index argument is specified, the pointer argument must be either
null or point to a space that is suitably aligned and large for __at least one
object__ of the referenced type (this implies that a past-the-end pointer is
not a valid argument).
```
Well technically, the pointer argument *is* suitably aligned and large for 16
objects of 0 size, but the implication that it is hence not a past-the-end
pointer is invalid. I'll drop the access attribute (since the additional value
from having it is not really significant enough) but IMO -Wstringop-overflow
needs to be fixed to handle pointers to zero-sized structs, i.e. it needs to
ignore them and not conjure up an access size of 1 out of nowhere.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/31383] _FORTIFY_SOURCE=3 and __fortified_attr_access vs size of 0 and zero size types
2024-02-14 21:06 [Bug libc/31383] New: _FORTIFY_SOURCE==3 and __fortified_attr_access vs size of 0 and zero size types pinskia at gcc dot gnu.org
` (5 preceding siblings ...)
2024-02-15 13:17 ` siddhesh at sourceware dot org
@ 2024-02-15 17:16 ` siddhesh at sourceware dot org
2024-02-15 20:16 ` siddhesh at sourceware dot org
` (3 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: siddhesh at sourceware dot org @ 2024-02-15 17:16 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31383
Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unassigned at sourceware dot org |siddhesh at sourceware dot org
--- Comment #2 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
Patch posted:
https://patchwork.sourceware.org/project/glibc/patch/20240215171506.3154505-1-siddhesh@sourceware.org/
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/31383] _FORTIFY_SOURCE=3 and __fortified_attr_access vs size of 0 and zero size types
2024-02-14 21:06 [Bug libc/31383] New: _FORTIFY_SOURCE==3 and __fortified_attr_access vs size of 0 and zero size types pinskia at gcc dot gnu.org
` (6 preceding siblings ...)
2024-02-15 17:16 ` siddhesh at sourceware dot org
@ 2024-02-15 20:16 ` siddhesh at sourceware dot org
2024-02-28 13:35 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: siddhesh at sourceware dot org @ 2024-02-15 20:16 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31383
--- Comment #3 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
(In reply to Siddhesh Poyarekar from comment #1)
> ```
> When no size-index argument is specified, the pointer argument must be
> either null or point to a space that is suitably aligned and large for __at
> least one object__ of the referenced type (this implies that a past-the-end
> pointer is not a valid argument).
> ```
>
> Well technically, the pointer argument *is* suitably aligned and large for
> 16 objects of 0 size, but the implication that it is hence not a
> past-the-end pointer is invalid. I'll drop the access attribute (since the
> additional value from having it is not really significant enough) but IMO
> -Wstringop-overflow needs to be fixed to handle pointers to zero-sized
> structs, i.e. it needs to ignore them and not conjure up an access size of 1
> out of nowhere.
Actually, no, I was wrong. The referenced type is void*, which is why the
warning is 'correct'. Maybe there's scope for better wording, but it does make
sense to warn in such cases:
extern void f2 (void *) __attribute__ ((__access__ (__write_only__, 1)));
void
f1 (void)
{
struct A {} a[16];
f2 (a);
}
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/31383] _FORTIFY_SOURCE=3 and __fortified_attr_access vs size of 0 and zero size types
2024-02-14 21:06 [Bug libc/31383] New: _FORTIFY_SOURCE==3 and __fortified_attr_access vs size of 0 and zero size types pinskia at gcc dot gnu.org
` (7 preceding siblings ...)
2024-02-15 20:16 ` siddhesh at sourceware dot org
@ 2024-02-28 13:35 ` cvs-commit at gcc dot gnu.org
2024-02-28 13:36 ` siddhesh at sourceware dot org
2024-02-28 13:36 ` siddhesh at sourceware dot org
10 siblings, 0 replies; 12+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-02-28 13:35 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31383
--- Comment #4 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Siddhesh Poyarekar
<siddhesh@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bf9688e623262c5fa9f91e4de0e84db45025076f
commit bf9688e623262c5fa9f91e4de0e84db45025076f
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Thu Feb 15 07:40:56 2024 -0500
cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383)
When passed a pointer to a zero-sized struct, the access attribute
without the third argument misleads -Wstringop-overflow diagnostics to
think that a function is writing 1 byte into the zero-sized structs.
The attribute doesn't add that much value in this context, so drop it
completely for _FORTIFY_SOURCE=3.
Resolves: BZ #31383
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/31383] _FORTIFY_SOURCE=3 and __fortified_attr_access vs size of 0 and zero size types
2024-02-14 21:06 [Bug libc/31383] New: _FORTIFY_SOURCE==3 and __fortified_attr_access vs size of 0 and zero size types pinskia at gcc dot gnu.org
` (8 preceding siblings ...)
2024-02-28 13:35 ` cvs-commit at gcc dot gnu.org
@ 2024-02-28 13:36 ` siddhesh at sourceware dot org
2024-02-28 13:36 ` siddhesh at sourceware dot org
10 siblings, 0 replies; 12+ messages in thread
From: siddhesh at sourceware dot org @ 2024-02-28 13:36 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31383
Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #5 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
Done.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug libc/31383] _FORTIFY_SOURCE=3 and __fortified_attr_access vs size of 0 and zero size types
2024-02-14 21:06 [Bug libc/31383] New: _FORTIFY_SOURCE==3 and __fortified_attr_access vs size of 0 and zero size types pinskia at gcc dot gnu.org
` (9 preceding siblings ...)
2024-02-28 13:36 ` siddhesh at sourceware dot org
@ 2024-02-28 13:36 ` siddhesh at sourceware dot org
10 siblings, 0 replies; 12+ messages in thread
From: siddhesh at sourceware dot org @ 2024-02-28 13:36 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31383
Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |2.40
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2024-02-28 13:36 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-02-14 21:06 [Bug libc/31383] New: _FORTIFY_SOURCE==3 and __fortified_attr_access vs size of 0 and zero size types pinskia at gcc dot gnu.org
2024-02-14 21:13 ` [Bug libc/31383] " sam at gentoo dot org
2024-02-14 21:15 ` sergiodj at sergiodj dot net
2024-02-14 21:20 ` sam at gentoo dot org
2024-02-14 21:20 ` [Bug libc/31383] _FORTIFY_SOURCE=3 " sam at gentoo dot org
2024-02-14 23:40 ` andreas at canonical dot com
2024-02-15 13:17 ` siddhesh at sourceware dot org
2024-02-15 17:16 ` siddhesh at sourceware dot org
2024-02-15 20:16 ` siddhesh at sourceware dot org
2024-02-28 13:35 ` cvs-commit at gcc dot gnu.org
2024-02-28 13:36 ` siddhesh at sourceware dot org
2024-02-28 13:36 ` siddhesh at sourceware dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).