From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id ED96A385BF86 for ; Tue, 25 Jan 2022 17:51:21 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org ED96A385BF86 Received: from mail-qv1-f71.google.com (mail-qv1-f71.google.com [209.85.219.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-541-8pdKQobJOn6Obfb6GVktsA-1; Tue, 25 Jan 2022 12:51:20 -0500 X-MC-Unique: 8pdKQobJOn6Obfb6GVktsA-1 Received: by mail-qv1-f71.google.com with SMTP id jq14-20020ad45fce000000b0041f389903aaso21675206qvb.18 for ; Tue, 25 Jan 2022 09:51:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:from:to:references:organization:in-reply-to :content-transfer-encoding; bh=xNDXy6cyIFVCwS+j8djqZNPFUak0VyOHyMh4SNW/j4k=; b=dtk1M1UOvtEEZLMZ4lTwDQqvZUhtuvuJ8TQ+2xtYHcKBhyZZiR+PyizQ4d2fJ20m3c AOq2kKDn0w9cHZEJelGHhd91z66SaErFtC2wSKX4u1ZtiXXOVoqOYZGwz1gJCxODwesZ fZyMa3uqPvsMhgefzne5ToT5KsaDdP8LDmVotc3dUp9AjF+QfkVjnH/UKb70V2GNZjeP 6Rt/QJFS/c6C339spAjgPjxa5sWLnAkNuvo4xZSU5imL+3ogSX5orvdfu/K6k+ct0uPV 6WXUOklb4DzbLwX5LltCG76R7RMX2lPKkgqzRabDBP4tVOpAA2atecnbRsYWoImEUvjW kgeA== X-Gm-Message-State: AOAM533j6R1LchDzMAzN7TJDnTMgvt7e+miSFstbp4JD8u9sKUKcvojj zlRexrck81b0mxP7i8i9BKcp3Buf+2VGKOqI2YlTmg3tXKL8E5kqYDiDf/eFNmhymN9h2dS8xwO ClIDVIdUWGNalFEBZ1hJr X-Received: by 2002:a05:6214:2508:: with SMTP id gf8mr13766517qvb.24.1643133079392; Tue, 25 Jan 2022 09:51:19 -0800 (PST) X-Google-Smtp-Source: ABdhPJxepkH/DAVJkJddTtyiGXLRLpE8kDdj80yFygBOdz+sPyuoPZqgs3A7QwfMJczMywmbHS6eyw== X-Received: by 2002:a05:6214:2508:: with SMTP id gf8mr13766498qvb.24.1643133079145; Tue, 25 Jan 2022 09:51:19 -0800 (PST) Received: from [192.168.0.241] (135-23-175-80.cpe.pppoe.ca. [135.23.175.80]) by smtp.gmail.com with ESMTPSA id bi12sm215856qkb.18.2022.01.25.09.51.18 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 25 Jan 2022 09:51:18 -0800 (PST) Message-ID: <2f541755-b177-9c5a-3237-51946e96fcce@redhat.com> Date: Tue, 25 Jan 2022 12:51:17 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 Subject: Re: [PATCH v2 4/5] avoid -Wuse-after-free [BZ #26779] From: Carlos O'Donell To: Martin Sebor , libc-alpha@sourceware.org References: <53f20975-a2c9-674d-2a43-b1b323ee545c@gmail.com> <05e683bb-96d7-ebff-b0e1-f988e261b19b@gmail.com> Organization: Red Hat In-Reply-To: X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-12.1 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, NICE_REPLY_A, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2022 17:51:23 -0000 On 1/25/22 12:49, Carlos O'Donell wrote: > On 1/24/22 19:58, Martin Sebor via Libc-alpha wrote: >> On 1/24/22 17:52, Martin Sebor wrote: >>> This is a repost of the original patch but broken down by source >>> file and with some suppression done by #pragma GCC diagnostic >>> instead of conversion to intptr_t.  It also adds fixes for >>> the same problem in the test suite that I overlooked before. >> >> The attached patch suppresses the -Wuse-after-free instance in >> stdlib/setenv.c. >> >>> >>> On 1/15/22 17:21, Martin Sebor wrote: >>>> GCC 12 features a couple of new warnings designed to detect uses >>>> of pointers made invalid by the pointees lifetimes having ended. >>>> Building Glibc with the enhanced GCC exposes a few such uses, >>>> mostly after successful calls to realloc.  The attached patch >>>> avoids the new warnings by converting the pointers to uintptr_t >>>> first and using the converted integers instead. >>>> >>>> The patch suppresses all instances of the warning at the strictest >>>> setting (-Wuse-after-free=3), which includes even uses in equality >>>> expressions.  The default setting approved for GCC 12 is >>>> -Wuse-after-free=2, which doesn't warn on such uses to accommodate >>>> the pointer-adjustment-after-realloc idiom.  At the default setting, >>>> the changes to ldconfig.c and setenv are not necessary. >>>> >>>> Martin >>> > > OK for glibc 2.35, please push this commit. > > Expected commit message (three lines) > ~~~ > io: Fix use-after-free in ftw [BZ #26779] Should be: ~~~ stdlib: Avoid -Wuse-after-free [BZ #26779] Reviewed-by: Carlos O'Donell ~~~ > > Reviewed-by: Carlos O'Donell > ~~~ > > Reviewed-by: Carlos O'Donell > >> diff --git a/stdlib/setenv.c b/stdlib/setenv.c >> index c3d2cee7b6..2176cbac31 100644 >> --- a/stdlib/setenv.c >> +++ b/stdlib/setenv.c >> @@ -150,7 +150,9 @@ __add_to_environ (const char *name, const char *value, const char *combined, >> { >> char **new_environ; >> >> - /* We allocated this space; we can extend it. */ >> + /* We allocated this space; we can extend it. Avoid using the raw >> + reallocated pointer to avoid GCC -Wuse-after-free. */ >> + uintptr_t ip_last_environ = (uintptr_t)last_environ; > > OK. Create a temporary pointer. > >> new_environ = (char **) realloc (last_environ, >> (size + 2) * sizeof (char *)); >> if (new_environ == NULL) >> @@ -159,7 +161,7 @@ __add_to_environ (const char *name, const char *value, const char *combined, >> return -1; >> } >> >> - if (__environ != last_environ) >> + if ((uintptr_t)__environ != ip_last_environ) > > OK. Lastly, use the temporary pointer for the comparison. > >> memcpy ((char *) new_environ, (char *) __environ, >> size * sizeof (char *)); >> > > -- Cheers, Carlos.