From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qt1-x835.google.com (mail-qt1-x835.google.com [IPv6:2607:f8b0:4864:20::835]) by sourceware.org (Postfix) with ESMTPS id A3A503854819 for ; Mon, 10 May 2021 17:14:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org A3A503854819 Received: by mail-qt1-x835.google.com with SMTP id f8so8310242qth.6 for ; Mon, 10 May 2021 10:14:03 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=Fcr/1/Is3uN/9jKlq8D+GuhnOQUS/oErZYA9McGIzkI=; b=CtpigSOKY12+OoCgBtWbtsPoTMDQqi0fC5A/9gkR/RzDSD+ZxEwIKxeEbO2AJWT67r x8IEqlXHNQ/XXBmVhGCSJo93hRFXd7l0SPOahxf1nP9Byoh+tZUN5rqc8/oALWDU6xVA bIGfnJ5u2j8trGaBHaZZ+S5iGhWv4NVvUhYOi7Z12qZWJEAaljIK3NDfFzUzzBbJggLK r61ZfYQBTxm29t4Dc7O/mXFX3PsEX45x4Nqap7LduisPD/4XPLUYhT48F/W6Ur+oBgBA kwRp7DaGvp5IZJ/OCF0BHoHMFvKUh82Nw8grCvskklN5D8uUaIhfMHaqgTps175zxftq ODOg== X-Gm-Message-State: AOAM530Yz1i85jtgVz8A1l9J8yiwVtIQxu6FaE7NKiM7gfFg66EplQf2 9S7iXH4Nqh5HhWlgBB+weySN8JQxE9M= X-Google-Smtp-Source: ABdhPJxQbGLdgbLsRbRinzFlN1E4LzpT80Mw7LsFShcdhyUewhTOahvDT5Z9y06DwXzKi9sZKkXh2Q== X-Received: by 2002:ac8:6c48:: with SMTP id z8mr22705632qtu.219.1620666843327; Mon, 10 May 2021 10:14:03 -0700 (PDT) Received: from [192.168.0.41] (71-218-14-121.hlrn.qwest.net. [71.218.14.121]) by smtp.gmail.com with ESMTPSA id 189sm12303002qkh.99.2021.05.10.10.14.02 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 10 May 2021 10:14:02 -0700 (PDT) Subject: Re: [PATCH] more out of bounds checking improvements To: Florian Weimer , Martin Sebor via Libc-alpha Cc: Joseph Myers References: <176ba75f-4299-073f-8319-66dbf9fe3f42@gmail.com> <87k0ot9trs.fsf@oldenburg.str.redhat.com> <87v98d6ldm.fsf@oldenburg.str.redhat.com> <2a7e377d-60c8-313b-9422-6cd0b4f5224c@gmail.com> <87fsyvf04w.fsf@oldenburg.str.redhat.com> From: Martin Sebor Message-ID: <7da0198c-a478-d877-4b64-da5a50e7e87b@gmail.com> Date: Mon, 10 May 2021 11:14:01 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 In-Reply-To: <87fsyvf04w.fsf@oldenburg.str.redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-10.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2021 17:14:05 -0000 On 5/10/21 2:45 AM, Florian Weimer wrote: > * Martin Sebor via Libc-alpha: > >> diff --git a/nss/makedb.c b/nss/makedb.c >> index 74edb749cf..9389f6b548 100644 >> --- a/nss/makedb.c >> +++ b/nss/makedb.c >> @@ -747,7 +747,8 @@ write_output (int fd) >> header->valstrlen = valstrlen; >> >> size_t filled_dbs = 0; >> - struct iovec iov[2 + ndatabases * 3]; >> + size_t iov_nelts = 2 + ndatabases * 3; >> + struct iovec iov[iov_nelts]; >> iov[0].iov_base = header; >> iov[0].iov_len = file_offset; >> >> @@ -791,7 +792,9 @@ write_output (int fd) >> + nhashentries_total * sizeof (stridx_t))); >> header->allocate = file_offset; >> >> - if (writev (fd, iov, 2 + ndatabases * 3) != keydataoffset) >> + /* Help GCC 10 see iov_nelts doesn't overflow the writev argument. */ >> + assert (iov_nelts <= INT_MAX); >> + if (writev (fd, iov, iov_nelts) != keydataoffset) >> { >> error (0, errno, gettext ("failed to write new database file")); >> return EXIT_FAILURE; > > I don't think you should use assert to suppress compiler warnings > because we are supposed to have warning-free builds even with -DNDEBUG > (although it's likely that other problems exist). So how about the following instead of the assert? diff --git a/nss/makedb.c b/nss/makedb.c index 9389f6b548..6551b3cf2a 100644 --- a/nss/makedb.c +++ b/nss/makedb.c @@ -792,14 +792,25 @@ write_output (int fd) + nhashentries_total * sizeof (stridx_t))); header->allocate = file_offset; - /* Help GCC 10 see iov_nelts doesn't overflow the writev argument. */ assert (iov_nelts <= INT_MAX); + +#if __GNUC_PREREQ (10, 0) + DIAG_PUSH_NEEDS_COMMENT; + /* Avoid GCC 10 false positice warning: specified size exceeds maximum + object size. */ + DIAG_IGNORE_NEEDS_COMMENT (10, "-Wstringop-overflow"); +#endif + if (writev (fd, iov, iov_nelts) != keydataoffset) { error (0, errno, gettext ("failed to write new database file")); return EXIT_FAILURE; } +#if __GNUC_PREREQ (10, 0) + DIAG_POP_NEEDS_COMMENT; +#endif + return EXIT_SUCCESS; } Martin