From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ruben10post@yahoo.de>
Received: from sonic308-17.consmr.mail.ir2.yahoo.com
 (sonic308-17.consmr.mail.ir2.yahoo.com [77.238.178.145])
 by sourceware.org (Postfix) with ESMTPS id AB9B03857806
 for <newlib@sourceware.org>; Wed, 16 Mar 2022 09:17:54 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org AB9B03857806
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1647422273; bh=r35Zrd8CO2sMiM9R3JhpltqIUbUiUQBUA1156uo3JDB=;
 h=X-Sonic-MF:Date:Subject:From:To:From:Subject;
 b=MUbyi275sEpi2y5Hysh/3Ny6fZuHLK0hfln5s67/tmHgkXK+B6xIfNqCI1bNQf3dj+xsQ2hV3ItChinA/ZDYm1UNukCf9EsFql1U9LppD2CJn4FwHC4C1uNyyLLefCtdl1NfCF806T7+AZDfWLl4v6UMMhlwIBjPzl1puUmY7ysOYmi/ZVlNbjWmK/CChLG7SReReRPXxYKZ67osktEaziyvPONla/2Xr8Par/s6bMpPr9aIF1/na/T9ul/+ttazdrknIoawBW2EQ6FA9y4/GhRha7VqTo4h3loUzEeAcb8EUhOI7YD2069XeB9S23QhB+AsCsr9iJNOOYBBifT+og==
X-YMail-OSG: oMbeRi8VM1mnh.0hMjJRrmEYDDsiei_R67kAYiNdDHJ9eTpZJEuwXwXMu_TYgrN
 M850J7uecMoxB72YI5GFdV5ZpG7iwV7_1DTwUdaWmqPUhVZEzN6iaE1f5K1530GRAqjA38uCRcWO
 6yNg6ppn4ViUjgsJpd00y6ZIzUgdVLqHTyymWhhetdpG8Zb7Rk.kIdWPudh746olqnUDxVVBsuo2
 0I1wmT5UHfC_MKz_ZRAhQLSDaJmGImHFAC0gKBoYTsqjQCgMotjxkKmS7CIDzKO1i_WyryFL9jXp
 pCq.riFXpy.ykgdERVzQ1fMuNkVgqcaJnnp5IrshMS0NUIT1chBEwhr.I0jWAEw1ZsdhGKb1IuEt
 mqQYE6v6SpdPCzDT0Er5qiB2LX63mO8dk_th2xoeWVMvBltKhq0jfm.Ry_8O0UzxX_a_na2kFU1A
 5RyC34lTMPkq8CbHp8xn0Kz_KiYnlkDUekUwWmhLZ4OKerKhKU5HiCKkLqZwRndcDkcQlklqAhEj
 vHwQhYTBpxbfDjcaeBFHp6C1CXdFAg2IGYojoXH_GgUIGRZoAlacGOzo84ymR.CtWIjp0Jue7n7a
 BlbjJ0JHVyE1SOJ6sv9QoDISXITSR3FtSBz22iKxY7box4aDXQf2Xo1zOuu4A9cFUVf8OOmsnZ7.
 VpInxOrh.sbfgaRLiComG1HReTegN2eJQYqk7MHf2eq87B3ZfsOQLngqn2Fz58s_BLDnZBhV.X4U
 ildWS1K.1phCm3LPbm55Ix2JfrtpGVRHPHiAvUNDqyB6CXW7_j5X9lXxqsblL8ZEOCFUSWBg2uW8
 TCYFsW6SW4YAWckC2cAXIwQt2c.LfTzPFtWyc7LVX9LBZbGvt8.DYVojGugWwkHiJ2H8SWvZLRj5
 x_sLkZtMs6x.irWQ1Z44KdaE6xD5NLQv9L1A2VOAGMiqIWKfFS3W._ijlsbZqJvw2h35z2vCNKpS
 FI6REz5HZVaEt0x.NzGpaJt7k_9yfc3rigSXV6EbljaRjB71iQOFttdHDMyv_ewNs96l3gCA1VL.
 xhqqtIvg9dbZR1k0sgPo.GgzUiAEc1CnkqBhUX_evsjhsR.gPIQ_36uMuZbHOTe4lgOM4wFOnsdV
 j_BTVQs8Q6t9K0QACA3SQPSl7Aahusurca1qhVxmIUm9NuUvTgDdUUzHbOrnwJ2EPwLtZqC7HEKg
 ghqdjYil0Qmbdj0MJMf_gH0ME9Ot.OOLYkD9LVPafXu0iSQwmA.MGswfT1Emw9VG8tB19VFHjASC
 LjYAnbVbCozInkrlyO1CeNcFeKOauOyhZ_UuU9t0tzVAEwSFFEhwnMbmcjCd8EGj11.7m1CIpszp
 m0nVM9HGFE7pzi0GtkVw.7qhE45w4.v5Q9jEb40YsEVjXbschpY7bvVts9JHRCNlMmUPn0CEMoXI
 RIkUhnpHaR1uOARxFSTY0jG6aL0m1K4bQc4s8em5WZhlLeT013c6dO9H7qtesEW0hbhnlAv8JzIc
 R9o70.wmi3Iu0Jz1reMy5D_Uo26fTk_8vl6wk1rwnqqalZ.NQINucEjzGwlm7Ihc41h.7swhUysm
 yYFNSwYGN8gLpqzXl1xfCgfsrx6iScuiMU_kG9uFT4ZyiSizsaMyatIjndgPsGI2ndhIEN7VE0jQ
 v2W6mY_tv5P1QqXt0CmeT78tuak2eFZQ1S.ud.Ahq7Zka2P2HtKsa3AvmCVpfEZJJq6_lxi_J9aS
 GIv5_Kr_uWXoH1.vEpHjqTEg5n34l.PpaChOFlvk6aeqgSnfBE5WE0amn_AuefMtzsG7Z27NnXeW
 HA9OzMUOUYI3k_ITTANQLSnC8J_udPH1x.4odMUPf490biuvC4CBg.MU.AAFfuOE6SDR2a9scOm2
 HK2LV.NfJHgwYkbbGl6y9PSRDd9BuNp7dKddqG_H5WJOTFCBo77dEGJ98_fjtql4W3WYmLXAmPVT
 mdTI3J.RwNr8fdL8rImxnhfjMF2pL5o.5iIIR7lGfEDaxmTaiI2EEKnMuYjpPlzYS_Z.74Lv0TV7
 blcMc_.ZgCS17FFrtgDEzKM.9LP3co1h6tNMTQwgUGh9Mt1APheE13elWFGJUuWuigEUJrf.R5MH
 tCjRFkor2cFNcEH1.M_HqwXAVcK63mgCEROcxOVWVyTomElE6XyLHZ14ky0CGnv.2AYbvE7KKKML
 ZXSl1Z3uOTZ3yEAp5lTyb9tJE7rR046088zV4tqw.cSVnX_tV5YFZAjra0qJot2rvlU1XcR4qEGz
 OYjzi1Rjnray.piNtk.LTWTyZMZtgHUb9AR4kWN.Q1gaQi.DJnvn18nnqjiudIrSkgR4qBeSa6xs
 IDgBSKap_LDV3
X-Sonic-MF: <ruben10post@yahoo.de>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic308.consmr.mail.ir2.yahoo.com with HTTP; Wed, 16 Mar 2022 09:17:53 +0000
Received: by kubenode515.mail-prod1.omega.ir2.yahoo.com (VZM Hermes SMTP
 Server) with ESMTPA ID a175e9f259b3c8d4f6a1ef4e045f9bea; 
 Wed, 16 Mar 2022 09:17:48 +0000 (UTC)
Message-ID: <16551142-64aa-fdda-8f9e-7656c6b9390f@yahoo.de>
Date: Wed, 16 Mar 2022 10:17:47 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.5.0
Subject: Re: [PATCH v2] newlib: fix build with <gcc-5 versions
Content-Language: en-GB
References: <20220314032559.24535-1-vapier@gentoo.org>
 <20220315032550.16502-1-vapier@gentoo.org>
 <2c68b0f8-03ad-d93d-dd35-002a66576ff8@foss.arm.com> <YjEnGIyU31Kl6zYJ@vapier>
 <e8076dd4-5977-4cfd-a968-2ce5f85ca905@yahoo.de> <YjGgE0WFwVPT2oh1@vapier>
From: "R. Diez" <rdiezmail-newlib@yahoo.de>
Cc: newlib@sourceware.org, Richard Earnshaw <Richard.Earnshaw@foss.arm.com>
To: Mike Frysinger <vapier@gentoo.org>
In-Reply-To: <YjGgE0WFwVPT2oh1@vapier>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailer: WebService/1.1.19878
 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo
X-Spam-Status: No, score=-0.8 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, NICE_REPLY_A,
 RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: newlib@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Newlib mailing list <newlib.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/newlib>,
 <mailto:newlib-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/newlib/>
List-Post: <mailto:newlib@sourceware.org>
List-Help: <mailto:newlib-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/newlib>,
 <mailto:newlib-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Mar 2022 09:17:57 -0000


>> Therefore, compiling your code with GCC < 5 will silently break your application.
>> After all, the only reason to use __builtin_mul_overflow() is
>> that you need to check for overflow, is it?
> 
> practically speaking, i don't think this is a big deal.  newlib gained these
> checks only "recently" (<2 years ago).  newlib has been around for much much
> longer, and the world didn't notice.

Such general justifications wouldn't pass quality assurance (if we had one).


> yes, if an app starts trying to allocate
> huge amounts of memory such that it triggers 32-bit overflows when calculating,
> the new size, it will probably internally allocate fewer bytes than requested,
> and things will get corrupted.  but like, don't do that :p.  such applications
> probably will have other problems already.

You are suggesting that this only affects memory allocation, but the patch is for libc/include/sys/cdefs.h , so those mine traps will be available for everybody.

People will tend to assume that anything in Newlib is correct, and code has a way to get copied around and re-used.

There are many ways to mitigate the risk:

- Require GCC 5.
- Provide a proper implementation of __builtin_mul_overflow().
- Patch all users of __builtin_mul_overflow() within Newlib, so that they do not use it if the compiler does not provide it.
- Issue a compilation warning for GCC < 5 that the "stub" __builtin_mul_overflow() is broken.
   Note that this is not actually a "stub" implementation in the common sense.
- Add an "assert( false ) // fix me" inside the implementation.
- Add a comment stating that the "stub" implementation is not actually correct.

Regards,
   rdiez