From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) by sourceware.org (Postfix) with ESMTP id 15A25385782D for ; Thu, 17 Mar 2022 02:42:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 15A25385782D Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gentoo.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gentoo.org Received: by smtp.gentoo.org (Postfix, from userid 559) id A61753406D1; Thu, 17 Mar 2022 02:42:05 +0000 (UTC) Date: Wed, 16 Mar 2022 22:41:42 -0400 From: Mike Frysinger To: "R. Diez" Cc: newlib@sourceware.org, Richard Earnshaw Subject: Re: [PATCH v2] newlib: fix build with Mail-Followup-To: "R. Diez" , newlib@sourceware.org, Richard Earnshaw References: <20220314032559.24535-1-vapier@gentoo.org> <20220315032550.16502-1-vapier@gentoo.org> <2c68b0f8-03ad-d93d-dd35-002a66576ff8@foss.arm.com> <16551142-64aa-fdda-8f9e-7656c6b9390f@yahoo.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="DnsNw1qdn3yrBRw4" Content-Disposition: inline In-Reply-To: <16551142-64aa-fdda-8f9e-7656c6b9390f@yahoo.de> X-Spam-Status: No, score=-5.5 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: newlib@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Newlib mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Mar 2022 02:42:07 -0000 --DnsNw1qdn3yrBRw4 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 16 Mar 2022 10:17, R. Diez wrote: > >> Therefore, compiling your code with GCC < 5 will silently break your a= pplication. > >> After all, the only reason to use __builtin_mul_overflow() is > >> that you need to check for overflow, is it? > >=20 > > practically speaking, i don't think this is a big deal. newlib gained = these > > checks only "recently" (<2 years ago). newlib has been around for much= much > > longer, and the world didn't notice. >=20 > Such general justifications wouldn't pass quality assurance (if we had on= e). in your opinion. software is not perfect, it's trade-offs. > > yes, if an app starts trying to allocate > > huge amounts of memory such that it triggers 32-bit overflows when calc= ulating, > > the new size, it will probably internally allocate fewer bytes than req= uested, > > and things will get corrupted. but like, don't do that :p. such appli= cations > > probably will have other problems already. >=20 > You are suggesting that this only affects memory allocation, but the patc= h is for libc/include/sys/cdefs.h , so those mine traps will be available f= or everybody. >=20 > People will tend to assume that anything in Newlib is correct, and code h= as a way to get copied around and re-used. >=20 > There are many ways to mitigate the risk: >=20 > - Require GCC 5. > - Provide a proper implementation of __builtin_mul_overflow(). > - Patch all users of __builtin_mul_overflow() within Newlib, so that they= do not use it if the compiler does not provide it. > - Issue a compilation warning for GCC < 5 that the "stub" __builtin_mul_o= verflow() is broken. > Note that this is not actually a "stub" implementation in the common s= ense. > - Add an "assert( false ) // fix me" inside the implementation. > - Add a comment stating that the "stub" implementation is not actually co= rrect. any option that prevents correct execution with gcc-4 is not an improvement. if you care this much, feel free to contribute a patch. or use gcc-5+ and not worry about it. -mike --DnsNw1qdn3yrBRw4 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEuQK1JxMl+JKsJRrUQWM7n+g39YEFAmIyn+YACgkQQWM7n+g3 9YGbRg//c1miuy5+4dh1DMqRPiw2H8o4A8peDpoXsHqC46lc2dD1vq6XDC3RT4/F VKJePv41D0OnLjw3ESVkpKjvHxnudKeNmdXH+6zGXeiJECyugigc9JuMq4pnaa7z cT9Un9EvezM1BBPoGzz1duNXHvhxLWkltOqbUKOXLP+UR1pBDwvTA/qFyRQk+rxE DGvpAZvKMj9Lwa1+V0tS7pA1aHhRwyIA2nR5JfUQ02Uj2G5zODnLfEkJLFWJnt8d lvqb6zwRF1ZfgS2ksBkedzo9KN94fBDC9q9yTUEXigkgcbQxb+NZQ6+UEpN4KYSA 2Hujr0AhMLctt0G2l6qsYnjhFqk2rhsueKn7bUQ3MhxAtqQYZZZi0mTblCsC0qPt zkpK3NHPdLgWm60g9u7WAsd61ZRC8iK7+2qxnl0oaHr1XiUMK8KGpywMg+FDy0z9 ILQ3UtW2ixnaB+rxpigCdEoiGTU8R0Tgnpb9qVHkAuzk9F2Vs8/KeYk4BC7Rwv81 jfdTTOzvAXVp2zhQkjFGFZtf5cwo/a2zSqGxeqqw5MTRMnT/pn3BEUnxnqnwb9TL Xij2K1ZYPnS6RBOWaT4rzsu9JQ2NB0AWebTU8CA0Y7sZa3dtK8f1m+ZRMwHBvrVa JgvWzEammAcKeKjT/1udPxTFFyQFxufIMNssh4+uZ+a8Jq8FtoE= =8Xyq -----END PGP SIGNATURE----- --DnsNw1qdn3yrBRw4--