lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 5 Sep 2021 13:52:29 -0700 From: Kees Cook <keescook@...omium.org> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Arnd Bergmann <arnd@...db.de>, Daniel Vetter <daniel@...ll.ch>, Dan Williams <dan.j.williams@...el.com>, Rasmus Villemoes <linux@...musvillemoes.dk>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "Gustavo A. R. Silva" <gustavoars@...nel.org>, Keith Packard <keithp@...thp.com>, Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, linux-hardening@...r.kernel.org Subject: Re: [GIT PULL] overflow updates for v5.15-rc1 On Sun, Sep 05, 2021 at 10:36:22AM -0700, Linus Torvalds wrote: > This is actually just bog-standard gcc-11.2 from F34, and an allmodconfig build. I've checked this on F32 now, and I still wasn't seeing the testsuite warnings. I did see this, though, unrelated to (but certainly thematically associated with) the overflow series: fs/qnx4/dir.c: In function 'qnx4_readdir': fs/qnx4/dir.c:51:32: warning: 'strnlen' specified bound 48 exceeds source size 16 [-Wstringop-overread] 51 | size = strnlen(de->di_fname, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from fs/qnx4/qnx4.h:3, from fs/qnx4/dir.c:16: ./include/uapi/linux/qnx4_fs.h:45:25: note: source object declared here 45 | char di_fname[QNX4_SHORT_NAME_MAX]; | ^~~~~~~~ > Three errors due to "-Werror=unused-value", but 17 each of variations on These are just side-effects of the actual warning going "missing". > error: call to ‘__read_overflow’ declared with attribute error: > detected read beyond size of object (1st parameter) > > and > > warning: unsafe xyz() usage lacked '__read_overflow' warning > > warnings. The latter is complaining about not seeing the former... O_o Oh... I found it: > error: call to ‘__read_overflow’ declared with attribute error: ^ ^ vs: error: call to '__read_overflow' declared with attribute error: ^ ^ Looks like it's LANG biting me! Ugh. LANG=en.US.UTF-8 is ' LANG=C is ' LANG=C.UTF-8 is ` Fedora uses C.UTF-8 by default, but my build tooling (and seemingly many others) are using LANG=en_US.UTF-8 or LANG=C. Specifically, this appears to be LC_NAME? Fixing now... -- Kees Cook
Powered by blists - more mailing lists