lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ac8f9634-e298-3daa-e85d-c4b2478ee0a2@embeddedor.com>
Date:   Wed, 30 Jan 2019 17:30:34 -0600
From:   "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To:     Kees Cook <keescook@...omium.org>
Cc:     LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] lib: zstd: Mark expected switch fall-throughs



On 1/30/19 1:58 AM, Kees Cook wrote:
> On Wed, Jan 30, 2019 at 12:34 PM Gustavo A. R. Silva
> <gustavo@...eddedor.com> wrote:
>>
>> In preparation to enabling -Wimplicit-fallthrough, mark switch
>> cases where we are expecting to fall through.
>>
>> This patch fixes the following warnings:
>>
>> lib/zstd/bitstream.h:261:30: warning: this statement may fall through [-Wimplicit-fallthrough=]
>> lib/zstd/bitstream.h:262:30: warning: this statement may fall through [-Wimplicit-fallthrough=]
>> lib/zstd/bitstream.h:263:30: warning: this statement may fall through [-Wimplicit-fallthrough=]
>> lib/zstd/bitstream.h:264:30: warning: this statement may fall through [-Wimplicit-fallthrough=]
>> lib/zstd/bitstream.h:265:30: warning: this statement may fall through [-Wimplicit-fallthrough=]
>> lib/zstd/compress.c:3183:16: warning: this statement may fall through [-Wimplicit-fallthrough=]
>> lib/zstd/decompress.c:1770:18: warning: this statement may fall through [-Wimplicit-fallthrough=]
>> lib/zstd/decompress.c:2376:15: warning: this statement may fall through [-Wimplicit-fallthrough=]
>> lib/zstd/decompress.c:2404:15: warning: this statement may fall through [-Wimplicit-fallthrough=]
>> lib/zstd/decompress.c:2435:16: warning: this statement may fall through [-Wimplicit-fallthrough=]
>> lib/zstd/huf_compress.c: In function ‘HUF_compress1X_usingCTable’:
>> lib/zstd/huf_compress.c:535:5: warning: this statement may fall through [-Wimplicit-fallthrough=]
>>   if (sizeof((stream)->bitContainer) * 8 < HUF_TABLELOG_MAX * 4 + 7) \
>>      ^
>> lib/zstd/huf_compress.c:558:54: note: in expansion of macro ‘HUF_FLUSHBITS_2’
>>   case 3: HUF_encodeSymbol(&bitC, ip[n + 2], CTable); HUF_FLUSHBITS_2(&bitC);
>>                                                       ^~~~~~~~~~~~~~~
>> lib/zstd/huf_compress.c:559:2: note: here
>>   case 2: HUF_encodeSymbol(&bitC, ip[n + 1], CTable); HUF_FLUSHBITS_1(&bitC);
>>   ^~~~
>> lib/zstd/huf_compress.c:531:5: warning: this statement may fall through [-Wimplicit-fallthrough=]
>>   if (sizeof((stream)->bitContainer) * 8 < HUF_TABLELOG_MAX * 2 + 7) \
>>      ^
>> lib/zstd/huf_compress.c:559:54: note: in expansion of macro ‘HUF_FLUSHBITS_1’
>>   case 2: HUF_encodeSymbol(&bitC, ip[n + 1], CTable); HUF_FLUSHBITS_1(&bitC);
>>                                                       ^~~~~~~~~~~~~~~
>> lib/zstd/huf_compress.c:560:2: note: here
>>   case 1: HUF_encodeSymbol(&bitC, ip[n + 0], CTable); HUF_FLUSHBITS(&bitC);
>>   ^~~~
>>   AR      lib/zstd//built-in.a
>>
>> Warning level 3 was used: -Wimplicit-fallthrough=3
>>
>> This patch is part of the ongoing efforts to enabling -Wimplicit-fallthrough.
>>
>> Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
>> ---
>>  lib/zstd/bitstream.h    | 5 +++++
>>  lib/zstd/compress.c     | 1 +
>>  lib/zstd/decompress.c   | 5 ++++-
>>  lib/zstd/huf_compress.c | 2 ++
>>  4 files changed, 12 insertions(+), 1 deletion(-)
>>
>> diff --git a/lib/zstd/bitstream.h b/lib/zstd/bitstream.h
>> index a826b99e1d63..3a49784d5c61 100644
>> --- a/lib/zstd/bitstream.h
>> +++ b/lib/zstd/bitstream.h
>> @@ -259,10 +259,15 @@ ZSTD_STATIC size_t BIT_initDStream(BIT_DStream_t *bitD, const void *srcBuffer, s
>>                 bitD->bitContainer = *(const BYTE *)(bitD->start);
>>                 switch (srcSize) {
>>                 case 7: bitD->bitContainer += (size_t)(((const BYTE *)(srcBuffer))[6]) << (sizeof(bitD->bitContainer) * 8 - 16);
>> +                       /* fall through */
>>                 case 6: bitD->bitContainer += (size_t)(((const BYTE *)(srcBuffer))[5]) << (sizeof(bitD->bitContainer) * 8 - 24);
>> +                       /* fall through */
>>                 case 5: bitD->bitContainer += (size_t)(((const BYTE *)(srcBuffer))[4]) << (sizeof(bitD->bitContainer) * 8 - 32);
>> +                       /* fall through */
>>                 case 4: bitD->bitContainer += (size_t)(((const BYTE *)(srcBuffer))[3]) << 24;
>> +                       /* fall through */
>>                 case 3: bitD->bitContainer += (size_t)(((const BYTE *)(srcBuffer))[2]) << 16;
>> +                       /* fall through */
>>                 case 2: bitD->bitContainer += (size_t)(((const BYTE *)(srcBuffer))[1]) << 8;
>>                 default:;
>>                 }
>> diff --git a/lib/zstd/compress.c b/lib/zstd/compress.c
>> index f9166cf4f7a9..5e0b67003e55 100644
>> --- a/lib/zstd/compress.c
>> +++ b/lib/zstd/compress.c
>> @@ -3182,6 +3182,7 @@ static size_t ZSTD_compressStream_generic(ZSTD_CStream *zcs, void *dst, size_t *
>>                                 zcs->outBuffFlushedSize = 0;
>>                                 zcs->stage = zcss_flush; /* pass-through to flush stage */
>>                         }
>> +                       /* fall through */
> 
> Perhaps reword the existing comment and move it down?
> 
>>
>>                 case zcss_flush: {
>>                         size_t const toFlush = zcs->outBuffContentSize - zcs->outBuffFlushedSize;
>> diff --git a/lib/zstd/decompress.c b/lib/zstd/decompress.c
>> index b17846725ca0..269ee9a796c1 100644
>> --- a/lib/zstd/decompress.c
>> +++ b/lib/zstd/decompress.c
>> @@ -1768,6 +1768,7 @@ size_t ZSTD_decompressContinue(ZSTD_DCtx *dctx, void *dst, size_t dstCapacity, c
>>                         return 0;
>>                 }
>>                 dctx->expected = 0; /* not necessary to copy more */
>> +               /* fall through */
>>
>>         case ZSTDds_decodeFrameHeader:
>>                 memcpy(dctx->headerBuffer + ZSTD_frameHeaderSize_prefix, src, dctx->expected);
>> @@ -2375,7 +2376,7 @@ size_t ZSTD_decompressStream(ZSTD_DStream *zds, ZSTD_outBuffer *output, ZSTD_inB
>>                         }
>>                         zds->stage = zdss_read;
>>                 }
>> -               /* pass-through */
>> +               /* fall through */
>>
>>                 case zdss_read: {
>>                         size_t const neededInSize = ZSTD_nextSrcSizeToDecompress(zds->dctx);
>> @@ -2404,6 +2405,7 @@ size_t ZSTD_decompressStream(ZSTD_DStream *zds, ZSTD_outBuffer *output, ZSTD_inB
>>                         zds->stage = zdss_load;
>>                         /* pass-through */
>>                 }
>> +               /* fall through */
> 
> Same ("pass-through" exists a couple lines up)
> 
>>
>>                 case zdss_load: {
>>                         size_t const neededInSize = ZSTD_nextSrcSizeToDecompress(zds->dctx);
>> @@ -2436,6 +2438,7 @@ size_t ZSTD_decompressStream(ZSTD_DStream *zds, ZSTD_outBuffer *output, ZSTD_inB
>>                                 /* pass-through */
>>                         }
>>                 }
>> +               /* fall through */
> 
> Same

Yeah. The thing is that the pass-though comment is embedded in two nested blocks of code. And GCC triggers
a warning if the fall-through comments are not placed at the very bottom of the case statement (some people
dislike this 'feature').

That's the reason why I didn't want to change any of the pass-through comments, and instead added the
fall-through comments at the bottom of every case.

What do you think about this 'feature'?

> 
>>
>>                 case zdss_flush: {
>>                         size_t const toFlushSize = zds->outEnd - zds->outStart;
>> diff --git a/lib/zstd/huf_compress.c b/lib/zstd/huf_compress.c
>> index 40055a7016e6..e727812d12aa 100644
>> --- a/lib/zstd/huf_compress.c
>> +++ b/lib/zstd/huf_compress.c
>> @@ -556,7 +556,9 @@ size_t HUF_compress1X_usingCTable(void *dst, size_t dstSize, const void *src, si
>>         n = srcSize & ~3; /* join to mod 4 */
>>         switch (srcSize & 3) {
>>         case 3: HUF_encodeSymbol(&bitC, ip[n + 2], CTable); HUF_FLUSHBITS_2(&bitC);
>> +               /* fall through */
>>         case 2: HUF_encodeSymbol(&bitC, ip[n + 1], CTable); HUF_FLUSHBITS_1(&bitC);
>> +               /* fall through */
>>         case 1: HUF_encodeSymbol(&bitC, ip[n + 0], CTable); HUF_FLUSHBITS(&bitC);
>>         case 0:
>>         default:;
>> --
>> 2.20.1
>>
> 
> Otherwise, yup, looks good.
> 
> Reviewed-by: Kees Cook <keescook@...omium.org>
> 

Thanks

--
Gustavo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ