lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAGXu5jKphYGcrNm8TGE88ncGJFXQKKruEXGfxNx-F=ZH-xjOeg@mail.gmail.com>
Date:   Thu, 31 Jan 2019 18:49:55 +1300
From:   Kees Cook <keescook@...omium.org>
To:     "Gustavo A. R. Silva" <gustavo@...eddedor.com>
Cc:     LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] lib: zstd: Mark expected switch fall-throughs

On Thu, Jan 31, 2019 at 12:30 PM Gustavo A. R. Silva
<gustavo@...eddedor.com> wrote:
>
>
>
> On 1/30/19 1:58 AM, Kees Cook wrote:
> > On Wed, Jan 30, 2019 at 12:34 PM Gustavo A. R. Silva
> > <gustavo@...eddedor.com> wrote:
> >>
> >> In preparation to enabling -Wimplicit-fallthrough, mark switch
> >> cases where we are expecting to fall through.
> >>
> >> This patch fixes the following warnings:
> >>
> >> lib/zstd/bitstream.h:261:30: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/bitstream.h:262:30: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/bitstream.h:263:30: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/bitstream.h:264:30: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/bitstream.h:265:30: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/compress.c:3183:16: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/decompress.c:1770:18: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/decompress.c:2376:15: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/decompress.c:2404:15: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/decompress.c:2435:16: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >> lib/zstd/huf_compress.c: In function ‘HUF_compress1X_usingCTable’:
> >> lib/zstd/huf_compress.c:535:5: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >>   if (sizeof((stream)->bitContainer) * 8 < HUF_TABLELOG_MAX * 4 + 7) \
> >>      ^
> >> lib/zstd/huf_compress.c:558:54: note: in expansion of macro ‘HUF_FLUSHBITS_2’
> >>   case 3: HUF_encodeSymbol(&bitC, ip[n + 2], CTable); HUF_FLUSHBITS_2(&bitC);
> >>                                                       ^~~~~~~~~~~~~~~
> >> lib/zstd/huf_compress.c:559:2: note: here
> >>   case 2: HUF_encodeSymbol(&bitC, ip[n + 1], CTable); HUF_FLUSHBITS_1(&bitC);
> >>   ^~~~
> >> lib/zstd/huf_compress.c:531:5: warning: this statement may fall through [-Wimplicit-fallthrough=]
> >>   if (sizeof((stream)->bitContainer) * 8 < HUF_TABLELOG_MAX * 2 + 7) \
> >>      ^
> >> lib/zstd/huf_compress.c:559:54: note: in expansion of macro ‘HUF_FLUSHBITS_1’
> >>   case 2: HUF_encodeSymbol(&bitC, ip[n + 1], CTable); HUF_FLUSHBITS_1(&bitC);
> >>                                                       ^~~~~~~~~~~~~~~
> >> lib/zstd/huf_compress.c:560:2: note: here
> >>   case 1: HUF_encodeSymbol(&bitC, ip[n + 0], CTable); HUF_FLUSHBITS(&bitC);
> >>   ^~~~
> >>   AR      lib/zstd//built-in.a
> >>
> >> Warning level 3 was used: -Wimplicit-fallthrough=3
> >>
> >> This patch is part of the ongoing efforts to enabling -Wimplicit-fallthrough.
> >>
> >> Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
> >> ---
> >>  lib/zstd/bitstream.h    | 5 +++++
> >>  lib/zstd/compress.c     | 1 +
> >>  lib/zstd/decompress.c   | 5 ++++-
> >>  lib/zstd/huf_compress.c | 2 ++
> >>  4 files changed, 12 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/lib/zstd/bitstream.h b/lib/zstd/bitstream.h
> >> index a826b99e1d63..3a49784d5c61 100644
> >> --- a/lib/zstd/bitstream.h
> >> +++ b/lib/zstd/bitstream.h
> >> @@ -259,10 +259,15 @@ ZSTD_STATIC size_t BIT_initDStream(BIT_DStream_t *bitD, const void *srcBuffer, s
> >>                 bitD->bitContainer = *(const BYTE *)(bitD->start);
> >>                 switch (srcSize) {
> >>                 case 7: bitD->bitContainer += (size_t)(((const BYTE *)(srcBuffer))[6]) << (sizeof(bitD->bitContainer) * 8 - 16);
> >> +                       /* fall through */
> >>                 case 6: bitD->bitContainer += (size_t)(((const BYTE *)(srcBuffer))[5]) << (sizeof(bitD->bitContainer) * 8 - 24);
> >> +                       /* fall through */
> >>                 case 5: bitD->bitContainer += (size_t)(((const BYTE *)(srcBuffer))[4]) << (sizeof(bitD->bitContainer) * 8 - 32);
> >> +                       /* fall through */
> >>                 case 4: bitD->bitContainer += (size_t)(((const BYTE *)(srcBuffer))[3]) << 24;
> >> +                       /* fall through */
> >>                 case 3: bitD->bitContainer += (size_t)(((const BYTE *)(srcBuffer))[2]) << 16;
> >> +                       /* fall through */
> >>                 case 2: bitD->bitContainer += (size_t)(((const BYTE *)(srcBuffer))[1]) << 8;
> >>                 default:;
> >>                 }
> >> diff --git a/lib/zstd/compress.c b/lib/zstd/compress.c
> >> index f9166cf4f7a9..5e0b67003e55 100644
> >> --- a/lib/zstd/compress.c
> >> +++ b/lib/zstd/compress.c
> >> @@ -3182,6 +3182,7 @@ static size_t ZSTD_compressStream_generic(ZSTD_CStream *zcs, void *dst, size_t *
> >>                                 zcs->outBuffFlushedSize = 0;
> >>                                 zcs->stage = zcss_flush; /* pass-through to flush stage */
> >>                         }
> >> +                       /* fall through */
> >
> > Perhaps reword the existing comment and move it down?
> >
> >>
> >>                 case zcss_flush: {
> >>                         size_t const toFlush = zcs->outBuffContentSize - zcs->outBuffFlushedSize;
> >> diff --git a/lib/zstd/decompress.c b/lib/zstd/decompress.c
> >> index b17846725ca0..269ee9a796c1 100644
> >> --- a/lib/zstd/decompress.c
> >> +++ b/lib/zstd/decompress.c
> >> @@ -1768,6 +1768,7 @@ size_t ZSTD_decompressContinue(ZSTD_DCtx *dctx, void *dst, size_t dstCapacity, c
> >>                         return 0;
> >>                 }
> >>                 dctx->expected = 0; /* not necessary to copy more */
> >> +               /* fall through */
> >>
> >>         case ZSTDds_decodeFrameHeader:
> >>                 memcpy(dctx->headerBuffer + ZSTD_frameHeaderSize_prefix, src, dctx->expected);
> >> @@ -2375,7 +2376,7 @@ size_t ZSTD_decompressStream(ZSTD_DStream *zds, ZSTD_outBuffer *output, ZSTD_inB
> >>                         }
> >>                         zds->stage = zdss_read;
> >>                 }
> >> -               /* pass-through */
> >> +               /* fall through */
> >>
> >>                 case zdss_read: {
> >>                         size_t const neededInSize = ZSTD_nextSrcSizeToDecompress(zds->dctx);
> >> @@ -2404,6 +2405,7 @@ size_t ZSTD_decompressStream(ZSTD_DStream *zds, ZSTD_outBuffer *output, ZSTD_inB
> >>                         zds->stage = zdss_load;
> >>                         /* pass-through */
> >>                 }
> >> +               /* fall through */
> >
> > Same ("pass-through" exists a couple lines up)
> >
> >>
> >>                 case zdss_load: {
> >>                         size_t const neededInSize = ZSTD_nextSrcSizeToDecompress(zds->dctx);
> >> @@ -2436,6 +2438,7 @@ size_t ZSTD_decompressStream(ZSTD_DStream *zds, ZSTD_outBuffer *output, ZSTD_inB
> >>                                 /* pass-through */
> >>                         }
> >>                 }
> >> +               /* fall through */
> >
> > Same
>
> Yeah. The thing is that the pass-though comment is embedded in two nested blocks of code. And GCC triggers
> a warning if the fall-through comments are not placed at the very bottom of the case statement (some people
> dislike this 'feature').
>
> That's the reason why I didn't want to change any of the pass-through comments, and instead added the
> fall-through comments at the bottom of every case.

Okay, that seems fine. Good as-is, then! :)

-Kees

>
> What do you think about this 'feature'?
>
> >
> >>
> >>                 case zdss_flush: {
> >>                         size_t const toFlushSize = zds->outEnd - zds->outStart;
> >> diff --git a/lib/zstd/huf_compress.c b/lib/zstd/huf_compress.c
> >> index 40055a7016e6..e727812d12aa 100644
> >> --- a/lib/zstd/huf_compress.c
> >> +++ b/lib/zstd/huf_compress.c
> >> @@ -556,7 +556,9 @@ size_t HUF_compress1X_usingCTable(void *dst, size_t dstSize, const void *src, si
> >>         n = srcSize & ~3; /* join to mod 4 */
> >>         switch (srcSize & 3) {
> >>         case 3: HUF_encodeSymbol(&bitC, ip[n + 2], CTable); HUF_FLUSHBITS_2(&bitC);
> >> +               /* fall through */
> >>         case 2: HUF_encodeSymbol(&bitC, ip[n + 1], CTable); HUF_FLUSHBITS_1(&bitC);
> >> +               /* fall through */
> >>         case 1: HUF_encodeSymbol(&bitC, ip[n + 0], CTable); HUF_FLUSHBITS(&bitC);
> >>         case 0:
> >>         default:;
> >> --
> >> 2.20.1
> >>
> >
> > Otherwise, yup, looks good.
> >
> > Reviewed-by: Kees Cook <keescook@...omium.org>
> >
>
> Thanks
>
> --
> Gustavo



-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ