lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 13 Jul 2020 12:51:30 -0700
From:   hpa@...or.com
To:     Tom Rix <trix@...hat.com>, alain@...ff.lu
CC:     linux-kernel@...r.kernel.org
Subject: Re: [PATCH] decompress_bunzip2: fix sizeof type in start_bunzip

On July 13, 2020 12:27:02 PM PDT, Tom Rix <trix@...hat.com> wrote:
>
>On 7/12/20 3:21 PM, hpa@...or.com wrote:
>> On July 12, 2020 8:12:43 AM PDT, Tom Rix <trix@...hat.com> wrote:
>>> On 7/12/20 6:09 AM, H. Peter Anvin wrote:
>>>> On 2020-07-12 05:59, trix@...hat.com wrote:
>>>>> From: Tom Rix <trix@...hat.com>
>>>>>
>>>>> clang static analysis flags this error
>>>>>
>>>>> lib/decompress_bunzip2.c:671:13: warning: Result of 'malloc' is
>>> converted
>>>>>   to a pointer of type 'unsigned int', which is incompatible with
>>> sizeof
>>>>>   operand type 'int' [unix.MallocSizeof]
>>>>>         bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
>>>>>                    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>>>
>>>>> Reviewing the bunzip_data structure, the element dbuf is type
>>>>>
>>>>> 	/* Intermediate buffer and its size (in bytes) */
>>>>> 	unsigned int *dbuf, dbufSize;
>>>>>
>>>>> So change the type in sizeof to 'unsigned int'
>>>>>
>>>> You must be kidding.
>>>>
>>>> If you want to change it, change it to sizeof(bd->dbuf) instead,
>but
>>> this flag
>>>> is at least in my opinion a total joke. For sizeof(int) !=
>>> sizeof(unsigned
>>>> int) is beyond bizarre, no matter how stupid the platform.
>>> Using the actual type is more correct that using a type of the same
>>> size.
>>>
>>> trix
>>>
>>>> 	-hpa
>>>>
>> "More correct?" All it is is more verbose.
>>
>> Using the sizeof of the actual object at least adds some actual
>safety.
>
>Sorry, I am being pedantic, I mean anything that produces the correct
>assembly is correct. But there are different path to being correct. 
>The path I was suggesting to follow the type of the element/final
>pointer when allocating an memory.
>
>large_malloc(bd->dbufSize * sizeof(*bd->dbuf)) would also work
>
>I will respin.
>
>trix

This isn't Linux style, but in the NASM source I have been migrating to macros:

nasm_new(ptr);
nasm_newn(ptr,n);

... using sizeof() in exactly this manner.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ