lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 18 Sep 2020 12:37:48 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     "Gustavo A. R. Silva" <gustavoars@...nel.org>
Cc:     Dennis Zhou <dennis@...nel.org>, Tejun Heo <tj@...nel.org>,
        Christoph Lameter <cl@...ux.com>,
        Linux-MM <linux-mm@...ck.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Kees Cook <keescook@...omium.org>
Subject: Re: [GIT PULL] percpu fix for v5.9-rc6

On Fri, Sep 18, 2020 at 12:28 PM Gustavo A. R. Silva
<gustavoars@...nel.org> wrote:
>
> OK. It seems that we are talking about two different things here. One thing
> is to apply sizeof() to a structure that contains a flexible-array member.
> And the other thing is to apply sizeof() to a flexible array. The former
> is allowed, the latter is wrong and we already get a build error when that
> occurs.

The latter I'm not even interested in, it's such a pointless thing to do.

> Applying sizeof() to a structure containing a flex-array member is allowed,

Yes, and that's wrong and inconsistent, but what else is new about the
C standard. It's what allows these kinds of bugs to slip through.

I sent Luc a couple of examples in the hope that maybe sparse could do
better, but..

> > Is there some gcc option that I didn't find to help find any questionable cases?
>
> If the questionable case is the application of sizeof() to a flex-array
> member or a flex-array member not occuring last in the containing structure,
> then yes, GCC already generates a build error for both cases. And that's
> what we want, see at the bottom...

No.

The questionable thing is to do "sizeof(struct-with-flex-array)".

The point is, it's returning the same thing as if it was just a
zero-sized array, which makes the whole flex array entirely pointless
from a type safety standpoint.

The *only* thing it protects against is the "must be at the end" case,
which is almost entirely pointless and uninteresting.

Yeah, we've had that bug too, but that doesn't make it very interesting.

              Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ