| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Jan 2023 04:53:41 -0600
From: Segher Boessenkool <segher@...nel.crashing.org>
To: Rob Landley <rob@...dley.net>
Cc: "Michael.Karcher" <Michael.Karcher@...berlin.de>,
John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
linux-xtensa@...ux-xtensa.org, Arnd Bergmann <arnd@...db.de>,
linux-sh@...r.kernel.org, linux-wireless@...r.kernel.org,
linux-mips@...r.kernel.org, amd-gfx@...ts.freedesktop.org,
linux-kernel@...r.kernel.org, kasan-dev@...glegroups.com,
Michael Karcher <kernel@...rcher.dialup.fu-berlin.de>,
linux-f2fs-devel@...ts.sourceforge.net,
linuxppc-dev@...ts.ozlabs.org,
linux-arm-kernel@...ts.infradead.org, linux-media@...r.kernel.org
Subject: Re: Calculating array sizes in C - was: Re: Build regressions/improvements in v6.2-rc1
On Thu, Jan 19, 2023 at 09:31:21PM -0600, Rob Landley wrote:
> On 1/19/23 16:11, Michael.Karcher wrote:
> > I don't see a clear bug at this point. We are talking about the C expression
> >
> > __same_type((void*)0, (void*)0)? 0 : sizeof((void*)0)/sizeof(*((void*0))
(__same_type is a kernel macro, it expands to something with
__builtin_compatible_type()).
> *(void*) is type "void" which does not have a size.
It has size 1, in GCC, so that you can do arithmetic on pointers to
void. This is a long-standing and very widely used GCC extension.
"""
6.24 Arithmetic on 'void'- and Function-Pointers
================================================
In GNU C, addition and subtraction operations are supported on pointers
to 'void' and on pointers to functions. This is done by treating the
size of a 'void' or of a function as 1.
A consequence of this is that 'sizeof' is also allowed on 'void' and on
function types, and returns 1.
The option '-Wpointer-arith' requests a warning if these extensions are
used.
"""
> The problem is gcc "optimizing out" an earlier type check, the same way it
> "optimizes out" checks for signed integer math overflowing, or "optimizes out" a
> comparison to pointers from two different local variables from different
> function calls trying to calculate the amount of stack used, or "optimizes out"
Are you saying something in the kernel code here is invalid code?
Because your other examples are.
> using char *x = (char *)1; as a flag value and then doing "if (!(x-1)) because
> it can "never happen"...
Like here. And no, this is not allowed by -fno-strict-aliasing.
> > I suggest to file a bug against gcc complaining about a "spurious
> > warning", and using "-Werror -Wno-error-sizeof-pointer-div" until gcc is
> > adapted to not emit the warning about the pointer division if the result
> > is not used.
Yeah. If the first operand of a conditional operator is non-zero, the
second operand is not evaluated, and if the first is zero, the third
operand is not evaluated. It is better if we do not warn about
something we do not evaluate. In cases like here where it is clear at
compile time which branch is taken, that shouldn't be too hard.
Can someone please file a GCC PR? With reduced testcase preferably.
Segher
Powered by blists - more mailing lists