lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 30 Jan 2024 08:02:45 +0000
From: Sam James <sam@...too.org>
To: Helge Deller <deller@....de>
Cc: Guenter Roeck <linux@...ck-us.net>, Geert Uytterhoeven
 <geert@...ux-m68k.org>, linux-kernel@...r.kernel.org,
 sparclinux@...r.kernel.org, linux-parisc@...r.kernel.org,
 linux-hwmon@...r.kernel.org, intel-xe@...ts.freedesktop.org,
 "linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org>
Subject: Re: Build regressions/improvements in v6.8-rc2


Helge Deller <deller@....de> writes:

> On 1/29/24 15:58, Guenter Roeck wrote:
>> On 1/29/24 03:06, Geert Uytterhoeven wrote:
>> [ ... ]
>>> parisc-gcc1[23]/parisc-{allmod,def}config
>>>
>>>    + /kisskb/src/drivers/hwmon/pc87360.c: error: writing 1 byte into a region of size 0 [-Werror=stringop-overflow=]:  => 383:51
>>>
>>
>> The "fix" for this problem would be similar to commit 4265eb062a73 ("hwmon: (pc87360)
>> Bounds check data->innr usage"). The change would be something like
>>
>> -               for (i = 0; i < data->tempnr; i++) {
>> +               for (i = 0; i < min(data->tempnr, ARRAY_SIZE(data->temp_max)); i++) {
>>
>> but that would be purely random because the loop accesses several arrays
>> indexed with i, and tempnr is never >= ARRAY_SIZE(data->temp_max).
>> I kind of resist making such changes to the code just because the compiler
>> is clueless.
>
> I agree with your analysis.
> But I'm wondering why this warning just seem to appear on parisc.
> I would expect gcc on other platforms to complain as well ?!?

-Wstringop-overflow and -Wstringop-truncation are known noisy warnings
because they're implemented in GCC's "middle-end". Whether or not they
fire depends on other optimisations.

See also https://lore.kernel.org/linux-hardening/CAHk-=wjG4jdE19-vWWhAX3ByfbNr4DJS-pwiN9oY38WkhMZ57g@mail.gmail.com/.

>
> Helge
>
>> Are we sprinkling the kernel code with code like this to make the compiler happy ?
>>
>> Guenter
>>
>>

thanks,
sam

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ