lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Z89f6JbpZUQoi2hR@google.com>
Date: Mon, 10 Mar 2025 14:55:52 -0700
From: Namhyung Kim <namhyung@...nel.org>
To: Arnaldo Carvalho de Melo <acme@...nel.org>
Cc: Ingo Molnar <mingo@...nel.org>, Thomas Gleixner <tglx@...utronix.de>,
	James Clark <james.clark@...aro.org>, Jiri Olsa <jolsa@...nel.org>,
	Ian Rogers <irogers@...gle.com>,
	Adrian Hunter <adrian.hunter@...el.com>,
	Kan Liang <kan.liang@...ux.intel.com>,
	Clark Williams <williams@...hat.com>, linux-kernel@...r.kernel.org,
	linux-perf-users@...r.kernel.org,
	Arnaldo Carvalho de Melo <acme@...hat.com>
Subject: Re: [PATCH 3/3] perf hist stdio: Do bounds check when printing
 callchains to avoid UB with new gcc versions

On Mon, Mar 10, 2025 at 04:45:33PM -0300, Arnaldo Carvalho de Melo wrote:
> From: Arnaldo Carvalho de Melo <acme@...hat.com>
> 
> Do a simple bounds check to avoid this on new gcc versions:
> 
>   31    15.81 fedora:rawhide                : FAIL gcc version 15.0.1 20250225 (Red Hat 15.0.1-0) (GCC)
>     In function 'callchain__fprintf_left_margin',
>         inlined from 'callchain__fprintf_graph.constprop' at ui/stdio/hist.c:246:12:
>     ui/stdio/hist.c:27:39: error: iteration 2147483647 invokes undefined behavior [-Werror=aggressive-loop-optimizations]

Hmm.. does it warn about a signed integer overflow?

2147483647 is 0x7fffffff in hex and it should be INT_MAX.
I'm not sure what is the problem.


>        27 |         for (i = 0; i < left_margin; i++)
>           |                                      ~^~
>     ui/stdio/hist.c:27:23: note: within this loop
>        27 |         for (i = 0; i < left_margin; i++)
>           |                     ~~^~~~~~~~~~~~~
>     cc1: all warnings being treated as errors
>     --
>     util/units.c: In function 'unit_number__scnprintf':
>     util/units.c:67:24: error: initializer-string for array of 'char' is too long [-Werror=unterminated-string-initialization]
>        67 |         char unit[4] = "BKMG";
>           |                        ^~~~~~
>     cc1: all warnings being treated as errors

This part belongs to the previous commit. :)

> 
> Cc: Adrian Hunter <adrian.hunter@...el.com>
> Cc: Ian Rogers <irogers@...gle.com>
> Cc: James Clark <james.clark@...aro.org>
> Cc: Jiri Olsa <jolsa@...nel.org>
> Cc: Kan Liang <kan.liang@...ux.intel.com>
> Cc: Namhyung Kim <namhyung@...nel.org>
> Signed-off-by: Arnaldo Carvalho de Melo <acme@...hat.com>
> ---
>  tools/perf/ui/stdio/hist.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/tools/perf/ui/stdio/hist.c b/tools/perf/ui/stdio/hist.c
> index 74b2c619c56c8ba3..7ac4b98e28bca82e 100644
> --- a/tools/perf/ui/stdio/hist.c
> +++ b/tools/perf/ui/stdio/hist.c
> @@ -1,4 +1,5 @@
>  // SPDX-License-Identifier: GPL-2.0
> +#include <limits.h>
>  #include <stdio.h>
>  #include <stdlib.h>
>  #include <linux/string.h>
> @@ -24,6 +25,9 @@ static size_t callchain__fprintf_left_margin(FILE *fp, int left_margin)
>  	int i;
>  	int ret = fprintf(fp, "            ");
>  
> +	if (left_margin > USHRT_MAX)
> +		left_margin = USHRT_MAX;
> +
>  	for (i = 0; i < left_margin; i++)
>  		ret += fprintf(fp, " ");
>  
> -- 
> 2.48.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ