| Message ID | 20230104212048.gonna.331-kees@kernel.org |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp5365858wrt;
Wed, 4 Jan 2023 13:31:39 -0800 (PST)
X-Google-Smtp-Source:
AMrXdXsWue4HMQesrECZFl4jaDCYChKQOlSaRVcsyjmvS9IxNNzxw+AIzquf3BBvjOY3HtIqJ6Vc
X-Received: by 2002:a17:906:40c4:b0:7c1:ad6:7333 with SMTP id
a4-20020a17090640c400b007c10ad67333mr40941331ejk.10.1672867899471;
Wed, 04 Jan 2023 13:31:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1672867899; cv=none;
d=google.com; s=arc-20160816;
b=OC76cMgaPn+YSW9VjLUrdJzQGZTYk2ZsM3a9wuUHMGqGhKhjtszLMSKSDS3ZZSIX3G
k9zZkxLwvmirRXoILfJjVveIZ0dgCpCgAPFaOg+e90kGReDXJ2aqqgPX+KiG6Km9WA1X
J3KG0fGMAqtCSjtq14lknvP3ll0080QwHdb06OuXVAJtymwT8VN4QbTWUkWMq9VHKE2t
at70Fq3iJvg1Zxoznu+Ki+drB/PlZ5Wj84kUC0Hbwd6IcpqhyZHYX9B9J1EOqT0XhHC8
TPLrtww8jAQuLZGCurdA7AqhDuazHQg0eo4EOnCuuspLs/5xl7o+OM5fbcaqtDBTm2QP
QnYA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=6hfBhSBEeVR/Fn0HrEuQ880MYtC3rq93jEqLDWrIRMw=;
b=liMCnuhN2oycSIesEnAk2zg9qfmrVQ7lVxOPZBUtMVEDNsXSRQzamg4MuK28F4DX/V
CyB6cPNhklYNNBEEV1/g0Dg5skCVum0nSn/QisFyc3BHRyk2yjK0srNvD+1GhkxTQGJf
pValW7pJoE4WK+xRbKlDqw5qOTSYZ8thMBB5+Soq+rUSkimiSs8b32OQrvwLgjwjf1uQ
W3GU8oJ+CJHgpdgHDKbu1dpPggEHOIawRIHYMwkKXuB9gtdbL9rfHGAbZlU42IQXzqI/
pPZkEzmPV2+cBeXwfH5G2lq+2n/vBp+LjNGATQfiVnKX2WYwLXAbjV2q61r8wBo9cHMX
GP+Q==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@chromium.org header.s=google header.b="d/ljK1xN";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
a21-20020a1709066d5500b007c0fd176698si26855861ejt.772.2023.01.04.13.31.15;
Wed, 04 Jan 2023 13:31:39 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@chromium.org header.s=google header.b="d/ljK1xN";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S240458AbjADV1w (ORCPT <rfc822;tmhikaru@gmail.com> + 99 others);
Wed, 4 Jan 2023 16:27:52 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42506 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S239952AbjADV1Z (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 4 Jan 2023 16:27:25 -0500
Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com
[IPv6:2607:f8b0:4864:20::102a])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1722C41019
for <linux-kernel@vger.kernel.org>;
Wed, 4 Jan 2023 13:21:03 -0800 (PST)
Received: by mail-pj1-x102a.google.com with SMTP id
v13-20020a17090a6b0d00b00219c3be9830so35792614pjj.4
for <linux-kernel@vger.kernel.org>;
Wed, 04 Jan 2023 13:21:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=chromium.org; s=google;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=6hfBhSBEeVR/Fn0HrEuQ880MYtC3rq93jEqLDWrIRMw=;
b=d/ljK1xNjvnmNQPClypMY7NthrX0dJ4f1EmgRBS4ehLUulZzgPMuUxNL14jLhPbdRk
VB0imrhMZluktlgYVbD+MPXO1MHEQ7Z0Vsr+LkXuTeneVml+HlS01FkJlcAIMVN4T7uy
7kgwDCHGZcv9kxNJ+gORs6nIPJ7Nf2suk5LMc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=6hfBhSBEeVR/Fn0HrEuQ880MYtC3rq93jEqLDWrIRMw=;
b=6e5sC9CtHtlMOFO8lF99eiPdnOBp+VqcnFqNR9Qh/fGpCrqUs6SnSkmNlbmEdGeWfx
7z4ePvGc+lzArv1Dl95vm/5DOu+F8v8pYCKA5hYuNQE3pAg7AdotY1H1UNsv2iz6qNUg
8Ja2525wj2oVvWChx299Afq7O5v4gfHtQtgBuZLKV17/zgGhgDGHUK2A7Gci+eXSByQC
RmpfpaLyYycIIRDDHUsUCKiZhpAMKxkQ85IX6oPCIMLiy4BbCqxMeeZ+acKUByH1N/77
1lSyEARg85y6ef8BaDBg69/JqyhLEvf+5SvlZsqXQCMMZIa8F/aeFII78Y3TFum1q9y7
jZpw==
X-Gm-Message-State: AFqh2krNEL2CcqYy4fNE4+egFIlguLi9phlj7PZ2PJnaejZ9madxR5kW
owgUisjkjVS8WR1lGIK2CyziSa9PbhbHF9KG
X-Received: by 2002:a17:902:ca89:b0:189:76ef:a1b0 with SMTP id
v9-20020a170902ca8900b0018976efa1b0mr46271243pld.57.1672867254539;
Wed, 04 Jan 2023 13:20:54 -0800 (PST)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
by smtp.gmail.com with ESMTPSA id
d3-20020a170902cec300b00186a2274382sm24766893plg.76.2023.01.04.13.20.53
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 04 Jan 2023 13:20:54 -0800 (PST)
From: Kees Cook <keescook@chromium.org>
To: Nick Terrell <terrelln@fb.com>
Cc: Kees Cook <keescook@chromium.org>,
"Gustavo A . R . Silva" <gustavoars@kernel.org>,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH v2] lib: zstd: Fix -Wstringop-overflow warning
Date: Wed, 4 Jan 2023 13:20:52 -0800
Message-Id: <20230104212048.gonna.331-kees@kernel.org>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Developer-Signature: v=1; a=openpgp-sha256; l=2611;
h=from:subject:message-id; bh=HrYRlSpiw8NjSGyFfOnlBNqAWT9ChuUQa2gPPnHJcLg=;
b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBjte2zv2TP+E05u9eD5sdJ7UCLi1M9EXgRuP8lLkxo
Uy3r3xCJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCY7XtswAKCRCJcvTf3G3AJhB8EA
CCGVmAc8Aoj7WuJx6zozmcccDcX1XIx12OZxp1wjb4/PJViRqYgqenc8t3l9FEuDDrVp096BX0ZuPx
iALCAAWaHIviy+r0qB9gB1VTYUQs0+LM91DKWWpVZ3+l3okrT6+kZBUr7HAZQF1eH0u2qgBwb/E8JY
LuwQH/MtMe+Eto/i6E93Zgh7kKo3CJDEEi/T1H/mYpyd/pGlzYi2LZdUaZEOuaaOprsHIAzqAt4jAw
a3KGj7mFh0bbsyzNMz+CEFrawOMXHTYu+YU6baQG6nOn8Fxvr8Jb4i1YH9MnnE2mFUGSR9a55xzuaf
Jl4JMzphl9PvhmubtsC09JR3oUrkQRkcOeSeTiVXdLuSb/qM8D4PLafSwboZGvCD2TvcVAhkvl2ysM
4Atj8B6HNB8DEBZViLvD1qzvnwFgnIr42X1QYt1N3w9qZ5SKXEvbfChWXqkks65KYzx67SLPovV01k
PrQOTqTJg77vwAXVgNHN/I7xtJEerRGkeULDmdhz/63xnnZJdd3dHwimOgi1aJR8EarsinDXdPdFe0
jbnViZrRumskAa0LkT7+GrA2k0Sm1ptN8+y+5S71fkI/vlp2KsjNkqmda6ui27VSqphwKlof2b8hyz
qAsr5PaYGjYFZO0r8CL+wCipiDiXQTTrcDvMN92oFQjyDkz/Cp2Xw7zbnvaA==
X-Developer-Key: i=keescook@chromium.org; a=openpgp;
fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1754129130832221243?=
X-GMAIL-MSGID: =?utf-8?q?1754129130832221243?=
|
| Series |
[v2] lib: zstd: Fix -Wstringop-overflow warning
|
|
Commit Message
Kees Cook
Jan. 4, 2023, 9:20 p.m. UTC
Fix the following -Wstringop-overflow warning when building with GCC 11+:
lib/zstd/decompress/huf_decompress.c: In function ‘HUF_readDTableX2_wksp’:
lib/zstd/decompress/huf_decompress.c:700:5: warning: ‘HUF_fillDTableX2.constprop’ accessing 624 bytes in a region of size 52 [-Wstringop-overflow=]
700 | HUF_fillDTableX2(dt, maxTableLog,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
701 | wksp->sortedSymbol, sizeOfSort,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
702 | wksp->rankStart0, wksp->rankVal, maxW,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
703 | tableLog+1,
| ~~~~~~~~~~~
704 | wksp->calleeWksp, sizeof(wksp->calleeWksp) / sizeof(U32));
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/zstd/decompress/huf_decompress.c:700:5: note: referencing argument 6 of type ‘U32 (*)[13]’ {aka ‘unsigned int (*)[13]’}
lib/zstd/decompress/huf_decompress.c:571:13: note: in a call to function ‘HUF_fillDTableX2.constprop’
571 | static void HUF_fillDTableX2(HUF_DEltX2* DTable, const U32 targetLog,
| ^~~~~~~~~~~~~~~~
by using pointer notation instead of array notation.
This is one of the last remaining warnings to be fixed before globally
enabling -Wstringop-overflow.
Co-developed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Cc: Nick Terrell <terrelln@fb.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
v2: use "rankValCol_t *" instead of U32
v1: https://lore.kernel.org/lkml/20220330193352.GA119296@embeddedor/
---
lib/zstd/decompress/huf_decompress.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
> On Jan 4, 2023, at 1:20 PM, Kees Cook <keescook@chromium.org> wrote: > > !-------------------------------------------------------------------| > This Message Is From an External Sender > > |-------------------------------------------------------------------! > > Fix the following -Wstringop-overflow warning when building with GCC 11+: > > lib/zstd/decompress/huf_decompress.c: In function ‘HUF_readDTableX2_wksp’: > lib/zstd/decompress/huf_decompress.c:700:5: warning: ‘HUF_fillDTableX2.constprop’ accessing 624 bytes in a region of size 52 [-Wstringop-overflow=] > 700 | HUF_fillDTableX2(dt, maxTableLog, > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > 701 | wksp->sortedSymbol, sizeOfSort, > | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > 702 | wksp->rankStart0, wksp->rankVal, maxW, > | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > 703 | tableLog+1, > | ~~~~~~~~~~~ > 704 | wksp->calleeWksp, sizeof(wksp->calleeWksp) / sizeof(U32)); > | > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > lib/zstd/decompress/huf_decompress.c:700:5: note: referencing argument 6 of type ‘U32 (*)[13]’ {aka ‘unsigned int (*)[13]’} > lib/zstd/decompress/huf_decompress.c:571:13: note: in a call to function ‘HUF_fillDTableX2.constprop’ > 571 | static void HUF_fillDTableX2(HUF_DEltX2* DTable, const U32 targetLog, > | ^~~~~~~~~~~~~~~~ > > by using pointer notation instead of array notation. > > This is one of the last remaining warnings to be fixed before globally > enabling -Wstringop-overflow. The patch looks correct to me, thanks for reviving it. But, I was attempting to reproduce the issue, so I could better understand what's going on, and I wasn't able to reproduce it myself. To attempt to reproduce, I applied this patch --- diff --git a/lib/zstd/Makefile b/lib/zstd/Makefile index 20f08c644b71..190d3d5ab4be 100644 --- a/lib/zstd/Makefile +++ b/lib/zstd/Makefile @@ -12,6 +12,8 @@ obj-$(CONFIG_ZSTD_COMPRESS) += zstd_compress.o obj-$(CONFIG_ZSTD_DECOMPRESS) += zstd_decompress.o obj-$(CONFIG_ZSTD_COMMON) += zstd_common.o +ccflags-y := -Wstringop-overflow=4 -Werror + zstd_compress-y := \ zstd_compress_module.o \ compress/fse_compress.o \ --- Then compiled on x86-64 with gcc 12.2.0 on tag v6.2-rc3. I saw no errors. I also tried with just `-Wstringop-overflow`, and on upstream zstd. I tried to make a minimal reproducer on godbolt, so I could see if it was the gcc version, but wasn't able to make it fail with any of them https://gcc.godbolt.org/z/Exzq9arMr. Could you please tell me how to reproduce this warning? Best, Nick Terrell > Co-developed-by: Gustavo A. R. Silva <gustavoars@kernel.org> > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> > Cc: Nick Terrell <terrelln@fb.com> > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > v2: use "rankValCol_t *" instead of U32 > v1: https://lore.kernel.org/lkml/20220330193352.GA119296@embeddedor/ > --- > lib/zstd/decompress/huf_decompress.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/zstd/decompress/huf_decompress.c b/lib/zstd/decompress/huf_decompress.c > index 89b269a641c7..60958afebc41 100644 > --- a/lib/zstd/decompress/huf_decompress.c > +++ b/lib/zstd/decompress/huf_decompress.c > @@ -985,7 +985,7 @@ static void HUF_fillDTableX2Level2(HUF_DEltX2* DTable, U32 targetLog, const U32 > > static void HUF_fillDTableX2(HUF_DEltX2* DTable, const U32 targetLog, > const sortedSymbol_t* sortedList, > - const U32* rankStart, rankVal_t rankValOrigin, const U32 maxWeight, > + const U32* rankStart, rankValCol_t *rankValOrigin, const U32 maxWeight, > const U32 nbBitsBaseline) > { > U32* const rankVal = rankValOrigin[0]; > -- > 2.34.1 >
On Tue, Jan 10, 2023 at 11:10:08PM +0000, Nick Terrell wrote: > > > > On Jan 4, 2023, at 1:20 PM, Kees Cook <keescook@chromium.org> wrote: > > > > !-------------------------------------------------------------------| > > This Message Is From an External Sender > > > > |-------------------------------------------------------------------! > > > > Fix the following -Wstringop-overflow warning when building with GCC 11+: > > > > lib/zstd/decompress/huf_decompress.c: In function ‘HUF_readDTableX2_wksp’: > > lib/zstd/decompress/huf_decompress.c:700:5: warning: ‘HUF_fillDTableX2.constprop’ accessing 624 bytes in a region of size 52 [-Wstringop-overflow=] > > 700 | HUF_fillDTableX2(dt, maxTableLog, > > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > 701 | wksp->sortedSymbol, sizeOfSort, > > | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > 702 | wksp->rankStart0, wksp->rankVal, maxW, > > | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > 703 | tableLog+1, > > | ~~~~~~~~~~~ > > 704 | wksp->calleeWksp, sizeof(wksp->calleeWksp) / sizeof(U32)); > > | > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > lib/zstd/decompress/huf_decompress.c:700:5: note: referencing argument 6 of type ‘U32 (*)[13]’ {aka ‘unsigned int (*)[13]’} > > lib/zstd/decompress/huf_decompress.c:571:13: note: in a call to function ‘HUF_fillDTableX2.constprop’ > > 571 | static void HUF_fillDTableX2(HUF_DEltX2* DTable, const U32 targetLog, > > | ^~~~~~~~~~~~~~~~ > > > > by using pointer notation instead of array notation. > > > > This is one of the last remaining warnings to be fixed before globally > > enabling -Wstringop-overflow. > > The patch looks correct to me, thanks for reviving it. But, I was attempting to reproduce the issue, > so I could better understand what's going on, and I wasn't able to reproduce it myself. > > To attempt to reproduce, I applied this patch > > --- > diff --git a/lib/zstd/Makefile b/lib/zstd/Makefile > index 20f08c644b71..190d3d5ab4be 100644 > --- a/lib/zstd/Makefile > +++ b/lib/zstd/Makefile > @@ -12,6 +12,8 @@ obj-$(CONFIG_ZSTD_COMPRESS) += zstd_compress.o > obj-$(CONFIG_ZSTD_DECOMPRESS) += zstd_decompress.o > obj-$(CONFIG_ZSTD_COMMON) += zstd_common.o > > +ccflags-y := -Wstringop-overflow=4 -Werror > + > zstd_compress-y := \ > zstd_compress_module.o \ > compress/fse_compress.o \ > --- > > Then compiled on x86-64 with gcc 12.2.0 on tag v6.2-rc3. I saw no errors. > I also tried with just `-Wstringop-overflow`, and on upstream zstd. I tried to > make a minimal reproducer on godbolt, so I could see if it was the gcc version, > but wasn't able to make it fail with any of them https://gcc.godbolt.org/z/Exzq9arMr. > > Could you please tell me how to reproduce this warning? I saw it like so with next-20230113 on x86_64: $ gcc --version gcc (Ubuntu 12.2.0-3ubuntu1) 12.2.0 ... $ make KCFLAGS=-Wstringop-overflow allmodconfig lib/zstd/decompress/huf_decompress.o
> On Jan 13, 2023, at 4:48 PM, Kees Cook <keescook@chromium.org> wrote: > > !-------------------------------------------------------------------| > This Message Is From an External Sender > > |-------------------------------------------------------------------! > > On Tue, Jan 10, 2023 at 11:10:08PM +0000, Nick Terrell wrote: >> >> >>> On Jan 4, 2023, at 1:20 PM, Kees Cook <keescook@chromium.org> wrote: >>> >>> !-------------------------------------------------------------------| >>> This Message Is From an External Sender >>> >>> |-------------------------------------------------------------------! >>> >>> Fix the following -Wstringop-overflow warning when building with GCC 11+: >>> >>> lib/zstd/decompress/huf_decompress.c: In function ‘HUF_readDTableX2_wksp’: >>> lib/zstd/decompress/huf_decompress.c:700:5: warning: ‘HUF_fillDTableX2.constprop’ accessing 624 bytes in a region of size 52 [-Wstringop-overflow=] >>> 700 | HUF_fillDTableX2(dt, maxTableLog, >>> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> 701 | wksp->sortedSymbol, sizeOfSort, >>> | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> 702 | wksp->rankStart0, wksp->rankVal, maxW, >>> | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> 703 | tableLog+1, >>> | ~~~~~~~~~~~ >>> 704 | wksp->calleeWksp, sizeof(wksp->calleeWksp) / sizeof(U32)); >>> | >>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> lib/zstd/decompress/huf_decompress.c:700:5: note: referencing argument 6 of type ‘U32 (*)[13]’ {aka ‘unsigned int (*)[13]’} >>> lib/zstd/decompress/huf_decompress.c:571:13: note: in a call to function ‘HUF_fillDTableX2.constprop’ >>> 571 | static void HUF_fillDTableX2(HUF_DEltX2* DTable, const U32 targetLog, >>> | ^~~~~~~~~~~~~~~~ >>> >>> by using pointer notation instead of array notation. >>> >>> This is one of the last remaining warnings to be fixed before globally >>> enabling -Wstringop-overflow. >> >> The patch looks correct to me, thanks for reviving it. But, I was attempting to reproduce the issue, >> so I could better understand what's going on, and I wasn't able to reproduce it myself. >> >> To attempt to reproduce, I applied this patch >> >> --- >> diff --git a/lib/zstd/Makefile b/lib/zstd/Makefile >> index 20f08c644b71..190d3d5ab4be 100644 >> --- a/lib/zstd/Makefile >> +++ b/lib/zstd/Makefile >> @@ -12,6 +12,8 @@ obj-$(CONFIG_ZSTD_COMPRESS) += zstd_compress.o >> obj-$(CONFIG_ZSTD_DECOMPRESS) += zstd_decompress.o >> obj-$(CONFIG_ZSTD_COMMON) += zstd_common.o >> >> +ccflags-y := -Wstringop-overflow=4 -Werror >> + >> zstd_compress-y := \ >> zstd_compress_module.o \ >> compress/fse_compress.o \ >> --- >> >> Then compiled on x86-64 with gcc 12.2.0 on tag v6.2-rc3. I saw no errors. >> I also tried with just `-Wstringop-overflow`, and on upstream zstd. I tried to >> make a minimal reproducer on godbolt, so I could see if it was the gcc version, >> but wasn't able to make it fail with any of them https://gcc.godbolt.org/z/Exzq9arMr . >> >> Could you please tell me how to reproduce this warning? > > I saw it like so with next-20230113 on x86_64: > > $ gcc --version > gcc (Ubuntu 12.2.0-3ubuntu1) 12.2.0 > ... > $ make KCFLAGS=-Wstringop-overflow allmodconfig lib/zstd/decompress/huf_decompress.o Thanks, I was able to repro it! I will merge this patch into my tree. If you would like to submit the same patch upstream yourself, I will accept the PR, otherwise I can submit an upstream PR. Just to be certain, this patch is to work around a shortcoming in -Wstringop-overflow, but the code was otherwise correct? Reviewed-by: Nick Terrell <terrelln@fb.com <mailto:terrelln@fb.com>> Best, Nick Terrell > -- > Kees Cook
On Sat, Jan 14, 2023 at 01:06:07AM +0000, Nick Terrell wrote: > > > > On Jan 13, 2023, at 4:48 PM, Kees Cook <keescook@chromium.org> wrote: > > > > !-------------------------------------------------------------------| > > This Message Is From an External Sender > > > > |-------------------------------------------------------------------! > > > > On Tue, Jan 10, 2023 at 11:10:08PM +0000, Nick Terrell wrote: > >> > >> > >>> On Jan 4, 2023, at 1:20 PM, Kees Cook <keescook@chromium.org> wrote: > >>> > >>> !-------------------------------------------------------------------| > >>> This Message Is From an External Sender > >>> > >>> |-------------------------------------------------------------------! > >>> > >>> Fix the following -Wstringop-overflow warning when building with GCC 11+: > >>> > >>> lib/zstd/decompress/huf_decompress.c: In function ‘HUF_readDTableX2_wksp’: > >>> lib/zstd/decompress/huf_decompress.c:700:5: warning: ‘HUF_fillDTableX2.constprop’ accessing 624 bytes in a region of size 52 [-Wstringop-overflow=] > >>> 700 | HUF_fillDTableX2(dt, maxTableLog, > >>> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >>> 701 | wksp->sortedSymbol, sizeOfSort, > >>> | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >>> 702 | wksp->rankStart0, wksp->rankVal, maxW, > >>> | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >>> 703 | tableLog+1, > >>> | ~~~~~~~~~~~ > >>> 704 | wksp->calleeWksp, sizeof(wksp->calleeWksp) / sizeof(U32)); > >>> | > >>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >>> lib/zstd/decompress/huf_decompress.c:700:5: note: referencing argument 6 of type ‘U32 (*)[13]’ {aka ‘unsigned int (*)[13]’} > >>> lib/zstd/decompress/huf_decompress.c:571:13: note: in a call to function ‘HUF_fillDTableX2.constprop’ > >>> 571 | static void HUF_fillDTableX2(HUF_DEltX2* DTable, const U32 targetLog, > >>> | ^~~~~~~~~~~~~~~~ > >>> > >>> by using pointer notation instead of array notation. > >>> > >>> This is one of the last remaining warnings to be fixed before globally > >>> enabling -Wstringop-overflow. > >> > >> The patch looks correct to me, thanks for reviving it. But, I was attempting to reproduce the issue, > >> so I could better understand what's going on, and I wasn't able to reproduce it myself. > >> > >> To attempt to reproduce, I applied this patch > >> > >> --- > >> diff --git a/lib/zstd/Makefile b/lib/zstd/Makefile > >> index 20f08c644b71..190d3d5ab4be 100644 > >> --- a/lib/zstd/Makefile > >> +++ b/lib/zstd/Makefile > >> @@ -12,6 +12,8 @@ obj-$(CONFIG_ZSTD_COMPRESS) += zstd_compress.o > >> obj-$(CONFIG_ZSTD_DECOMPRESS) += zstd_decompress.o > >> obj-$(CONFIG_ZSTD_COMMON) += zstd_common.o > >> > >> +ccflags-y := -Wstringop-overflow=4 -Werror > >> + > >> zstd_compress-y := \ > >> zstd_compress_module.o \ > >> compress/fse_compress.o \ > >> --- > >> > >> Then compiled on x86-64 with gcc 12.2.0 on tag v6.2-rc3. I saw no errors. > >> I also tried with just `-Wstringop-overflow`, and on upstream zstd. I tried to > >> make a minimal reproducer on godbolt, so I could see if it was the gcc version, > >> but wasn't able to make it fail with any of them https://gcc.godbolt.org/z/Exzq9arMr . > >> > >> Could you please tell me how to reproduce this warning? > > > > I saw it like so with next-20230113 on x86_64: > > > > $ gcc --version > > gcc (Ubuntu 12.2.0-3ubuntu1) 12.2.0 > > ... > > $ make KCFLAGS=-Wstringop-overflow allmodconfig lib/zstd/decompress/huf_decompress.o > > Thanks, I was able to repro it! I will merge this patch into my tree. Thanks! > If you would like to submit the same patch upstream yourself, I will accept the PR, otherwise I can submit an upstream PR. I don't know the process there, so if you could do it, I'd appreciate it. > Just to be certain, this patch is to work around a shortcoming in > -Wstringop-overflow, but the code was otherwise correct? It's the same result for the binary output. The types indicated in the function prototype meant there was cross-struct-member overflow (i.e. writing to the second array dimension when only 1 was specified), but the way to clear up intention isn't as clean here, so I'd kind of say half a code correctness issue, and half a work-around. *makes wavey hands gesture* -Kees
diff --git a/lib/zstd/decompress/huf_decompress.c b/lib/zstd/decompress/huf_decompress.c index 89b269a641c7..60958afebc41 100644 --- a/lib/zstd/decompress/huf_decompress.c +++ b/lib/zstd/decompress/huf_decompress.c @@ -985,7 +985,7 @@ static void HUF_fillDTableX2Level2(HUF_DEltX2* DTable, U32 targetLog, const U32 static void HUF_fillDTableX2(HUF_DEltX2* DTable, const U32 targetLog, const sortedSymbol_t* sortedList, - const U32* rankStart, rankVal_t rankValOrigin, const U32 maxWeight, + const U32* rankStart, rankValCol_t *rankValOrigin, const U32 maxWeight, const U32 nbBitsBaseline) { U32* const rankVal = rankValOrigin[0];