bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nstrftime.c fails to build due to memset overflow


From: Bruno Haible
Subject: Re: nstrftime.c fails to build due to memset overflow
Date: Tue, 14 Mar 2023 17:41:57 +0100

Hi,

Marcus Müller wrote:
> However, building coreutils fails in gnulib

The build only fails because coreutils' configure.ac turns warnings into
errors by default in some situation. Use the configure option
  --disable-gcc-warnings
or
  --enable-gcc-warnings=no
to allow warnings.

> and that does seem to be a significant bug:
> 
> make -j8 fails with
> 
> lib/nstrftime.c: In function '__strftime_internal':
> lib/nstrftime.c:147:31: error: 'memset' specified size 18446744073709551615 
> exceeds maximum object size 9223372036854775807 [-Werror=stringop-overflow=]
>    147 | # define memset_zero(P, Len) (memset (P, '0', Len), (P) += (Len))
>        |                               ^~~~~~~~~~~~~~~~~~~~
> lib/nstrftime.c:174:17: note: in expansion of macro 'memset_zero'
>    174 |                 memset_zero (p, _delta);                             
>          \
>        |                 ^~~~~~~~~~~
> lib/nstrftime.c:188:31: note: in expansion of macro 'width_add'
>    188 | # define width_add1(width, c) width_add (width, 1, *p = c)
>        |                               ^~~~~~~~~
> lib/nstrftime.c:1047:17: note: in expansion of macro 'width_add1'
>   1047 |                 width_add1 (0, sign_char);
>        |                 ^~~~~~~~~~
> 
> 
> Now, 18446744073709551615 + 1 happens to be 2⁶⁴; so we're actually tryingh to 
> `memset(P, '0', -1)` here.
> 
> I'm actually having a hard time debugging this, as, to be completely honest, 
> I'm not sure how `_delta` ends up being -1:
>      if (_n < _w) {
>        size_t _delta = _w - _n;

You are on the right way to understanding this. Namely, _n and _w being of
type size_t (thus, unsigned 64-bit), the only way _w - _n can be = 2^64 - 1
with _n < _w is when _n is 0 and _w is 2^64 - 1. But _n has the value of the
second argument to width_add, and that argument is 1 in line 188.

So, this is not a significant bug. It's merely a false positive flagged by
your compiler.

There are *many* -Wstringop-overflow bugs in recent GCC versions, see
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88443

Some of them even have the exact same warning message, see
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86345
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89337
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100477
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106409
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108377

Bruno






reply via email to

[Prev in Thread] Current Thread [Next in Thread]