From owner-freebsd-net@FreeBSD.ORG Sun Nov 27 16:52:38 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C5466106566B; Sun, 27 Nov 2011 16:52:38 +0000 (UTC) (envelope-from Michael.Tuexen@lurchi.franken.de) Received: from mail-n.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa]) by mx1.freebsd.org (Postfix) with ESMTP id F1F9F8FC0A; Sun, 27 Nov 2011 16:52:37 +0000 (UTC) Received: from [192.168.1.200] (p508FA47F.dip.t-dialin.net [80.143.164.127]) (Authenticated sender: macmic) by mail-n.franken.de (Postfix) with ESMTP id ED8F71C0B4610; Sun, 27 Nov 2011 17:52:35 +0100 (CET) Mime-Version: 1.0 (Apple Message framework v1251.1) Content-Type: text/plain; charset=us-ascii From: =?iso-8859-1?Q?Michael_T=FCxen?= In-Reply-To: <20111127162430.GA95971@stack.nl> Date: Sun, 27 Nov 2011 17:52:34 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20111127154536.GA54043@freebsd.org> <20111127162430.GA95971@stack.nl> To: Jilles Tjoelker X-Mailer: Apple Mail (2.1251.1) Cc: Alexander Best , freebsd-current@freebsd.org, freebsd-net@freebsd.org Subject: Re: possible array out of bounds access in sys/netinet/sctp_output.c X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Nov 2011 16:52:39 -0000 On Nov 27, 2011, at 5:24 PM, Jilles Tjoelker wrote: > On Sun, Nov 27, 2011 at 03:45:36PM +0000, Alexander Best wrote: >> i've been playing with clang tot and noticed the following error: >=20 >> /usr/local/bin/clang -c -O3 -pipe -fno-inline-functions = -fno-strict-aliasing -march=3Dcore2 -std=3Dc99 -g = -fdiagnostics-show-option -fformat-extensions -Wall -Wcast-qual = -Winline -Wmissing-include-dirs -Wmissing-prototypes -Wnested-externs = -Wpointer-arith -Wredundant-decls -Wstrict-prototypes -Wundef = -Wno-pointer-sign -nostdinc -I. -I/usr/git-freebsd-head/sys = -I/usr/git-freebsd-head/sys/contrib/altq -D_KERNEL = -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h = -fno-omit-frame-pointer -mno-aes -mno-avx -mcmodel=3Dkernel = -mno-red-zone -mno-mmx -msoft-float -fno-asynchronous-unwind-tables = -ffreestanding -Wno-error=3Dtautological-compare = -Wno-error=3Dshift-count-negative -Wno-error=3Dshift-count-overflow = -Wno-error=3Dshift-overflow -Wno-error=3Dconversion = -Wno-error=3Dempty-body -Wno-error=3Dgnu-designator -Wno-error=3Dformat = -Wno-error=3Dformat-invalid-specifier -Wno-error=3Dformat-extra-args = -Werror /usr/git-freebsd-head/sys/netinet/sctp_output.c >> clang: warning: argument unused during compilation: = '-fformat-extensions' >> /usr/git-freebsd-head/sys/netinet/sctp_output.c:4685:2: error: array = index 1 is past the end of the array (which contains 1 element) = [-Werror,-Warray-bounds] >> sup_addr->addr_type[1] =3D htons(SCTP_IPV6_ADDRESS); >> ^ ~ >> /usr/git-freebsd-head/sys/netinet/sctp_header.h:84:2: note: array = 'addr_type' declared here >> uint16_t addr_type[SCTP_ARRAY_MIN_LEN]; /* array of supported = address >> ^ >> 1 error generated. >> *** Error code 1 >>=20 >> Stop in /usr/obj/usr/git-freebsd-head/sys/GENERIC. >> *** Error code 1 >>=20 >> Stop in /usr/git-freebsd-head. >> *** Error code 1 >>=20 >> Stop in /usr/git-freebsd-head. >=20 >> this is from a GENERIC kernel build (so INET + INET6) for amd64. is = this a >> false positive, or is length(sup_addr->addr_type) really =3D=3D 1, = thus making >> sup_addr->addr_type[1] an illegal access? >=20 > This is the fairly common construct of a variable-length array at the > end of a struct. With C89, this was not allowed but defining one = element > and allocating more elements worked in most implementations. C99 > recognized this need and created a way to do it, which looks like > uint16_t addr_type[];. This adds any necessary padding and allows = access > to however many elements have been allocated. Also, if it is not at = the > end of a struct it is an error. >=20 > Using this new construct requires code changes because some code such = as > fairly close to the error message relies on the size of the one = element > already in the struct. Hi Jilles, you are completely right. It is a false positive. the reason why we don't use addr_type[] is that the same code is used on different plattforms and (at least at one point of time), using addr_type[] didn't work there. However, reconsidering the code right now, I guess one could change to = code in a way to avoid the warning. I'll put that on my ToDo list. But it is = only to avoid the warning, there is no real problem as said earlier. Best regards Michael >=20 > --=20 > Jilles Tjoelker > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >=20