This is the mail archive of the newlib@sourceware.org mailing list for the newlib project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Problem with Object Size Checking and reallocarray

From: Jon Turney <jon dot turney at dronecode dot org dot uk>
To: "newlib at sourceware dot org" <newlib at sourceware dot org>
Date: Mon, 12 Mar 2018 19:58:00 +0000
Subject: Problem with Object Size Checking and reallocarray
Authentication-results: sourceware.org; auth=none


// gcc test.c -o test.exe -g -O2 -Wp,-D_FORTIFY_SOURCE=2

//
// extracted from InputLineAddChar in xserver/xkb/maprules.c
//

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main()
{
  const char *buf[128];
  char *line = reallocarray(NULL, 128, 2);
  // size of line is 128*2 = 256
  printf("%zu\n", __builtin_object_size(line, 0));
  memcpy(line, buf, 128);
  // __mempcy_chk tests against size 2, and terminates
}

reallocarray() is annotated in stdlib.h with '__alloc_size(2)__alloc_size(3)'

per [1], this doesn't seem to be the correct syntax when the size is theproduct of the arguments, and the last alloc_size seems to be silentlywinning.

If I change this to '__alloc_size((2,3))' (as in the patch attached),__builtin_object_size doesn't seem to be a compile-time constantanymore, and so memcpy() evaluates differently, so it's hard to be surethat's actually correct...


[1] https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html

Attachment: 0001-Correct-alloc_size-annotation-on-reallocarray.patch
Description: Text document

Follow-Ups:
- Re: Problem with Object Size Checking and reallocarray
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]