Summary: | _FORTIFY_SOURCE=3 and __fortified_attr_access vs size of 0 and zero size types | ||
---|---|---|---|
Product: | glibc | Reporter: | Andrew Pinski <pinskia> |
Component: | libc | Assignee: | Siddhesh Poyarekar <siddhesh> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | andreas, drepper.fsp, sam, sergiodj, siddhesh |
Priority: | P2 | ||
Version: | unspecified | ||
Target Milestone: | 2.40 | ||
See Also: | https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113922 | ||
Host: | Target: | ||
Build: | Last reconfirmed: |
Description
Andrew Pinski
2024-02-14 21:06:25 UTC
``` When no size-index argument is specified, the pointer argument must be either null or point to a space that is suitably aligned and large for __at least one object__ of the referenced type (this implies that a past-the-end pointer is not a valid argument). ``` Well technically, the pointer argument *is* suitably aligned and large for 16 objects of 0 size, but the implication that it is hence not a past-the-end pointer is invalid. I'll drop the access attribute (since the additional value from having it is not really significant enough) but IMO -Wstringop-overflow needs to be fixed to handle pointers to zero-sized structs, i.e. it needs to ignore them and not conjure up an access size of 1 out of nowhere. Patch posted: https://patchwork.sourceware.org/project/glibc/patch/20240215171506.3154505-1-siddhesh@sourceware.org/ (In reply to Siddhesh Poyarekar from comment #1) > ``` > When no size-index argument is specified, the pointer argument must be > either null or point to a space that is suitably aligned and large for __at > least one object__ of the referenced type (this implies that a past-the-end > pointer is not a valid argument). > ``` > > Well technically, the pointer argument *is* suitably aligned and large for > 16 objects of 0 size, but the implication that it is hence not a > past-the-end pointer is invalid. I'll drop the access attribute (since the > additional value from having it is not really significant enough) but IMO > -Wstringop-overflow needs to be fixed to handle pointers to zero-sized > structs, i.e. it needs to ignore them and not conjure up an access size of 1 > out of nowhere. Actually, no, I was wrong. The referenced type is void*, which is why the warning is 'correct'. Maybe there's scope for better wording, but it does make sense to warn in such cases: extern void f2 (void *) __attribute__ ((__access__ (__write_only__, 1))); void f1 (void) { struct A {} a[16]; f2 (a); } The master branch has been updated by Siddhesh Poyarekar <siddhesh@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bf9688e623262c5fa9f91e4de0e84db45025076f commit bf9688e623262c5fa9f91e4de0e84db45025076f Author: Siddhesh Poyarekar <siddhesh@sourceware.org> Date: Thu Feb 15 07:40:56 2024 -0500 cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383) When passed a pointer to a zero-sized struct, the access attribute without the third argument misleads -Wstringop-overflow diagnostics to think that a function is writing 1 byte into the zero-sized structs. The attribute doesn't add that much value in this context, so drop it completely for _FORTIFY_SOURCE=3. Resolves: BZ #31383 Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Done. |