This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Make endian-conversion macros always return correct types (bug 16458)


Bug 16458 reports that the endian-conversion macros in <endian.h> and
<netinet/in.h>, in the case where no endian conversion is needed, just
return their arguments without converting to the expected return type,
so failing to act as expected for a macro version of a function.  (The
<netinet/in.h> macros, in particular, are described with prototypes in
POSIX so should act like correspondingly prototyped functions.)

Where previously this was a fairly obscure issue, it now results in
glibc build with GCC mainline breaking for big-endian systems:

nss_hesiod/hesiod-service.c: In function '_nss_hesiod_getservbyport_r':
nss_hesiod/hesiod-service.c:142:39: error: '%d' directive output may be truncated writing between 1 and 11 bytes into a region of size 6 [-Werror=format-truncation=]
   snprintf (portstr, sizeof portstr, "%d", ntohs (port));
                                       ^~
nss_hesiod/hesiod-service.c:142:38: note: using the range [1, -2147483648] for directive argument
   snprintf (portstr, sizeof portstr, "%d", ntohs (port));
                                      ^~~~
nss_hesiod/hesiod-service.c:142:3: note: format output between 2 and 12 bytes into a destination of size 6
   snprintf (portstr, sizeof portstr, "%d", ntohs (port));
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The port argument is passed as int to this function, so when ntohs
does not convert the compiler cannot tell that the result is within
the range of uint16_t.  (I don't know if in fact it's possible for
out-of-range values to reach this function and so get truncated as
strings without this patch or as integers with it.)

This patch arranges for these macros to use identity functions to
ensure appropriate conversions while having warnings for implicit
conversions of function arguments that might not occur with a cast.

Tested for x86_64 and x86; with build-many-glibcs.py with GCC 6; and
with build-many-glibcs.py with GCC mainline for powerpc to test the
build fix.

2017-01-10  Joseph Myers  <joseph@codesourcery.com>

	[BZ #16458]
	* bits/uintn-identity.h: New file.
	* inet/netinet/in.h: Include <bits/uintn-identity.h>.
	[__BYTE_ORDER == __BIG_ENDIAN] (ntohl): Use __uint32_identity.
	[__BYTE_ORDER == __BIG_ENDIAN] (ntohs): Use __uint16_identity.
	[__BYTE_ORDER == __BIG_ENDIAN] (htonl): Use __uint32_identity.
	[__BYTE_ORDER == __BIG_ENDIAN] (htohs): Use __uint16_identity.
	* string/endian.h: Include <bits/uintn-identity.h>.
	[__BYTE_ORDER == __LITTLE_ENDIAN] (htole16): Use
	__uint16_identity.
	[__BYTE_ORDER == __LITTLE_ENDIAN] (le16toh): Likewise.
	[__BYTE_ORDER == __LITTLE_ENDIAN] (htole32): Use
	__uint32_identity.
	[__BYTE_ORDER == __LITTLE_ENDIAN] (le32toh): Likewise.
	[__BYTE_ORDER == __LITTLE_ENDIAN] (htole64): Use
	__uint64_identity.
	[__BYTE_ORDER == __LITTLE_ENDIAN] (le64toh): Likewise.
	[__BYTE_ORDER != __LITTLE_ENDIAN] (htobe16): Use
	__uint16_identity.
	[__BYTE_ORDER != __LITTLE_ENDIAN] (be16toh): Likewise.
	[__BYTE_ORDER != __LITTLE_ENDIAN] (htobe32): Use
	__uint32_identity.
	[__BYTE_ORDER != __LITTLE_ENDIAN] (be32toh): Likewise.
	[__BYTE_ORDER != __LITTLE_ENDIAN] (htobe64): Use
	__uint64_identity.
	[__BYTE_ORDER != __LITTLE_ENDIAN] (be64toh): Likewise.
	* string/Makefile (headers): Add bits/uintn-identity.h.
	(tests): Add test-endian-types.
	* string/test-endian-types.c: New file.
	* inet/Makefile (tests): Add test-hnto-types.
	* inet/test-hnto-types.c: New file.

diff --git a/bits/uintn-identity.h b/bits/uintn-identity.h
new file mode 100644
index 0000000..d2152c2
--- /dev/null
+++ b/bits/uintn-identity.h
@@ -0,0 +1,50 @@
+/* Inline functions to return unsigned integer values unchanged.
+   Copyright (C) 2017 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#if !defined _NETINET_IN_H && !defined _ENDIAN_H
+# error "Never use <bits/uintn-identity.h> directly; include <netinet/in.h> or <endian.h> instead."
+#endif
+
+#ifndef _BITS_UINTN_IDENTITY_H
+#define _BITS_UINTN_IDENTITY_H 1
+
+#include <bits/types.h>
+
+/* These inline functions are to ensure the appropriate type
+   conversions and associated diagnostics from macros that convert to
+   a given endianness.  */
+
+static __inline __uint16_t
+__uint16_identity (__uint16_t __x)
+{
+  return __x;
+}
+
+static __inline __uint32_t
+__uint32_identity (__uint32_t __x)
+{
+  return __x;
+}
+
+static __inline __uint64_t
+__uint64_identity (__uint64_t __x)
+{
+  return __x;
+}
+
+#endif /* _BITS_UINTN_IDENTITY_H.  */
diff --git a/inet/Makefile b/inet/Makefile
index 2c2d426..010792a 100644
--- a/inet/Makefile
+++ b/inet/Makefile
@@ -52,7 +52,7 @@ aux := check_pf check_native ifreq
 tests := htontest test_ifindex tst-ntoa tst-ether_aton tst-network \
 	 tst-gethnm test-ifaddrs bug-if1 test-inet6_opt tst-ether_line \
 	 tst-getni1 tst-getni2 tst-inet6_rth tst-checks tst-checks-posix \
-	 tst-sockaddr tst-inet6_scopeid_pton
+	 tst-sockaddr tst-inet6_scopeid_pton test-hnto-types
 
 include ../Rules
 
diff --git a/inet/netinet/in.h b/inet/netinet/in.h
index 419e119..365bc68 100644
--- a/inet/netinet/in.h
+++ b/inet/netinet/in.h
@@ -383,6 +383,7 @@ extern uint16_t htons (uint16_t __hostshort)
 
 /* Get machine dependent optimized versions of byte swapping functions.  */
 #include <bits/byteswap.h>
+#include <bits/uintn-identity.h>
 
 #ifdef __OPTIMIZE__
 /* We can optimize calls to the conversion functions.  Either nothing has
@@ -391,10 +392,10 @@ extern uint16_t htons (uint16_t __hostshort)
 # if __BYTE_ORDER == __BIG_ENDIAN
 /* The host byte order is the same as network byte order,
    so these functions are all just identity.  */
-# define ntohl(x)	(x)
-# define ntohs(x)	(x)
-# define htonl(x)	(x)
-# define htons(x)	(x)
+# define ntohl(x)	__uint32_identity (x)
+# define ntohs(x)	__uint16_identity (x)
+# define htonl(x)	__uint32_identity (x)
+# define htons(x)	__uint16_identity (x)
 # else
 #  if __BYTE_ORDER == __LITTLE_ENDIAN
 #   define ntohl(x)	__bswap_32 (x)
diff --git a/inet/test-hnto-types.c b/inet/test-hnto-types.c
new file mode 100644
index 0000000..b977035
--- /dev/null
+++ b/inet/test-hnto-types.c
@@ -0,0 +1,39 @@
+/* Test netinet/in.h endian-conversion macros always return the correct type.
+   Copyright (C) 2017 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <netinet/in.h>
+#include <stdint.h>
+
+int i;
+uint16_t u16;
+uint32_t u32;
+
+int
+do_test (void)
+{
+  /* This is a compilation test.  */
+  extern __typeof (htons (i)) u16;
+  extern __typeof (ntohs (i)) u16;
+  extern __typeof (htonl (i)) u32;
+  extern __typeof (ntohl (i)) u32;
+  (void) u16;
+  (void) u32;
+  return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/string/Makefile b/string/Makefile
index 04e9da9..7b3afa0 100644
--- a/string/Makefile
+++ b/string/Makefile
@@ -25,7 +25,7 @@ include ../Makeconfig
 headers	:= string.h strings.h memory.h endian.h bits/endian.h \
 	   argz.h envz.h byteswap.h bits/byteswap.h bits/byteswap-16.h \
 	   bits/string.h bits/string2.h bits/string3.h \
-	   bits/strings_fortified.h
+	   bits/strings_fortified.h bits/uintn-identity.h
 
 routines	:= strcat strchr strcmp strcoll strcpy strcspn		\
 		   strverscmp strdup strndup				\
@@ -56,7 +56,8 @@ tests		:= tester inl-tester noinl-tester testcopy test-ffs	\
 		   tst-strtok tst-strxfrm bug-strcoll1 tst-strfry	\
 		   bug-strtok1 $(addprefix test-,$(strop-tests))	\
 		   bug-envz1 tst-strxfrm2 tst-endian tst-svc2		\
-		   tst-strtok_r bug-strcoll2 tst-cmp tst-xbzero-opt
+		   tst-strtok_r bug-strcoll2 tst-cmp tst-xbzero-opt	\
+		   test-endian-types
 
 xtests = tst-strcoll-overflow
 
diff --git a/string/endian.h b/string/endian.h
index 18e6708..dcc9a65 100644
--- a/string/endian.h
+++ b/string/endian.h
@@ -58,37 +58,38 @@
 #if defined __USE_MISC && !defined __ASSEMBLER__
 /* Conversion interfaces.  */
 # include <bits/byteswap.h>
+# include <bits/uintn-identity.h>
 
 # if __BYTE_ORDER == __LITTLE_ENDIAN
 #  define htobe16(x) __bswap_16 (x)
-#  define htole16(x) (x)
+#  define htole16(x) __uint16_identity (x)
 #  define be16toh(x) __bswap_16 (x)
-#  define le16toh(x) (x)
+#  define le16toh(x) __uint16_identity (x)
 
 #  define htobe32(x) __bswap_32 (x)
-#  define htole32(x) (x)
+#  define htole32(x) __uint32_identity (x)
 #  define be32toh(x) __bswap_32 (x)
-#  define le32toh(x) (x)
+#  define le32toh(x) __uint32_identity (x)
 
 #  define htobe64(x) __bswap_64 (x)
-#  define htole64(x) (x)
+#  define htole64(x) __uint64_identity (x)
 #  define be64toh(x) __bswap_64 (x)
-#  define le64toh(x) (x)
+#  define le64toh(x) __uint64_identity (x)
 
 # else
-#  define htobe16(x) (x)
+#  define htobe16(x) __uint16_identity (x)
 #  define htole16(x) __bswap_16 (x)
-#  define be16toh(x) (x)
+#  define be16toh(x) __uint16_identity (x)
 #  define le16toh(x) __bswap_16 (x)
 
-#  define htobe32(x) (x)
+#  define htobe32(x) __uint32_identity (x)
 #  define htole32(x) __bswap_32 (x)
-#  define be32toh(x) (x)
+#  define be32toh(x) __uint32_identity (x)
 #  define le32toh(x) __bswap_32 (x)
 
-#  define htobe64(x) (x)
+#  define htobe64(x) __uint64_identity (x)
 #  define htole64(x) __bswap_64 (x)
-#  define be64toh(x) (x)
+#  define be64toh(x) __uint64_identity (x)
 #  define le64toh(x) __bswap_64 (x)
 # endif
 #endif
diff --git a/string/test-endian-types.c b/string/test-endian-types.c
new file mode 100644
index 0000000..86a8932
--- /dev/null
+++ b/string/test-endian-types.c
@@ -0,0 +1,49 @@
+/* Test endian.h endian-conversion macros always return the correct type.
+   Copyright (C) 2017 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <endian.h>
+#include <stdint.h>
+
+int i;
+uint16_t u16;
+uint32_t u32;
+uint64_t u64;
+
+int
+do_test (void)
+{
+  /* This is a compilation test.  */
+  extern __typeof (htobe16 (i)) u16;
+  extern __typeof (htole16 (i)) u16;
+  extern __typeof (be16toh (i)) u16;
+  extern __typeof (le16toh (i)) u16;
+  extern __typeof (htobe32 (i)) u32;
+  extern __typeof (htole32 (i)) u32;
+  extern __typeof (be32toh (i)) u32;
+  extern __typeof (le32toh (i)) u32;
+  extern __typeof (htobe64 (i)) u64;
+  extern __typeof (htole64 (i)) u64;
+  extern __typeof (be64toh (i)) u64;
+  extern __typeof (le64toh (i)) u64;
+  (void) u16;
+  (void) u32;
+  (void) u64;
+  return 0;
+}
+
+#include <support/test-driver.c>

-- 
Joseph S. Myers
joseph@codesourcery.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]