Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Bug 206804] Inconsistent type handling for sizes in sbuf code
0 views
Skip to first unread message
bugzilla...@freebsd.org
Jan 31, 2016, 1:21:01 PM1/31/16
to freebs...@freebsd.org
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206804
Bug ID: 206804
Summary: Inconsistent type handling for sizes in sbuf code
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebs...@FreeBSD.org
Reporter: ct...@hardenedbsd.org
Definition of `struct sbuf` in `/sys/sys/sbuf.h`:
struct sbuf {
char *s_buf; /* storage buffer */
sbuf_drain_func *s_drain_func; /* drain function */
void *s_drain_arg; /* user-supplied drain argument */
int s_error; /* current error code */
ssize_t s_size; /* size of storage buffer */
ssize_t s_len; /* current length of string */
#define SBUF_FIXEDLEN 0x00000000 /* fixed length buffer (default) */
#define SBUF_AUTOEXTEND 0x00000001 /* automatically extend buffer */
#define SBUF_INCLUDENUL 0x00000002 /* nulterm byte is counted in len */
#define SBUF_USRFLAGMSK 0x0000ffff /* mask of flags the user may specify
*/
#define SBUF_DYNAMIC 0x00010000 /* s_buf must be freed */
#define SBUF_FINISHED 0x00020000 /* set by sbuf_finish() */
#define SBUF_DYNSTRUCT 0x00080000 /* sbuf must be freed */
#define SBUF_INSECTION 0x00100000 /* set by sbuf_start_section() */
int s_flags; /* flags */
ssize_t s_sect_len; /* current length of section */
};
All sizes and lengths, such as `s_size`, are of type `ssize_t`.
However some functions in `sys/kern/subr_sbuf.c` incorrectly treat these sizes
as `int` which could lead to unexpected truncation on platforms where
`sizeof(int)` !== `sizeof(ssize_t)`:
struct sbuf *
sbuf_new(struct sbuf *s, char *buf, int length, int flags)
{
...
sbuf_newbuf(s, buf, length, flags);
...
}
static struct sbuf *
sbuf_newbuf(struct sbuf *s, char *buf, int length, int flags)
{
...
s->s_size = length;
...
}
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebs...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs...@freebsd.org"
Bug ID: 206804
Summary: Inconsistent type handling for sizes in sbuf code
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebs...@FreeBSD.org
Reporter: ct...@hardenedbsd.org
Definition of `struct sbuf` in `/sys/sys/sbuf.h`:
struct sbuf {
char *s_buf; /* storage buffer */
sbuf_drain_func *s_drain_func; /* drain function */
void *s_drain_arg; /* user-supplied drain argument */
int s_error; /* current error code */
ssize_t s_size; /* size of storage buffer */
ssize_t s_len; /* current length of string */
#define SBUF_FIXEDLEN 0x00000000 /* fixed length buffer (default) */
#define SBUF_AUTOEXTEND 0x00000001 /* automatically extend buffer */
#define SBUF_INCLUDENUL 0x00000002 /* nulterm byte is counted in len */
#define SBUF_USRFLAGMSK 0x0000ffff /* mask of flags the user may specify
*/
#define SBUF_DYNAMIC 0x00010000 /* s_buf must be freed */
#define SBUF_FINISHED 0x00020000 /* set by sbuf_finish() */
#define SBUF_DYNSTRUCT 0x00080000 /* sbuf must be freed */
#define SBUF_INSECTION 0x00100000 /* set by sbuf_start_section() */
int s_flags; /* flags */
ssize_t s_sect_len; /* current length of section */
};
All sizes and lengths, such as `s_size`, are of type `ssize_t`.
However some functions in `sys/kern/subr_sbuf.c` incorrectly treat these sizes
as `int` which could lead to unexpected truncation on platforms where
`sizeof(int)` !== `sizeof(ssize_t)`:
struct sbuf *
sbuf_new(struct sbuf *s, char *buf, int length, int flags)
{
...
sbuf_newbuf(s, buf, length, flags);
...
}
static struct sbuf *
sbuf_newbuf(struct sbuf *s, char *buf, int length, int flags)
{
...
s->s_size = length;
...
}
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebs...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs...@freebsd.org"
bugzilla...@freebsd.org
Jan 31, 2016, 1:22:58 PM1/31/16
to freebs...@freebsd.org
bugzilla...@freebsd.org
Jan 31, 2016, 1:30:58 PM1/31/16
to freebs...@freebsd.org
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206804
--- Comment #2 from CTurt <ct...@hardenedbsd.org> ---
Additional patch also needed for `sbuf.h`:
https://github.com/HardenedBSD/hardenedBSD-playground/commit/4cd156684cf38b64d218b97db44c477b9799c2ed.patch
--- Comment #2 from CTurt <ct...@hardenedbsd.org> ---
Additional patch also needed for `sbuf.h`:
https://github.com/HardenedBSD/hardenedBSD-playground/commit/4cd156684cf38b64d218b97db44c477b9799c2ed.patch
bugzilla...@freebsd.org
Jan 31, 2016, 3:02:28 PM1/31/16
to freebs...@freebsd.org
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206804
--- Comment #3 from o...@hardenedbsd.org ---
These patch breaks the build, see the jenkins log:
http://jenkins.hardenedbsd.org:8180/jenkins/job/HardenedBSD-CURRENT-unstable-amd64/lastFailedBuild/consoleFull
--- Comment #3 from o...@hardenedbsd.org ---
These patch breaks the build, see the jenkins log:
http://jenkins.hardenedbsd.org:8180/jenkins/job/HardenedBSD-CURRENT-unstable-amd64/lastFailedBuild/consoleFull
bugzilla...@freebsd.org
Jan 31, 2016, 3:42:13 PM1/31/16
to freebs...@freebsd.org
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206804
Mark Linimon <lin...@FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |patch
Mark Linimon <lin...@FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |patch
bugzilla...@freebsd.org
Jan 31, 2016, 3:49:55 PM1/31/16
to freebs...@freebsd.org
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206804
--- Comment #4 from CTurt <ct...@hardenedbsd.org> ---
The error is:
/jenkins/workspace/HardenedBSD-CURRENT-unstable-amd64/sy/kern/subr_sbuf.c:226:60:
error: format specifies type 'int' but the argument has type 'ssize_t' (aka
'long') [-Werror,-Wformat] ("attempt to create an sbuf of negative length
(%d)", length));
Referring to this line:
KASSERT(length >= 0,
("attempt to create an sbuf of negative length (%d)", length));
I find it odd that this would give an error, but the below line doesn't:
KASSERT(s->s_len < s->s_size,
("wrote past end of sbuf (%d >= %d)", s->s_len, s->s_size));
Regardless, I've committed a new patch to use the `%zd` format specifier here,
instead:
https://github.com/HardenedBSD/hardenedBSD-playground/commit/5165b5cc55f09ba357bc1ee41d828ec2864e7d0d.patch
--- Comment #4 from CTurt <ct...@hardenedbsd.org> ---
The error is:
/jenkins/workspace/HardenedBSD-CURRENT-unstable-amd64/sy/kern/subr_sbuf.c:226:60:
error: format specifies type 'int' but the argument has type 'ssize_t' (aka
'long') [-Werror,-Wformat] ("attempt to create an sbuf of negative length
(%d)", length));
Referring to this line:
KASSERT(length >= 0,
("attempt to create an sbuf of negative length (%d)", length));
I find it odd that this would give an error, but the below line doesn't:
KASSERT(s->s_len < s->s_size,
("wrote past end of sbuf (%d >= %d)", s->s_len, s->s_size));
Regardless, I've committed a new patch to use the `%zd` format specifier here,
instead:
https://github.com/HardenedBSD/hardenedBSD-playground/commit/5165b5cc55f09ba357bc1ee41d828ec2864e7d0d.patch
0 new messages