+Sai
On 4/13/2020 2:43 AM, David Binderman wrote:
> Hello there,
>
> Source code is
>
> while (fgets(temp, 1024, fp)) {
>
> but
>
> char *token_array[8], temp[512];
>
> Use of compiler flag -D_FORTIFY_SOURCE=2 would have found the problem.
> For example:
>
> # include <stdio.h>
>
> extern void g( int);
>
> void
> f( FILE * fp)
> {
> char buf[ 100];
>
> while (fgets( buf, 200, fp) != 0)
> {
> g( 1);
> }
> }
>
> gives
>
> $ /home/dcb/gcc/results/bin/gcc -c -g -O2 -D_FORTIFY_SOURCE=2 apr13c.cc
> In file included from /usr/include/stdio.h:867,
> from apr13c.cc:2:
> In function ?char* fgets(char*, int, FILE*)?,
> inlined from ?void f(FILE*)? at apr13c.cc:11:14:
> /usr/include/bits/stdio2.h:263:26: warning: call to ?__fgets_chk_warn? declared with attribute warning: fgets called with bigger size than length of destination buffer [-Wattribute-warning]
>
> I suggest switch on compiler flag -D_FORTIFY_SOURCE=2 in
> all development builds.
>
Thank you very much for catching this David.
Sai: could you include this fix in your upcoming series of fixes? Using
the pattern of "fgets(buf, sizeof(buf), ...)" instead of hard coding the
size should be helpful here.
Reinette
> -----Original Message-----
> From: Reinette Chatre <[email protected]>
> Sent: Monday, April 13, 2020 9:31 AM
> To: David Binderman <[email protected]>; Yu, Fenghua
> <[email protected]>; [email protected]; Linux Kernel Mailing List <linux-
> [email protected]>; [email protected]; Prakhya, Sai Praneeth
> <[email protected]>
> Subject: Re: linux-5.7-rc1/tools/testing/selftests/resctrl/cqm_test.c:89:15:
> error: Buffer is accessed out of bounds
>
> +Sai
>
> On 4/13/2020 2:43 AM, David Binderman wrote:
> > Hello there,
> >
> > Source code is
> >
> > while (fgets(temp, 1024, fp)) {
> >
> > but
> >
> > char *token_array[8], temp[512];
> >
> > Use of compiler flag -D_FORTIFY_SOURCE=2 would have found the problem.
> > For example:
> >
> > # include <stdio.h>
> >
> > extern void g( int);
> >
> > void
> > f( FILE * fp)
> > {
> > char buf[ 100];
> >
> > while (fgets( buf, 200, fp) != 0)
> > {
> > g( 1);
> > }
> > }
> >
> > gives
> >
> > $ /home/dcb/gcc/results/bin/gcc -c -g -O2 -D_FORTIFY_SOURCE=2
> > apr13c.cc In file included from /usr/include/stdio.h:867,
> > from apr13c.cc:2:
> > In function 'char* fgets(char*, int, FILE*)',
> > inlined from 'void f(FILE*)' at apr13c.cc:11:14:
> > /usr/include/bits/stdio2.h:263:26: warning: call to '__fgets_chk_warn'
> > declared with attribute warning: fgets called with bigger size than
> > length of destination buffer [-Wattribute-warning]
> >
> > I suggest switch on compiler flag -D_FORTIFY_SOURCE=2 in all
> > development builds.
> >
>
> Thank you very much for catching this David.
>
> Sai: could you include this fix in your upcoming series of fixes? Using the pattern
> of "fgets(buf, sizeof(buf), ...)" instead of hard coding the size should be helpful
> here.
Reinette: Sure! I will include this fix. Just FYI, I did notice this and have fixed it in V1 patches that I sent out earlier.
David: Thanks for bringing this up. I wasn't aware of the gcc flag you had mentioned. I will add it.
Regards,
Sai