From: Petr Lautrbach <plautrba@redhat.com>
To: SElinux list <selinux@vger.kernel.org>
Cc: "James Carter" <jwcart2@gmail.com>,
"Christian Göttsche" <cgzones@googlemail.com>
Subject: Re: [PATCH] libsepol/cil: silence GCC 12 array-bounds false positive
Date: Wed, 06 Apr 2022 11:25:23 +0200 [thread overview]
Message-ID: <87mtgypnr0.fsf@redhat.com> (raw)
In-Reply-To: <CAP+JOzSvNxZP86C5xvQbbQ_JopwoYCj5AikS3-djjww4fVVu7Q@mail.gmail.com>
James Carter <jwcart2@gmail.com> writes:
> On Thu, Mar 31, 2022 at 11:34 AM Christian Göttsche
> <cgzones@googlemail.com> wrote:
>>
>> GCC 12 produces an array-bounds warning:
>>
>> In file included from ../include/sepol/policydb/context.h:23,
>> from ../include/sepol/policydb/policydb.h:62,
>> from ../cil/src/cil_binary.c:41:
>> In function ‘mls_level_init’,
>> inlined from ‘mls_level_destroy’ at ../include/sepol/policydb/mls_types.h:99:2,
>> inlined from ‘mls_level_destroy’ at ../include/sepol/policydb/mls_types.h:92:20,
>> inlined from ‘mls_range_destroy’ at ../include/sepol/policydb/mls_types.h:149:2,
>> inlined from ‘cil_rangetransition_to_policydb’ at ../cil/src/cil_binary.c:3231:6:
>> ../include/sepol/policydb/mls_types.h:89:9: error: ‘memset’ offset [0, 23] is out of the bounds [0, 0] [-Werror=array-bounds]
>> 89 | memset(level, 0, sizeof(mls_level_t));
>> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> ../include/sepol/policydb/mls_types.h:89:9: error: ‘memset’ offset [0, 23] is out of the bounds [0, 0] [-Werror=array-bounds]
>> cc1: all warnings being treated as errors
>>
>> This is a false positive, by inspecting the code and compiling with -O3
>> and -flto.
>>
>> Closes: https://github.com/SELinuxProject/selinux/issues/339
>>
>> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> Acked-by: James Carter <jwcart2@gmail.com>
Merged.
>> ---
>> libsepol/cil/src/cil_binary.c | 9 +++++++++
>> 1 file changed, 9 insertions(+)
>>
>> diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
>> index 53017e2d..d5211f69 100644
>> --- a/libsepol/cil/src/cil_binary.c
>> +++ b/libsepol/cil/src/cil_binary.c
>> @@ -3222,7 +3222,16 @@ int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, st
>> } else {
>> cil_log(CIL_ERR, "Out of memory\n");
>> }
>> +// TODO: add upper version bound once fixed in upstream GCC
>> +#if defined(__GNUC__) && (__GNUC__ >= 12)
>> +# pragma GCC diagnostic push
>> +# pragma GCC diagnostic ignored "-Warray-bounds"
>> +# pragma GCC diagnostic ignored "-Wstringop-overflow"
>> +#endif
>> mls_range_destroy(newdatum);
>> +#if defined(__GNUC__) && (__GNUC__ >= 12)
>> +# pragma GCC diagnostic pop
>> +#endif
>> free(newdatum);
>> free(newkey);
>> if (rc != SEPOL_OK) {
>> --
>> 2.35.1
>>
prev parent reply other threads:[~2022-04-06 13:00 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-31 14:43 [PATCH] libsepol/cil: silence GCC 12 array-bounds false positive Christian Göttsche
2022-04-01 16:53 ` James Carter
2022-04-06 9:25 ` Petr Lautrbach [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mtgypnr0.fsf@redhat.com \
--to=plautrba@redhat.com \
--cc=cgzones@googlemail.com \
--cc=jwcart2@gmail.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.