Re: [PATCH 3/4] mdadm: Avoid array bounds check of gcc

linux-raid.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Xiao Ni <xni@redhat.com>
To: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
Cc: jes@trained-monkey.org, linux-raid@vger.kernel.org
Subject: Re: [PATCH 3/4] mdadm: Avoid array bounds check of gcc
Date: Sat, 7 Oct 2023 21:26:22 +0800	[thread overview]
Message-ID: <CALTww29bA29qPUR108O+JJ+rcwjrPqxG1oNA5ewKGGm_p7NApg@mail.gmail.com> (raw)
In-Reply-To: <20230928114149.000016a1@linux.intel.com>

On Thu, Sep 28, 2023 at 5:42 PM Mariusz Tkaczyk
<mariusz.tkaczyk@linux.intel.com> wrote:
>
> On Wed, 27 Sep 2023 10:52:18 +0800
> Xiao Ni <xni@redhat.com> wrote:
>
> > With gcc version 13.2.1 20230918 (Red Hat 13.2.1-3) (GCC), it reports error:
> > super-ddf.c:1988:58: error: array subscript -1 is below array bounds of
> > ‘struct phys_disk_entry[0]’ [-Werror=array-bounds=]
> > The subscrit is defined as int type. And it can be smaller than 0.
>
> If it can be smaller that 0 then it is something we need to fix.
> I think that it comes from here:
>                 info->disk.raid_disk = find_phys(ddf, ddf->dlist->disk.refnum);
>                 info->data_offset = be64_to_cpu(ddf->phys->
>                                                   entries[info->disk.raid_disk].
>                                                   config_size);
>
> find_phys can return -1.
> It is handled few lines bellow. I don't see reason why we cannot handle it here
> too.
>
>                 if (info->disk.raid_disk >= 0)
>                         pde = ddf->phys->entries + info->disk.raid_disk;
>
> I think that it will be fair to abort because metadata seems to be corrupted.
> We are referring to info->disk.raid_disk from many places. We cannot return
> error because it is void, we can just return.

Hi Mariusz

You mean something like this?

diff --git a/super-ddf.c b/super-ddf.c
index 7213284e0a59..b6e514042055 100644
--- a/super-ddf.c
+++ b/super-ddf.c
@@ -1984,6 +1984,9 @@ static void getinfo_super_ddf(struct supertype
*st, struct mdinfo *info, char *m
                info->disk.number = be32_to_cpu(ddf->dlist->disk.refnum);
                info->disk.raid_disk = find_phys(ddf, ddf->dlist->disk.refnum);

+               if (info->disk.raid_disk < 0)
+                       return;
+
                info->data_offset = be64_to_cpu(ddf->phys->
                                                  entries[info->disk.raid_disk].
                                                  config_size);

>
> > To avoid this error, add -Wno-array-bounds flag in Makefile.
>
> If you want do it this way please provide strong justification. We are
> disabling check in all code to hide particular case. It will not prevent us
> from similar mistakes during development in the future.

As Paul and you suggested, I'll not choose this way

Regards
Xiao
>
> Thanks,
> Mariusz
>

next prev parent reply	other threads:[~2023-10-07 13:27 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-27  2:52 [PATCH 0/4] mdadm: Fix some errors for regression tests and building Xiao Ni
2023-09-27  2:52 ` [PATCH 1/4 v2] mdadm/tests: Fix regular expression failure Xiao Ni
2023-09-28  9:24   ` Mariusz Tkaczyk
2023-10-07 13:35     ` Xiao Ni
2023-10-26 21:39       ` Jes Sorensen
2023-09-27  2:52 ` [PATCH 2/4 v2] mdadm/tests: Don't run mknod before losetup Xiao Ni
2023-09-28  9:27   ` Mariusz Tkaczyk
2023-10-26 21:44     ` Jes Sorensen
2023-09-27  2:52 ` [PATCH 3/4] mdadm: Avoid array bounds check of gcc Xiao Ni
2023-09-27  4:29   ` Paul Menzel
2023-09-27  5:06     ` Xiao Ni
2023-09-28  9:41   ` Mariusz Tkaczyk
2023-10-07 13:26     ` Xiao Ni [this message]
2023-10-09  7:59       ` Mariusz Tkaczyk
2023-09-27  2:52 ` [PATCH 4/4] mdadm: Print version to stdout Xiao Ni
2023-09-28  9:53   ` Mariusz Tkaczyk
2023-10-07 12:58     ` Xiao Ni

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7213284e0a5 dfblob:b6e51404205 )
 OR (
bs:"Re: [PATCH 3/4] mdadm: Avoid array bounds check of gcc" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CALTww29bA29qPUR108O+JJ+rcwjrPqxG1oNA5ewKGGm_p7NApg@mail.gmail.com \
    --to=xni@redhat.com \
    --cc=jes@trained-monkey.org \
    --cc=linux-raid@vger.kernel.org \
    --cc=mariusz.tkaczyk@linux.intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).