* [PATCH] libsepol/cil: silence GCC 12 array-bounds false positive
@ 2022-03-31 14:43 Christian Göttsche
2022-04-01 16:53 ` James Carter
0 siblings, 1 reply; 3+ messages in thread
From: Christian Göttsche @ 2022-03-31 14:43 UTC (permalink / raw)
To: selinux
GCC 12 produces an array-bounds warning:
In file included from ../include/sepol/policydb/context.h:23,
from ../include/sepol/policydb/policydb.h:62,
from ../cil/src/cil_binary.c:41:
In function ‘mls_level_init’,
inlined from ‘mls_level_destroy’ at ../include/sepol/policydb/mls_types.h:99:2,
inlined from ‘mls_level_destroy’ at ../include/sepol/policydb/mls_types.h:92:20,
inlined from ‘mls_range_destroy’ at ../include/sepol/policydb/mls_types.h:149:2,
inlined from ‘cil_rangetransition_to_policydb’ at ../cil/src/cil_binary.c:3231:6:
../include/sepol/policydb/mls_types.h:89:9: error: ‘memset’ offset [0, 23] is out of the bounds [0, 0] [-Werror=array-bounds]
89 | memset(level, 0, sizeof(mls_level_t));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../include/sepol/policydb/mls_types.h:89:9: error: ‘memset’ offset [0, 23] is out of the bounds [0, 0] [-Werror=array-bounds]
cc1: all warnings being treated as errors
This is a false positive, by inspecting the code and compiling with -O3
and -flto.
Closes: https://github.com/SELinuxProject/selinux/issues/339
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libsepol/cil/src/cil_binary.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
index 53017e2d..d5211f69 100644
--- a/libsepol/cil/src/cil_binary.c
+++ b/libsepol/cil/src/cil_binary.c
@@ -3222,7 +3222,16 @@ int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, st
} else {
cil_log(CIL_ERR, "Out of memory\n");
}
+// TODO: add upper version bound once fixed in upstream GCC
+#if defined(__GNUC__) && (__GNUC__ >= 12)
+# pragma GCC diagnostic push
+# pragma GCC diagnostic ignored "-Warray-bounds"
+# pragma GCC diagnostic ignored "-Wstringop-overflow"
+#endif
mls_range_destroy(newdatum);
+#if defined(__GNUC__) && (__GNUC__ >= 12)
+# pragma GCC diagnostic pop
+#endif
free(newdatum);
free(newkey);
if (rc != SEPOL_OK) {
--
2.35.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] libsepol/cil: silence GCC 12 array-bounds false positive
2022-03-31 14:43 [PATCH] libsepol/cil: silence GCC 12 array-bounds false positive Christian Göttsche
@ 2022-04-01 16:53 ` James Carter
2022-04-06 9:25 ` Petr Lautrbach
0 siblings, 1 reply; 3+ messages in thread
From: James Carter @ 2022-04-01 16:53 UTC (permalink / raw)
To: Christian Göttsche; +Cc: SElinux list
On Thu, Mar 31, 2022 at 11:34 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> GCC 12 produces an array-bounds warning:
>
> In file included from ../include/sepol/policydb/context.h:23,
> from ../include/sepol/policydb/policydb.h:62,
> from ../cil/src/cil_binary.c:41:
> In function ‘mls_level_init’,
> inlined from ‘mls_level_destroy’ at ../include/sepol/policydb/mls_types.h:99:2,
> inlined from ‘mls_level_destroy’ at ../include/sepol/policydb/mls_types.h:92:20,
> inlined from ‘mls_range_destroy’ at ../include/sepol/policydb/mls_types.h:149:2,
> inlined from ‘cil_rangetransition_to_policydb’ at ../cil/src/cil_binary.c:3231:6:
> ../include/sepol/policydb/mls_types.h:89:9: error: ‘memset’ offset [0, 23] is out of the bounds [0, 0] [-Werror=array-bounds]
> 89 | memset(level, 0, sizeof(mls_level_t));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ../include/sepol/policydb/mls_types.h:89:9: error: ‘memset’ offset [0, 23] is out of the bounds [0, 0] [-Werror=array-bounds]
> cc1: all warnings being treated as errors
>
> This is a false positive, by inspecting the code and compiling with -O3
> and -flto.
>
> Closes: https://github.com/SELinuxProject/selinux/issues/339
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
> ---
> libsepol/cil/src/cil_binary.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
> index 53017e2d..d5211f69 100644
> --- a/libsepol/cil/src/cil_binary.c
> +++ b/libsepol/cil/src/cil_binary.c
> @@ -3222,7 +3222,16 @@ int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, st
> } else {
> cil_log(CIL_ERR, "Out of memory\n");
> }
> +// TODO: add upper version bound once fixed in upstream GCC
> +#if defined(__GNUC__) && (__GNUC__ >= 12)
> +# pragma GCC diagnostic push
> +# pragma GCC diagnostic ignored "-Warray-bounds"
> +# pragma GCC diagnostic ignored "-Wstringop-overflow"
> +#endif
> mls_range_destroy(newdatum);
> +#if defined(__GNUC__) && (__GNUC__ >= 12)
> +# pragma GCC diagnostic pop
> +#endif
> free(newdatum);
> free(newkey);
> if (rc != SEPOL_OK) {
> --
> 2.35.1
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] libsepol/cil: silence GCC 12 array-bounds false positive
2022-04-01 16:53 ` James Carter
@ 2022-04-06 9:25 ` Petr Lautrbach
0 siblings, 0 replies; 3+ messages in thread
From: Petr Lautrbach @ 2022-04-06 9:25 UTC (permalink / raw)
To: SElinux list; +Cc: James Carter, Christian Göttsche
James Carter <jwcart2@gmail.com> writes:
> On Thu, Mar 31, 2022 at 11:34 AM Christian Göttsche
> <cgzones@googlemail.com> wrote:
>>
>> GCC 12 produces an array-bounds warning:
>>
>> In file included from ../include/sepol/policydb/context.h:23,
>> from ../include/sepol/policydb/policydb.h:62,
>> from ../cil/src/cil_binary.c:41:
>> In function ‘mls_level_init’,
>> inlined from ‘mls_level_destroy’ at ../include/sepol/policydb/mls_types.h:99:2,
>> inlined from ‘mls_level_destroy’ at ../include/sepol/policydb/mls_types.h:92:20,
>> inlined from ‘mls_range_destroy’ at ../include/sepol/policydb/mls_types.h:149:2,
>> inlined from ‘cil_rangetransition_to_policydb’ at ../cil/src/cil_binary.c:3231:6:
>> ../include/sepol/policydb/mls_types.h:89:9: error: ‘memset’ offset [0, 23] is out of the bounds [0, 0] [-Werror=array-bounds]
>> 89 | memset(level, 0, sizeof(mls_level_t));
>> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> ../include/sepol/policydb/mls_types.h:89:9: error: ‘memset’ offset [0, 23] is out of the bounds [0, 0] [-Werror=array-bounds]
>> cc1: all warnings being treated as errors
>>
>> This is a false positive, by inspecting the code and compiling with -O3
>> and -flto.
>>
>> Closes: https://github.com/SELinuxProject/selinux/issues/339
>>
>> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> Acked-by: James Carter <jwcart2@gmail.com>
Merged.
>> ---
>> libsepol/cil/src/cil_binary.c | 9 +++++++++
>> 1 file changed, 9 insertions(+)
>>
>> diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
>> index 53017e2d..d5211f69 100644
>> --- a/libsepol/cil/src/cil_binary.c
>> +++ b/libsepol/cil/src/cil_binary.c
>> @@ -3222,7 +3222,16 @@ int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, st
>> } else {
>> cil_log(CIL_ERR, "Out of memory\n");
>> }
>> +// TODO: add upper version bound once fixed in upstream GCC
>> +#if defined(__GNUC__) && (__GNUC__ >= 12)
>> +# pragma GCC diagnostic push
>> +# pragma GCC diagnostic ignored "-Warray-bounds"
>> +# pragma GCC diagnostic ignored "-Wstringop-overflow"
>> +#endif
>> mls_range_destroy(newdatum);
>> +#if defined(__GNUC__) && (__GNUC__ >= 12)
>> +# pragma GCC diagnostic pop
>> +#endif
>> free(newdatum);
>> free(newkey);
>> if (rc != SEPOL_OK) {
>> --
>> 2.35.1
>>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-04-06 13:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-03-31 14:43 [PATCH] libsepol/cil: silence GCC 12 array-bounds false positive Christian Göttsche
2022-04-01 16:53 ` James Carter
2022-04-06 9:25 ` Petr Lautrbach
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox