[PATCH] D126864: [clang] Introduce -fstrict-flex-arrays=<n> for stricter handling of flexible arrays

Kees Cook via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed Jul 13 16:53:04 PDT 2022


kees added a comment.

Example of the bug I want to block:

  struct foo {
      int stuff;
      u32 data[0];
  };
  
  struct foo *deserialize(u8 *str, int len)
  {
      struct foo *instance;
      size_t bytes;
  
      bytes = sizeof(*instance) + sizeof(instance->data) * (len / sizeof(u32));
      instance = kmalloc(bytes, GFP_KERNEL);
      if (!instance)
          return NULL;
      memcpy(instance->data, str, len)
  }

This contains a catastrophic 1 character bug (should be `sizeof(*instance->data)`) that will only be encountered at runtime when the memcpy runs past the end of the the allocation. It could have been caught at build-time if the flex-array extensions were disabled; without `-fstrict-flex-arrays=3` I have no way to block these (or similar) sneaking back into the kernel by way of old (or new) userspace APIs. :( So actually, even with `#pragma`, we could still trip over this. Please leave the `=3` mode.

https://godbolt.org/z/dexd3a4Y8


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D126864/new/

https://reviews.llvm.org/D126864



More information about the cfe-commits mailing list