[PATCH] D126864: [clang] Introduce -fstrict-flex-arrays=<n> for stricter handling of flexible arrays
Kees Cook via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Jul 13 16:53:04 PDT 2022
kees added a comment.
Example of the bug I want to block:
struct foo {
int stuff;
u32 data[0];
};
struct foo *deserialize(u8 *str, int len)
{
struct foo *instance;
size_t bytes;
bytes = sizeof(*instance) + sizeof(instance->data) * (len / sizeof(u32));
instance = kmalloc(bytes, GFP_KERNEL);
if (!instance)
return NULL;
memcpy(instance->data, str, len)
}
This contains a catastrophic 1 character bug (should be `sizeof(*instance->data)`) that will only be encountered at runtime when the memcpy runs past the end of the the allocation. It could have been caught at build-time if the flex-array extensions were disabled; without `-fstrict-flex-arrays=3` I have no way to block these (or similar) sneaking back into the kernel by way of old (or new) userspace APIs. :( So actually, even with `#pragma`, we could still trip over this. Please leave the `=3` mode.
https://godbolt.org/z/dexd3a4Y8
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D126864/new/
https://reviews.llvm.org/D126864
More information about the cfe-commits
mailing list