From patchwork Tue Nov 10 00:54:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jim Wilson X-Patchwork-Id: 41005 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 8D6D63857008; Tue, 10 Nov 2020 00:54:41 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x444.google.com (mail-pf1-x444.google.com [IPv6:2607:f8b0:4864:20::444]) by sourceware.org (Postfix) with ESMTPS id 6D1A6385782B for ; Tue, 10 Nov 2020 00:54:39 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 6D1A6385782B Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=jimw@sifive.com Received: by mail-pf1-x444.google.com with SMTP id 10so9837421pfp.5 for ; Mon, 09 Nov 2020 16:54:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; h=from:to:cc:subject:date:message-id; bh=e0RggPYw6McmO7ey+e5oiiXoKaAHnAna9QjDxQrO4tc=; b=nAfrHTTWa0UE6sok+Kcp8/7IFrhr4p9zzOWePR/Eyl2bMVHKGfNZ3/JUMY65llEBzx +wPmFE79k2ptS2PLN+7B1VgL2nrYI1JOQkw0PEOrjk1lvB5W/Zt/n0gxZr/9l11Lr0su fwmWkQfb0ec4XCE+9xuSaSG5XDXWVSaz7SMvmSeXuoc8yAk+qwbYxAIUNwFroFa/vlF8 hB8rzD4ZoiBFdaEb30WDGnLkHHfeOOz6ogqaQn6/dD43Fe3vjxQqWSgTWOLE02NEjzHS mRCDqmZEG/+cANxD3VZ0jaqOcqXUw2WoujYmnf2+fcyio/ykJQZjmfv8HTdw6uDutivV 630Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=e0RggPYw6McmO7ey+e5oiiXoKaAHnAna9QjDxQrO4tc=; b=Xn4GXUqJn7F+B952YO0jFkDWRtEZlwBTvrSI8GnkYPlUf2/fZ3oLlxn63Xd+rmF3Hz ytVoHzfyU1yc8YocpGR9Yp/JqfJCQ0mi8bzn/b8oAhtlv1l2FqkaVlUhlK6M7oSTSqVU fuF0e6I8DQ00BPKKRgsCDWDyxhDxhktr+nLzp7IMmuWMZp9QfidCcbDpY1r0Hti4Z/BM znRGBc1c1pqaW+aK/45PJoKqs/jB22RxxNRYNv6mY+UBMrYDjjO4m0ab9lnqFrZp+QWe vwiETXlqkvEw9r1Hn6YVReFdXviH0SWG9Xekiq5z7WPA6mfEXzfHVzaiuZ+x8C7JUlxC ++pg== X-Gm-Message-State: AOAM5315b8GkJs6zFq2Cat3KqWyi+UIYPEID/toL8AszPtuqiQbmNpY+ m4U7GaKWaNSSNZk8jhubVseGu8e8oHoqOMFr X-Google-Smtp-Source: ABdhPJxIBUHz+7EVqJiEM0GlEcaFbQZcBQkovRcM18MMMDVemCFk4nKfH87i31JZwsJEPZgeAaW0hA== X-Received: by 2002:a17:90a:3b07:: with SMTP id d7mr1938422pjc.134.1604969678187; Mon, 09 Nov 2020 16:54:38 -0800 (PST) Received: from rohan.hsd1.ca.comcast.net ([2601:646:c180:b150:e567:9570:e5c3:7b63]) by smtp.gmail.com with ESMTPSA id e201sm12326896pfh.73.2020.11.09.16.54.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Nov 2020 16:54:37 -0800 (PST) From: Jim Wilson To: libc-alpha@sourceware.org Subject: [PATCH] stdio-common: Fix type unsafe cast causing gcc miscompile. Date: Mon, 9 Nov 2020 16:54:34 -0800 Message-Id: <20201110005434.17707-1-jimw@sifive.com> X-Mailer: git-send-email 2.17.1 X-Spam-Status: No, score=-10.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" When I run a riscv64-linux check, crypt/cert fails. I tracked this down to the fact that scanf was miscompiled. This was reported as FSF GCC bug 97264 which was closed as invalid due to a bad cast in glibc in vfscanf_internal where it calls read_int. Casting const char ** to const unsigned char ** is not type-based aliasing safe. There are 3 places that call read_int, and two already use unsigned char, so it seems simplest to fix vfscanf_internal to use unsigned char which is what this patch does. Tested on riscv64-linux and it fixes 17 failures with no regressions. OK? Jim --- stdio-common/vfscanf-internal.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/stdio-common/vfscanf-internal.c b/stdio-common/vfscanf-internal.c index 95b46dcbeb..35fc9d7b0b 100644 --- a/stdio-common/vfscanf-internal.c +++ b/stdio-common/vfscanf-internal.c @@ -277,7 +277,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr, #endif { va_list arg; - const CHAR_T *f = format; + const UCHAR_T *f = (const UCHAR_T *) format; UCHAR_T fc; /* Current character of the format. */ WINT_T done = 0; /* Assignments done. */ size_t read_in = 0; /* Chars read in. */ @@ -415,10 +415,11 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr, #endif #ifndef COMPILE_WSCANF - if (!isascii ((unsigned char) *f)) + if (!isascii (*f)) { /* Non-ASCII, may be a multibyte. */ - int len = __mbrlen (f, strlen (f), &state); + int len = __mbrlen ((const char *) f, strlen ((const char *) f), + &state); if (len > 0) { do @@ -426,7 +427,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr, c = inchar (); if (__glibc_unlikely (c == EOF)) input_error (); - else if (c != (unsigned char) *f++) + else if (c != *f++) { ungetc_not_eof (c, s); conv_error (); @@ -484,9 +485,9 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr, char_buffer_rewind (&charbuf); /* Check for a positional parameter specification. */ - if (ISDIGIT ((UCHAR_T) *f)) + if (ISDIGIT (*f)) { - argpos = read_int ((const UCHAR_T **) &f); + argpos = read_int (&f); if (*f == L_('$')) ++f; else @@ -521,8 +522,8 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr, /* Find the maximum field width. */ width = 0; - if (ISDIGIT ((UCHAR_T) *f)) - width = read_int ((const UCHAR_T **) &f); + if (ISDIGIT (*f)) + width = read_int (&f); got_width: if (width == 0) width = -1; @@ -2523,11 +2524,11 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr, while ((fc = *f++) != '\0' && fc != ']') if (fc == '-' && *f != '\0' && *f != ']' - && (unsigned char) f[-2] <= (unsigned char) *f) + && f[-2] <= *f) { /* Add all characters from the one before the '-' up to (but not including) the next format char. */ - for (fc = (unsigned char) f[-2]; fc < (unsigned char) *f; ++fc) + for (fc = f[-2]; fc < *f; ++fc) ((char *)charbuf.scratch.data)[fc] = 1; } else