stdio-common: Fix type unsafe cast causing gcc miscompile.
Commit Message
When I run a riscv64-linux check, crypt/cert fails. I tracked this down
to the fact that scanf was miscompiled. This was reported as FSF GCC
bug 97264 which was closed as invalid due to a bad cast in glibc in
vfscanf_internal where it calls read_int. Casting const char ** to
const unsigned char ** is not type-based aliasing safe. There are 3
places that call read_int, and two already use unsigned char, so it
seems simplest to fix vfscanf_internal to use unsigned char which is
what this patch does. Tested on riscv64-linux and it fixes 17 failures
with no regressions.
OK?
Jim
---
stdio-common/vfscanf-internal.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
Comments
Update your checkout.
Andreas.
On Tue, Nov 10, 2020 at 12:34 AM Andreas Schwab <schwab@linux-m68k.org>
wrote:
> Update your checkout.
>
Sorry. I updated all of my trees a few days ago, and somehow missed the
glibc tree. I see now that you already fixed this. I will have to redo my
testing.
Jim
@@ -277,7 +277,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
#endif
{
va_list arg;
- const CHAR_T *f = format;
+ const UCHAR_T *f = (const UCHAR_T *) format;
UCHAR_T fc; /* Current character of the format. */
WINT_T done = 0; /* Assignments done. */
size_t read_in = 0; /* Chars read in. */
@@ -415,10 +415,11 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
#endif
#ifndef COMPILE_WSCANF
- if (!isascii ((unsigned char) *f))
+ if (!isascii (*f))
{
/* Non-ASCII, may be a multibyte. */
- int len = __mbrlen (f, strlen (f), &state);
+ int len = __mbrlen ((const char *) f, strlen ((const char *) f),
+ &state);
if (len > 0)
{
do
@@ -426,7 +427,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
c = inchar ();
if (__glibc_unlikely (c == EOF))
input_error ();
- else if (c != (unsigned char) *f++)
+ else if (c != *f++)
{
ungetc_not_eof (c, s);
conv_error ();
@@ -484,9 +485,9 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
char_buffer_rewind (&charbuf);
/* Check for a positional parameter specification. */
- if (ISDIGIT ((UCHAR_T) *f))
+ if (ISDIGIT (*f))
{
- argpos = read_int ((const UCHAR_T **) &f);
+ argpos = read_int (&f);
if (*f == L_('$'))
++f;
else
@@ -521,8 +522,8 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
/* Find the maximum field width. */
width = 0;
- if (ISDIGIT ((UCHAR_T) *f))
- width = read_int ((const UCHAR_T **) &f);
+ if (ISDIGIT (*f))
+ width = read_int (&f);
got_width:
if (width == 0)
width = -1;
@@ -2523,11 +2524,11 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
while ((fc = *f++) != '\0' && fc != ']')
if (fc == '-' && *f != '\0' && *f != ']'
- && (unsigned char) f[-2] <= (unsigned char) *f)
+ && f[-2] <= *f)
{
/* Add all characters from the one before the '-'
up to (but not including) the next format char. */
- for (fc = (unsigned char) f[-2]; fc < (unsigned char) *f; ++fc)
+ for (fc = f[-2]; fc < *f; ++fc)
((char *)charbuf.scratch.data)[fc] = 1;
}
else