stdio-common: Fix type unsafe cast causing gcc miscompile.

Message ID 20201110005434.17707-1-jimw@sifive.com
State Dropped
Headers
Series stdio-common: Fix type unsafe cast causing gcc miscompile. |

Commit Message

Jim Wilson Nov. 10, 2020, 12:54 a.m. UTC
  When I run a riscv64-linux check, crypt/cert fails.  I tracked this down
to the fact that scanf was miscompiled.  This was reported as FSF GCC
bug 97264 which was closed as invalid due to a bad cast in glibc in
vfscanf_internal where it calls read_int.  Casting const char ** to
const unsigned char ** is not type-based aliasing safe.  There are 3
places that call read_int, and two already use unsigned char, so it
seems simplest to fix vfscanf_internal to use unsigned char which is
what this patch does.  Tested on riscv64-linux and it fixes 17 failures
with no regressions.

OK?

Jim
---
 stdio-common/vfscanf-internal.c | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)
  

Comments

Andreas Schwab Nov. 10, 2020, 8:34 a.m. UTC | #1
Update your checkout.

Andreas.
  
Jim Wilson Nov. 10, 2020, 4:20 p.m. UTC | #2
On Tue, Nov 10, 2020 at 12:34 AM Andreas Schwab <schwab@linux-m68k.org>
wrote:

> Update your checkout.
>

Sorry.  I updated all of my trees a few days ago, and somehow missed the
glibc tree.  I see now that you already fixed this.  I will have to redo my
testing.

Jim
  

Patch

diff --git a/stdio-common/vfscanf-internal.c b/stdio-common/vfscanf-internal.c
index 95b46dcbeb..35fc9d7b0b 100644
--- a/stdio-common/vfscanf-internal.c
+++ b/stdio-common/vfscanf-internal.c
@@ -277,7 +277,7 @@  __vfscanf_internal (FILE *s, const char *format, va_list argptr,
 #endif
 {
   va_list arg;
-  const CHAR_T *f = format;
+  const UCHAR_T *f = (const UCHAR_T *) format;
   UCHAR_T fc;	/* Current character of the format.  */
   WINT_T done = 0;	/* Assignments done.  */
   size_t read_in = 0;	/* Chars read in.  */
@@ -415,10 +415,11 @@  __vfscanf_internal (FILE *s, const char *format, va_list argptr,
 #endif
 
 #ifndef COMPILE_WSCANF
-      if (!isascii ((unsigned char) *f))
+      if (!isascii (*f))
 	{
 	  /* Non-ASCII, may be a multibyte.  */
-	  int len = __mbrlen (f, strlen (f), &state);
+	  int len = __mbrlen ((const char *) f, strlen ((const char *) f),
+			      &state);
 	  if (len > 0)
 	    {
 	      do
@@ -426,7 +427,7 @@  __vfscanf_internal (FILE *s, const char *format, va_list argptr,
 		  c = inchar ();
 		  if (__glibc_unlikely (c == EOF))
 		    input_error ();
-		  else if (c != (unsigned char) *f++)
+		  else if (c != *f++)
 		    {
 		      ungetc_not_eof (c, s);
 		      conv_error ();
@@ -484,9 +485,9 @@  __vfscanf_internal (FILE *s, const char *format, va_list argptr,
       char_buffer_rewind (&charbuf);
 
       /* Check for a positional parameter specification.  */
-      if (ISDIGIT ((UCHAR_T) *f))
+      if (ISDIGIT (*f))
 	{
-	  argpos = read_int ((const UCHAR_T **) &f);
+	  argpos = read_int (&f);
 	  if (*f == L_('$'))
 	    ++f;
 	  else
@@ -521,8 +522,8 @@  __vfscanf_internal (FILE *s, const char *format, va_list argptr,
 
       /* Find the maximum field width.  */
       width = 0;
-      if (ISDIGIT ((UCHAR_T) *f))
-	width = read_int ((const UCHAR_T **) &f);
+      if (ISDIGIT (*f))
+	width = read_int (&f);
     got_width:
       if (width == 0)
 	width = -1;
@@ -2523,11 +2524,11 @@  __vfscanf_internal (FILE *s, const char *format, va_list argptr,
 
 	  while ((fc = *f++) != '\0' && fc != ']')
 	    if (fc == '-' && *f != '\0' && *f != ']'
-		&& (unsigned char) f[-2] <= (unsigned char) *f)
+		&& f[-2] <= *f)
 	      {
 		/* Add all characters from the one before the '-'
 		   up to (but not including) the next format char.  */
-		for (fc = (unsigned char) f[-2]; fc < (unsigned char) *f; ++fc)
+		for (fc = f[-2]; fc < *f; ++fc)
 		  ((char *)charbuf.scratch.data)[fc] = 1;
 	      }
 	    else