From patchwork Sun Jan 16 00:21:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Martin Sebor X-Patchwork-Id: 50076 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id DB0DC3858410 for ; Sun, 16 Jan 2022 00:21:41 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DB0DC3858410 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1642292501; bh=0ocRj57LDd2FJE11kJzO0mwqkxpv7xPYmFGMkDYsLq4=; h=Date:Subject:To:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=ceIqnylN8LJ43/rXDDBMjeRfZknuuvUXoH0ECstazF3mb8hYkWVnTVXQ2fZrGvC4/ 7AMnpNqx2zVZJg92C43vl/mf5In9davpvgfl9Q2m9q3CI/GIIXM4hBBHhEHoPPwgEq l3k7umvZNLiBwlx3wy+NizjWfcl0xLOQphWYuhRY= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-il1-x130.google.com (mail-il1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) by sourceware.org (Postfix) with ESMTPS id B32FD3858D3C for ; Sun, 16 Jan 2022 00:21:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org B32FD3858D3C Received: by mail-il1-x130.google.com with SMTP id x10so5031670ilq.7 for ; Sat, 15 Jan 2022 16:21:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:from :subject:to:content-language; bh=0ocRj57LDd2FJE11kJzO0mwqkxpv7xPYmFGMkDYsLq4=; b=62lnuspnK/TAKIor6AyMLjFK/WVFvx11RTPeIayJcyZUcK0myx5PSCVJbP3jkoclRC lbmTloO/IH4R5pKTfBmVAk6Dowpjze9DT/TDz2cRW6ME4E3ARVD1Yqn6l9+GwW6vxmXN dlty10Av6WjDA6Lkbei+Y8o7KgDpWg1D723+KIVX4ngXOVaBuYzpzvA6xWhpsFsIycPd UzqLtznxMitwW6Gi2OHiDi5l6sXsSSY2WDF2X8J7X2p9RgfSQuGODZlNIz/szYkt0Pah Ydle8qQY7F1f2z0uMwvKOgQrMfiWLHdvbTDksXnhjgXF/yNTXph/JxR1sQE/V49IiWlB JXvw== X-Gm-Message-State: AOAM531mcEKTelth3l5vScWSJ8HNFn0GaGvZT+jszR+pgJcNx6C6HpT6 bJyEei8OIBIMTp2Luo/WjeMn8Oo4ZLM= X-Google-Smtp-Source: ABdhPJy4TlfD8XbvDT6icGU7QM8Usx9LLpEV/FaVwH5z5gm6fnJdVmJ4LEEs6mo6en39k5zz+uJc5A== X-Received: by 2002:a05:6e02:20e6:: with SMTP id q6mr7739891ilv.301.1642292479996; Sat, 15 Jan 2022 16:21:19 -0800 (PST) Received: from [192.168.0.41] (97-118-100-142.hlrn.qwest.net. [97.118.100.142]) by smtp.gmail.com with ESMTPSA id o25sm5696226ioa.41.2022.01.15.16.21.19 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 15 Jan 2022 16:21:19 -0800 (PST) Message-ID: Date: Sat, 15 Jan 2022 17:21:19 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 Subject: [PATCH] avoid -Wuse-after-free [BZ #26779] To: libc-alpha@sourceware.org Content-Language: en-US X-Spam-Status: No, score=-10.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Martin Sebor via Libc-alpha From: Martin Sebor Reply-To: Martin Sebor Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" GCC 12 features a couple of new warnings designed to detect uses of pointers made invalid by the pointees lifetimes having ended. Building Glibc with the enhanced GCC exposes a few such uses, mostly after successful calls to realloc. The attached patch avoids the new warnings by converting the pointers to uintptr_t first and using the converted integers instead. The patch suppresses all instances of the warning at the strictest setting (-Wuse-after-free=3), which includes even uses in equality expressions. The default setting approved for GCC 12 is -Wuse-after-free=2, which doesn't warn on such uses to accommodate the pointer-adjustment-after-realloc idiom. At the default setting, the changes to ldconfig.c and setenv are not necessary. Martin diff --git a/elf/ldconfig.c b/elf/ldconfig.c index d14633f5ec..57bb95ebc3 100644 --- a/elf/ldconfig.c +++ b/elf/ldconfig.c @@ -735,9 +735,9 @@ manual_link (char *library) create_links (real_path, path, libname, soname); free (soname); out: - free (path); if (path != real_path) free (real_path); + free (path); } diff --git a/intl/localealias.c b/intl/localealias.c index 3ae360f40d..e581ee4346 100644 --- a/intl/localealias.c +++ b/intl/localealias.c @@ -318,7 +318,9 @@ read_alias_file (const char *fname, int fname_len) if (string_space_act + alias_len + value_len > string_space_max) { - /* Increase size of memory pool. */ + /* Increase size of memory pool. Avoid using the raw + reallocated pointer to avoid GCC -Wuse-after-free. */ + intptr_t ip_string_space = (intptr_t)string_space; size_t new_size = (string_space_max + (alias_len + value_len > 1024 ? alias_len + value_len : 1024)); @@ -326,14 +328,16 @@ read_alias_file (const char *fname, int fname_len) if (new_pool == NULL) goto out; - if (__builtin_expect (string_space != new_pool, 0)) + intptr_t ip_new_pool = (intptr_t)new_pool; + intptr_t ptr_diff = ip_new_pool - ip_string_space; + if (__builtin_expect (ptr_diff == 0, 0)) { size_t i; for (i = 0; i < nmap; i++) { - map[i].alias += new_pool - string_space; - map[i].value += new_pool - string_space; + map[i].alias += ptr_diff; + map[i].value += ptr_diff; } } diff --git a/io/ftw.c b/io/ftw.c index 2742541f36..08ccbdd523 100644 --- a/io/ftw.c +++ b/io/ftw.c @@ -323,8 +323,8 @@ open_dir_stream (int *dfdp, struct ftw_data *data, struct dir_data *dirp) buf[actsize++] = '\0'; /* Shrink the buffer to what we actually need. */ - data->dirstreams[data->actdir]->content = realloc (buf, actsize); - if (data->dirstreams[data->actdir]->content == NULL) + void *content = realloc (buf, actsize); + if (content == NULL) { int save_err = errno; free (buf); @@ -338,6 +338,7 @@ open_dir_stream (int *dfdp, struct ftw_data *data, struct dir_data *dirp) data->dirstreams[data->actdir]->streamfd = -1; data->dirstreams[data->actdir] = NULL; } + data->dirstreams[data->actdir]->content = content; } } diff --git a/stdlib/setenv.c b/stdlib/setenv.c index c3d2cee7b6..2176cbac31 100644 --- a/stdlib/setenv.c +++ b/stdlib/setenv.c @@ -150,7 +150,9 @@ __add_to_environ (const char *name, const char *value, const char *combined, { char **new_environ; - /* We allocated this space; we can extend it. */ + /* We allocated this space; we can extend it. Avoid using the raw + reallocated pointer to avoid GCC -Wuse-after-free. */ + uintptr_t ip_last_environ = (uintptr_t)last_environ; new_environ = (char **) realloc (last_environ, (size + 2) * sizeof (char *)); if (new_environ == NULL) @@ -159,7 +161,7 @@ __add_to_environ (const char *name, const char *value, const char *combined, return -1; } - if (__environ != last_environ) + if ((uintptr_t)__environ != ip_last_environ) memcpy ((char *) new_environ, (char *) __environ, size * sizeof (char *));