From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 77810 invoked by alias); 9 Oct 2018 19:58:17 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 77800 invoked by uid 89); 9 Oct 2018 19:58:17 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-2.7 required=5.0 tests=AWL,BAYES_00,SPF_HELO_PASS,SPF_SOFTFAIL autolearn=no version=3.3.2 spammy= X-HELO: mail.baldwin.cx Received: from bigwig.baldwin.cx (HELO mail.baldwin.cx) (96.47.65.170) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 09 Oct 2018 19:58:14 +0000 Received: from John-Baldwins-MacBook-Pro-2.local (ralph.baldwin.cx [66.234.199.215]) by mail.baldwin.cx (Postfix) with ESMTPSA id 77DD510AFCD; Tue, 9 Oct 2018 15:58:11 -0400 (EDT) Subject: Re: [PATCH][gdb] fix unsigned overflow in charset.c To: Paul Koning References: <7B48D309-445E-4141-A87A-1F3D5FA70EFD@comcast.net> <1acace4a-a5c6-abaf-f070-9c2e6768b6f2@redhat.com> <9ea7a1f6-5c3f-c569-6bba-ca9e21711de1@FreeBSD.org> <2DCE0AB8-5647-4AD1-B0AA-3A8350C3BE6D@comcast.net> Cc: Pedro Alves , gdb-patches@sourceware.org From: John Baldwin Message-ID: <17fcbb42-d694-af87-9a8d-d01addee992b@FreeBSD.org> Date: Tue, 09 Oct 2018 19:58:00 -0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <2DCE0AB8-5647-4AD1-B0AA-3A8350C3BE6D@comcast.net> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-IsSubscribed: yes X-SW-Source: 2018-10/txt/msg00240.txt.bz2 On 10/9/18 11:10 AM, Paul Koning wrote: > > >> On Oct 9, 2018, at 1:57 PM, John Baldwin wrote: >> >> On 10/9/18 10:40 AM, Paul Koning wrote: >>> >>> >>>> On Oct 9, 2018, at 1:31 PM, Pedro Alves wrote: >>>> >>>> On 10/09/2018 06:19 PM, Paul Koning wrote: >>>>> This fixed an overflow in pointer arithmetic that crashes GDB on Mac OS. >>>> >>>> _unsigned_ overflow? That isn't undefined. Do we really want to trap >>>> those? I don't think GCC's version does that. >>>> >>>> From: >>>> https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#silencing-unsigned-integer-overflow >>>> seems like there's a way to disable it. >>>> >>>> Thanks, >>>> Pedro Alves >>> >>> You're right, it was an LLVM build. I know unsigned overflow is well defined with integers; is that true for pointers? >>> >>> Given that GDB triggers this issue, should the GDB build do that LLVM workaround if LLVM is used to build it? >>> >>> But it seems simpler to use the proposed patch; clearly the intent is to back up a pointer by -(space_left) and doing that operation on a signed type seems like a logical thing to do, it makes the intended meaning clear. >> >> I also ran into the same failure using LLVM's ubsan on FreeBSD but in a different >> use of obstack_blank_fast(). If we wanted to fix this, I wonder if we'd instead >> want to fix it centrally in obstack_blank_fast (e.g. by using a ptrdiff_t cast) >> rather than fixing various consumers of the API. That would be a change to >> libiberty though, not just gdb. > > I suppose. But casts in macros scare me, they can hide mistakes. It seems more reasonable to have the caller be responsible for creating a value of the correct type. Since it's an adjustment, I suppose the cast should be for ptrdiff_t rather than ssize_t? So if obstack_blank_fast() were an inline function instead of a macro, I suspect it's second argument would be of type ptrdiff_t in which case the equivalent "hidden" cast would happen at the function call. That said, the obstack_blank() macro uses _OBSTACK_SIZE_T (which is an unsigned size_t) when it declares a local variable to pass as the offset, so it seems obstack really is relying on unsigned wrap around. -- John Baldwin                                                                            Â