This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)

From: Rainer Orth <ro at CeBiTec dot Uni-Bielefeld dot DE>
To: Martin Sebor <msebor at gmail dot com>
Cc: David Malcolm <dmalcolm at redhat dot com>, Gcc Patch List <gcc-patches at gcc dot gnu dot org>, Joseph Myers <joseph at codesourcery dot com>, Jeff Law <law at redhat dot com>, Richard Biener <rguenther at suse dot de>, Jakub Jelinek <jakub at redhat dot com>, Bernd Schmidt <bschmidt at redhat dot com>, Manuel López-Ibáñez <lopezibanez at gmail dot com>, Florian Weimer <fweimer at redhat dot com>
Date: Fri, 23 Sep 2016 15:47:18 +0200
Subject: Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
Authentication-results: sourceware.org; auth=none
References: <5776B33E.2080504@gmail.com> <alpine.LSU.2.11.1607041255060.29772@t29.fhfr.qr> <577A8D6A.3070902@gmail.com> <alpine.LSU.2.11.1607051208470.29772@t29.fhfr.qr> <578D512F.9050909@gmail.com> <9bb5ad66-4985-8c42-f800-4d84e0e18659@redhat.com> <57A3AFFF.7090109@gmail.com> <f3d09350-de5d-a0e4-8203-affac268ced2@redhat.com> <57AD30E5.3000801@gmail.com> <22a47656-c23c-4840-2e49-a59f4af513b1@redhat.com> <57B725F6.8000405@gmail.com> <110cfc6b-7856-9b51-885f-05402b14fc3e@redhat.com> <57D1B5F0.1030504@gmail.com> <alpine.DEB.2.20.1609082201120.17041@digraph.polyomino.org.uk> <57D60D03.7080601@gmail.com> <1474050251.6782.70.camel@redhat.com> <ab69c4bf-a8e2-cee7-4178-97ebd509a291@gmail.com> <yddoa3gb93q.fsf@CeBiTec.Uni-Bielefeld.DE> <yddbmzgb08e.fsf@CeBiTec.Uni-Bielefeld.DE> <c56ef85c-a26b-e5e9-9a04-64a9bbf6ce93@gmail.com>

Hi Martin,

> On 09/22/2016 06:14 AM, Rainer Orth wrote:
>> Hi Martin,
>>
>>> your patch broke bootstrap with MPFR 2.4.2, which is still the
>>> recommended (or perhaps minimal) version according to install.texi:
>> [...]
>>> The following patch (together with your other one to fix ILP32 targets)
>>> allows a sparc-sun-solaris2.12 bootstrap to continue.  I'm going to
>>> commit it as obvious.
>>
>> done now.  Once the bootstrap had finished, I see quite a number of
>> testsuite failures (i386-pc-solaris2.12 still running), both 32 and
>> 64-bit:
>>
>> +FAIL: gcc.dg/tree-ssa/builtin-sprintf-warn-1.c (test for warnings, line
>> 1220)
>> +FAIL: gcc.dg/tree-ssa/builtin-sprintf-warn-1.c (test for warnings, line
>> 1270)
>> +FAIL: gcc.dg/tree-ssa/builtin-sprintf-warn-1.c (test for warnings, line
>> 1381)
>> +FAIL: gcc.dg/tree-ssa/builtin-sprintf-warn-1.c  (test for warnings, line 356)
>> +FAIL: gcc.dg/tree-ssa/builtin-sprintf-warn-1.c  (test for warnings, line 99)
>> +FAIL: gcc.dg/tree-ssa/builtin-sprintf-warn-1.c (test for excess errors)
>
> I have a patch for (hopefully) most of these failures that I will
> commit along with the one for pr77676 as soon as it's approved.

as of r240389, a few of those failures occur also on x86_64-pc-linux-gnu
with -m32:

FAIL: gcc.dg/tree-ssa/builtin-sprintf-warn-1.c  (test for warnings, line 1222)
FAIL: gcc.dg/tree-ssa/builtin-sprintf-warn-1.c  (test for warnings, line 1272)
FAIL: gcc.dg/tree-ssa/builtin-sprintf-warn-1.c  (test for warnings, line 1383)
FAIL: gcc.dg/tree-ssa/builtin-sprintf-warn-1.c (test for excess errors)

>> +FAIL: gcc.dg/tree-ssa/builtin-sprintf.c execution test
>>
>> FAIL: test_a_double:364: "%a" expected result for "0x0.0000000000000p+0"
>> doesn't match function call return value: 20 != 6
>> FAIL: test_a_double:365: "%a" expected result for "0x1.0000000000000p+0"
>> doesn't match function call return value: 20 != 6
>> FAIL: test_a_double:366: "%a" expected result for "0x1.0000000000000p+1"
>> doesn't match function call return value: 20 != 6
>>
>> FAIL: test_a_long_double:375: "%La" expected result for
>> "0x0.0000000000000000000000000000p+0" doesn't match function call return
>> value: 35 != 6
>> FAIL: test_a_long_double:376: "%La" expected result for
>> "0x1.0000000000000000000000000000p+0" doesn't match function call return
>> value: 35 != 6
>> FAIL: test_a_long_double:377: "%La" expected result for
>> "0x1.0000000000000000000000000000p+1" doesn't match function call return
>> value: 35 != 6
>
> I don't know about these.  It looks like the Solaris printf doesn't
> handle the %a directive correctly and the tests (and the related
> checks/optimization) might need to be disabled, which in turn might
> involve extending the existing printf hook or adding a new one.

I've found the following in Solaris 10 (and up) printf(3C):

     a, A    A  double  argument  representing  a  floating-point
             number  is  converted in the style "[-]0xh.hhhhp+d",
             where the single  hexadecimal  digit  preceding  the
             radix  point is 0 if the value converted is zero and
             1 otherwise and the  number  of  hexadecimal  digits
             after it is equal to the precision; if the precision
             is missing, the number of digits printed  after  the
             radix  point  is  13  for the conversion of a double
             value, 16 for the conversion of a long double  value
             on  x86,  and 28 for the conversion of a long double
             value on SPARC; if the precision is zero and the '#'
             flag  is  not  specified, no decimal-point character
             will appear. The letters "abcdef"  are  used  for  a
             conversion  and  the  letters "ABCDEF" for A conver-
             sion. The A conversion specifier produces  a  number
             with  'X'  and  'P'  instead  of  'x'  and  'p'. The
             exponent will always contain at least one digit, and
             only  as  many more digits as necessary to represent
             the decimal exponent of 2. If the value is zero, the
             exponent is zero.

             The converted value is rounded to fit the  specified
             output  format  according to the prevailing floating
             point rounding direction mode. If the conversion  is
             not exact, an inexact exception is raised.

             A double argument representing an infinity or NaN is
             converted in the SUSv3 style of an e or E conversion
             specifier.

I tried to check the relevant sections of the latest C99 and C11 drafts
to check if this handling of missing precision is allowed by the
standard, but I couldn't even fully parse the language there.

> I don't have access to Solaris to fully debug and test this there.
> Would you mind helping with it?

Not at all: if it turns out that Solaris has bugs in this area, I can
easily file them, too.

Thanks.
        Rainer

-- 
-----------------------------------------------------------------------------
Rainer Orth, Center for Biotechnology, Bielefeld University

References:
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Joseph Myers
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: David Malcolm
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Rainer Orth
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Rainer Orth
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]