Bug 93640 - The write_only and read_write attributes can be mistyped due to invalid strncmp size argument
Summary: The write_only and read_write attributes can be mistyped due to invalid strnc...
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: c (show other bugs)
Version: 10.0
: P3 normal
Target Milestone: 10.0
Assignee: Martin Sebor
URL:
Keywords: accepts-invalid
Depends on:
Blocks:
 
Reported: 2020-02-09 17:18 UTC by Dominik 'disconnect3d' Czarnota
Modified: 2020-02-10 17:28 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2020-02-09 00:00:00

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dominik 'disconnect3d' Czarnota 2020-02-09 17:18:02 UTC 
Hey,

There is a small bug in gcc trunk (which I believe will be gcc 10).

The PoC code is below. This compiles while it should not, because there is no 'write_onlX' attribute:

```
 __attribute__ ((access (write_onlX, 1))) int foo (char*);

 __attribute__ ((access (read_writX, 1))) int bar (char*);

int foo(char* x) {
    return sizeof(x) * 2;
}

int bar(char* x) {
    return sizeof(x) * 2;
}
```

If we mistype it more, it will actually throw a compile error, so e.g. a `write_onYX` and `read_wriYX` would trigger the following errors:

```
<source>:1:2: error: attribute 'access' invalid mode 'write_onYX'; expected one of 'read_only', 'read_write', or 'write_only'

    1 |  __attribute__ ((access (write_onYX, 1))) int foo (char*);

      |  ^~~~~~~~~~~~~

<source>:3:2: error: attribute 'access' invalid mode 'read_wriYX'; expected one of 'read_only', 'read_write', or 'write_only'

    3 |  __attribute__ ((access (read_wriYX, 1))) int bar (char*);

      |  ^~~~~~~~~~~~~

Compiler returned: 1
```

All this can be observed on https://godbolt.org/z/Pj-5vp


The issue comes from the code below (that can be seen e.g. here: https://github.com/gcc-mirror/gcc/blob/8d9254fc8aa32619f640efb01cfe87cc6cdc9ce1/gcc/c-family/c-attribs.c#L4061-L4062) from gcc/c-family/c-attribs.c#L4061-L4062 :

  const bool read_only = strncmp (ps, "read_only", 9) == 0;
  const bool write_only = strncmp (ps, "write_only", 9) == 0;
  if (!read_only && !write_only && strncmp (ps, "read_write", 9))

While the "read_only" string has indeed 9 characters (without the null byte) both the "write_only" and "read_write" have a length of 10 and so the `strcnmp` call misses the last byte of them.

This can be easily fixed by changing the size argument from 9 to 10 in those two cases. I haven't filed a patch as it is more convenient to write this down here through a web browser (than cloning repo, creating patch, sending e-mails etc).

There are more, other cases like this which I haven't triaged fully. I will report them anyway in another bug report.
Comment 1 Martin Sebor 2020-02-09 22:44:53 UTC 
Confirmed.
Comment 2 Dominik 'disconnect3d' Czarnota 2020-02-10 11:42:17 UTC 
Just to clarify, I reported other cases like this in Bug 93641 - Wrong strncmp and strncasecmp size arguments (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93641).
Comment 3 GCC Commits 2020-02-10 17:28:32 UTC 
The master branch has been updated by Martin Sebor <msebor@gcc.gnu.org>:

https://gcc.gnu.org/g:0cc575e4d8b68b743e07da02a74733f9b5cb585a

commit r10-6559-g0cc575e4d8b68b743e07da02a74733f9b5cb585a
Author: Martin Sebor <msebor@redhat.com>
Date:   Mon Feb 10 10:27:00 2020 -0700

    PR c/93640 - The write_only and read_write attributes can be mistyped due to invalid strncmp size argument
    
    gcc/c-family/ChangeLog:
    
    	PR c/93640
    	* c-attribs.c (handle_access_attribute): Correct off-by-one mistakes.
    
    gcc/testsuite/ChangeLog:
    
    	PR c/93640
    	* gcc.dg/attr-access.c: New test.
Comment 4 Martin Sebor 2020-02-10 17:28:57 UTC 
Fixed.