Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 14 Jul 2011 00:39:45 +0400
From: Solar Designer <solar@...nwall.com>
To: musl@...ts.openwall.com
Subject: Re: cluts review

On Wed, Jul 13, 2011 at 09:29:06PM +0200, Luka Mar??eti?? wrote:
> On 07/13/2011 07:52 PM, Solar Designer wrote:
> >>and go back to SA_NODEFER.
> >OK, but there's a cleaner way to do it.
> 
> If you mean SA_NODEFER is new,

No, I don't.

> my comment is: Yes, but note that for 
> sigsetjmp to do the same job, I'd need yet another global variable.

No, you wouldn't.  You already have a jmp_buf variable, which you'd
replace with a sigjmp_buf one.  It's a trivial change, really.

(I wrote the above before I saw Rich's response about the same.)

> >>Oh, and I do believe I know aht "clobbered" means (overwriting the new
> >>value of the variable with the old one, from when the context was saved,
> >>right?).
> >Yes.  Do you know in what cases this happens, and how to prevent it?
> 
> If you don't mind i'll skip this one :-(

Rich might be able to provide a better / more correct answer (I'd be
interested), but here's my understanding:

The clobbering happens when those variables are kept in registers rather
than in memory (on stack).  To prevent it from happening, you may force
the compiler not to place the variables in registers.  One way to do it
is to take the variable's address:

(void) &var;

(I am not sure what guarantees this provides.  IIRC, it was documented
to provide the needed safety under GNU C.)

Another is to declare it "volatile", but this does a bit more than is
needed (so has extra performance impact).

Better yet, structure your function such that there are no variables to
clobber.  If you put your sigsetjmp() at the very beginning of the
function, before any local variable is assigned a value, there's nothing
to clobber yet.

> >>That's what I've said I've checked with buf.c.
> >What exactly did you check/change?
> 
> I don't remember if I had to change anything, but I can comment on 
> -Wclobbered messages, that might convince you:
...

So basically you review the code and then knowingly ignore the warnings?
That's not great.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.