Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 24 Aug 2012 13:51:50 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: build musl with clang

On Fri, Aug 24, 2012 at 04:59:39PM +0200, Szabolcs Nagy wrote:
> * agent <agentprog@...il.com> [2012-08-24 18:22:11 +0600]:
> > p with negative subscript and tried the following:
> > 
> > void *f1() {
> > char *p;
> > int i;
> > 
> > p = malloc(100);
> > if (p[-1])
> > p[0] = 0;
> > 
> > return p;
> > }
> > 
> > and that's i we get:
> > 
> > f1: # @f1
> > # BB#0: # %if.end
> > subl $12, %esp
> > movl $100, (%esp)
> > calll malloc
> > movb $0, (%eax)
> > addl $12, %esp
> > ret
> > 
> > but if we have if (p && p[-1]) -- 'if' is not optimized out.
> 
> now that seems wrong (if it was compiled with -ffreestanding)
> 
> 'if (p[-1])' is dropped even though malloc can put there anything
> 
> this should be reported to the clang list

Yes. To clarify, the issue is not that clang is assuming the object
obtained by malloc has indeterminate value. The issue is that clang is
assuming the pointer malloc returns points to an object of size N
beginning at the returned address, and thus that the [-1] index is
invalid pointer arithmetic. This is a malloc-specific assumption and
wrong for freestanding mode where malloc is just an ordinary function
(which is allowed to return a pointer into the middle of an array,
which is what it's doing).

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.