|
From: Jeffrey W. <nol...@gm...> - 2019-05-01 00:44:20
|
Hi Everyone,
I'm building Master on an ARM Cortex A7 dev-board with GCC 7.4.0.
It looks like GCC has one squawk:
gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../include -I../include -I../VEX/pub -I../V
EX/pub -DVGA_arm=1 -DVGO_linux=1 -DVGP_arm_linux=1 -DVGPV_arm_linux_vanilla=1 -
I../coregrind -DVG_LIBDIR="\"/usr/local/lib/valgrind"\" -DVG_PLATFORM="\"arm-lin
ux\"" -g2 -O3 -O2 -g -Wall -Wmissing-prototypes -Wshadow -Wpointer-arith -Wstri
ct-prototypes -Wmissing-declarations -Wcast-qual -Wwrite-strings -Wempty-body -W
format -Wformat-signedness -Wformat-security -Wignored-qualifiers -Wmissing-para
meter-type -Wlogical-op -Wimplicit-fallthrough=2 -Wold-style-declaration -finlin
e-functions -fno-stack-protector -fno-strict-aliasing -fno-builtin -marm -mcpu=
cortex-a8 -DENABLE_LINUX_TICKET_LOCK -g2 -O3 -MT m_aspacemgr/libcoregrind_arm_li
nux_a-aspacemgr-segnames.o -MD -MP -MF m_aspacemgr/.deps/libcoregrind_arm_linux_
a-aspacemgr-segnames.Tpo -c -o m_aspacemgr/libcoregrind_arm_linux_a-aspacemgr-se
gnames.o `test -f 'm_aspacemgr/aspacemgr-segnames.c' || echo './'`m_aspacemgr/as
pacemgr-segnames.c
vgdb.c: In function ‘standalone_send_commands’:
vgdb.c:1008:21: warning: ‘%02x’ directive writing between 2 and 8 bytes into a r
egion of size 3 [-Wformat-overflow=]
sprintf(hex, "%02x", cksum);
^~~~
vgdb.c:1008:20: note: directive argument in the range [0, 2147483647]
sprintf(hex, "%02x", cksum);
^~~~~~
In file included from /usr/include/stdio.h:862:0,
from vgdb.c:42:
/usr/include/arm-linux-gnueabihf/bits/stdio2.h:33:10: note: ‘__builtin___sprintf
_chk’ output between 3 and 9 bytes into a destination of size 3
return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
__bos (__s), __fmt, __va_arg_pack ());
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mv -f m_aspacemgr/.deps/libcoregrind_arm_linux_a-aspacemgr-segnames.Tpo m_aspace
mgr/.deps/libcoregrind_arm_linux_a-aspacemgr-segnames.Po
Jeff
|
|
From: Mark W. <ma...@kl...> - 2019-05-02 16:02:21
|
Hi Jeffrey, On Tue, 2019-04-30 at 20:43 -0400, Jeffrey Walton wrote: > It looks like GCC has one squawk: > > vgdb.c: In function ‘standalone_send_commands’: > vgdb.c:1008:21: warning: ‘%02x’ directive writing between 2 and 8 > bytes into a r > egion of size 3 [-Wformat-overflow=] > sprintf(hex, "%02x", cksum); > ^~~~ > vgdb.c:1008:20: note: directive argument in the range [0, 2147483647] > sprintf(hex, "%02x", cksum); > ^~~~~~ But cksum is an unsigned char, so value is be between [0, 255]. Which is max 2 hex chars. Could you retry with GCC8 or GCC9? And file a bug against GCC otherwise? Thanks, Mark |
|
From: Tom H. <to...@co...> - 2019-05-02 16:06:24
|
On 02/05/2019 17:02, Mark Wielaard wrote: > Hi Jeffrey, > > On Tue, 2019-04-30 at 20:43 -0400, Jeffrey Walton wrote: >> It looks like GCC has one squawk: >> >> vgdb.c: In function ‘standalone_send_commands’: >> vgdb.c:1008:21: warning: ‘%02x’ directive writing between 2 and 8 >> bytes into a r >> egion of size 3 [-Wformat-overflow=] >> sprintf(hex, "%02x", cksum); >> ^~~~ >> vgdb.c:1008:20: note: directive argument in the range [0, 2147483647] >> sprintf(hex, "%02x", cksum); >> ^~~~~~ > > But cksum is an unsigned char, so value is be between [0, 255]. Which > is max 2 hex chars. It is, but it is technically promoted to int by being passed to a varargs function I think... Tom -- Tom Hughes (to...@co...) http://compton.nu/ |
|
From: Jeffrey W. <nol...@gm...> - 2019-05-02 16:06:57
|
On Thu, May 2, 2019 at 12:02 PM Mark Wielaard <ma...@kl...> wrote: > > Hi Jeffrey, > > On Tue, 2019-04-30 at 20:43 -0400, Jeffrey Walton wrote: > > It looks like GCC has one squawk: > > > > vgdb.c: In function ‘standalone_send_commands’: > > vgdb.c:1008:21: warning: ‘%02x’ directive writing between 2 and 8 > > bytes into a r > > egion of size 3 [-Wformat-overflow=] > > sprintf(hex, "%02x", cksum); > > ^~~~ > > vgdb.c:1008:20: note: directive argument in the range [0, 2147483647] > > sprintf(hex, "%02x", cksum); > > ^~~~~~ > > But cksum is an unsigned char, so value is be between [0, 255]. Which > is max 2 hex chars. > > Could you retry with GCC8 or GCC9? > And file a bug against GCC otherwise? I thought it might be something like that. I believe the char get promoted to an int for printf since it is variadic. Maybe it would just be easier to workaround the finding by making the buffer larger to accommodate an int. Its not Valgrind's problem to be sure. Valgrind is just working/playing nice with other tools. Jeff . |
|
From: Jeffrey W. <nol...@gm...> - 2019-05-02 16:19:58
|
On Thu, May 2, 2019 at 12:06 PM Jeffrey Walton <nol...@gm...> wrote: > > ... > > > vgdb.c:1008:20: note: directive argument in the range [0, 2147483647] > > > sprintf(hex, "%02x", cksum); > > > ^~~~~~ > > > > But cksum is an unsigned char, so value is be between [0, 255]. Which > > is max 2 hex chars. > > > > Could you retry with GCC8 or GCC9? > > And file a bug against GCC otherwise? > > I thought it might be something like that. > > I believe the char get promoted to an int for printf since it is > variadic. Maybe it would just be easier to workaround the finding by > making the buffer larger to accommodate an int. > > Its not Valgrind's problem to be sure. Valgrind is just > working/playing nice with other tools. Yeah, there were some warnings about potential false positives: * https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html * https://developers.redhat.com/blog/2017/02/22/memory-error-detection-using-gcc/ It looks like the issue has already been raised at https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79257. Jeff |
|
From: Jeffrey W. <nol...@gm...> - 2019-05-02 16:46:56
|
On Thu, May 2, 2019 at 12:02 PM Mark Wielaard <ma...@kl...> wrote:
>
> On Tue, 2019-04-30 at 20:43 -0400, Jeffrey Walton wrote:
> > It looks like GCC has one squawk:
> >
> > vgdb.c: In function ‘standalone_send_commands’:
> > vgdb.c:1008:21: warning: ‘%02x’ directive writing between 2 and 8
> > bytes into a r
> > egion of size 3 [-Wformat-overflow=]
> > sprintf(hex, "%02x", cksum);
> > ^~~~
> > vgdb.c:1008:20: note: directive argument in the range [0, 2147483647]
> > sprintf(hex, "%02x", cksum);
> > ^~~~~~
>
> But cksum is an unsigned char, so value is be between [0, 255]. Which
> is max 2 hex chars.
>
> Could you retry with GCC8 or GCC9?
> And file a bug against GCC otherwise?
If Valgrind is interested in working around it without increasing the
buffer size, then the format string "%.2x" should do the trick.
$ cat test.c
#include
int main(int argc, char* argv[])
{
char buf[3];
sprintf(buf, "%.2x", (unsigned char)argc);
printf("%s\n", buf);
return 0;
}
And:
$ gcc -Wall -Wformat-overflow=2 test.c -o test.exe
$ ./test.exe a b c d
05
$ ./test.exe a b c d e f g h i
0a
$ ./test.exe a b c d e f g h i j k l m n o p q r s t u v w x y z
1b
|
|
From: Mark W. <ma...@kl...> - 2019-05-03 08:16:54
|
Hi Jeffrey,
On Thu, May 02, 2019 at 12:46:30PM -0400, Jeffrey Walton wrote:
> On Thu, May 2, 2019 at 12:02 PM Mark Wielaard <ma...@kl...> wrote:
> >
> > On Tue, 2019-04-30 at 20:43 -0400, Jeffrey Walton wrote:
> > > It looks like GCC has one squawk:
> > >
> > > vgdb.c: In function ‘standalone_send_commands’:
> > > vgdb.c:1008:21: warning: ‘%02x’ directive writing between 2 and 8
> > > bytes into a r
> > > egion of size 3 [-Wformat-overflow=]
> > > sprintf(hex, "%02x", cksum);
> > > ^~~~
> > > vgdb.c:1008:20: note: directive argument in the range [0, 2147483647]
> > > sprintf(hex, "%02x", cksum);
> > > ^~~~~~
> >
> > But cksum is an unsigned char, so value is be between [0, 255]. Which
> > is max 2 hex chars.
> >
> > Could you retry with GCC8 or GCC9?
> > And file a bug against GCC otherwise?
>
> If Valgrind is interested in working around it without increasing the
> buffer size, then the format string "%.2x" should do the trick.
Although I appreciate having zero warning builds, I do believe this
should be filed and tracked in gcc. Or better understood why the
warning is triggering for you. I have been unable to trigger the
warning with GCC 7.3.1 on either amd64 or i686. So I am wondering if
it is somehow arm specific? (Does arm have signed or unsigned char by
default? Does that matter?) Also the fact that it does trigger with
"%02x", but not "%.2x" is suspecious IMHO. Both should indicate that
the value is at least 2 chars, but maybe more. So why does one trigger
the warning, but not the other?
> $ cat test.c
> #include
Missing stdio.h ?
> int main(int argc, char* argv[])
> {
> char buf[3];
> sprintf(buf, "%.2x", (unsigned char)argc);
> printf("%s\n", buf);
> return 0;
> }
>
> And:
>
> $ gcc -Wall -Wformat-overflow=2 test.c -o test.exe
And I assume on your system this produces a warning replacing '.' with
'0'? I have been unable to trigger the warning with GCC 7.3.1 and GCC
8.2.1 (on x86_64 with or without -m32). So I wonder where/when it does
trigger.
Cheers,
Mark
|