diff mbox series

libsepol/cil: silence GCC 12 array-bounds false positive

Message ID 20220331144343.30689-1-cgzones@googlemail.com (mailing list archive)
State Accepted
Commit 5d3c4430ee52
Headers show
Series libsepol/cil: silence GCC 12 array-bounds false positive | expand

Commit Message

Christian Göttsche March 31, 2022, 2:43 p.m. UTC 
GCC 12 produces an array-bounds warning:

    In file included from ../include/sepol/policydb/context.h:23,
                     from ../include/sepol/policydb/policydb.h:62,
                     from ../cil/src/cil_binary.c:41:
    In function ‘mls_level_init’,
        inlined from ‘mls_level_destroy’ at ../include/sepol/policydb/mls_types.h:99:2,
        inlined from ‘mls_level_destroy’ at ../include/sepol/policydb/mls_types.h:92:20,
        inlined from ‘mls_range_destroy’ at ../include/sepol/policydb/mls_types.h:149:2,
        inlined from ‘cil_rangetransition_to_policydb’ at ../cil/src/cil_binary.c:3231:6:
    ../include/sepol/policydb/mls_types.h:89:9: error: ‘memset’ offset [0, 23] is out of the bounds [0, 0] [-Werror=array-bounds]
       89 |         memset(level, 0, sizeof(mls_level_t));
          |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ../include/sepol/policydb/mls_types.h:89:9: error: ‘memset’ offset [0, 23] is out of the bounds [0, 0] [-Werror=array-bounds]
    cc1: all warnings being treated as errors

This is a false positive, by inspecting the code and compiling with -O3
and -flto.

Closes: https://github.com/SELinuxProject/selinux/issues/339

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/cil/src/cil_binary.c | 9 +++++++++
 1 file changed, 9 insertions(+)

Comments

James Carter April 1, 2022, 4:53 p.m. UTC | #1 
On Thu, Mar 31, 2022 at 11:34 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> GCC 12 produces an array-bounds warning:
>
>     In file included from ../include/sepol/policydb/context.h:23,
>                      from ../include/sepol/policydb/policydb.h:62,
>                      from ../cil/src/cil_binary.c:41:
>     In function ‘mls_level_init’,
>         inlined from ‘mls_level_destroy’ at ../include/sepol/policydb/mls_types.h:99:2,
>         inlined from ‘mls_level_destroy’ at ../include/sepol/policydb/mls_types.h:92:20,
>         inlined from ‘mls_range_destroy’ at ../include/sepol/policydb/mls_types.h:149:2,
>         inlined from ‘cil_rangetransition_to_policydb’ at ../cil/src/cil_binary.c:3231:6:
>     ../include/sepol/policydb/mls_types.h:89:9: error: ‘memset’ offset [0, 23] is out of the bounds [0, 0] [-Werror=array-bounds]
>        89 |         memset(level, 0, sizeof(mls_level_t));
>           |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>     ../include/sepol/policydb/mls_types.h:89:9: error: ‘memset’ offset [0, 23] is out of the bounds [0, 0] [-Werror=array-bounds]
>     cc1: all warnings being treated as errors
>
> This is a false positive, by inspecting the code and compiling with -O3
> and -flto.
>
> Closes: https://github.com/SELinuxProject/selinux/issues/339
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

Acked-by: James Carter <jwcart2@gmail.com>

> ---
>  libsepol/cil/src/cil_binary.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
>
> diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
> index 53017e2d..d5211f69 100644
> --- a/libsepol/cil/src/cil_binary.c
> +++ b/libsepol/cil/src/cil_binary.c
> @@ -3222,7 +3222,16 @@ int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, st
>                                         } else {
>                                                 cil_log(CIL_ERR, "Out of memory\n");
>                                         }
> +// TODO: add upper version bound once fixed in upstream GCC
> +#if defined(__GNUC__) && (__GNUC__ >= 12)
> +# pragma GCC diagnostic push
> +# pragma GCC diagnostic ignored "-Warray-bounds"
> +# pragma GCC diagnostic ignored "-Wstringop-overflow"
> +#endif
>                                         mls_range_destroy(newdatum);
> +#if defined(__GNUC__) && (__GNUC__ >= 12)
> +# pragma GCC diagnostic pop
> +#endif
>                                         free(newdatum);
>                                         free(newkey);
>                                         if (rc != SEPOL_OK) {
> --
> 2.35.1
>
Petr Lautrbach April 6, 2022, 9:25 a.m. UTC | #2 
James Carter <jwcart2@gmail.com> writes:

> On Thu, Mar 31, 2022 at 11:34 AM Christian Göttsche
> <cgzones@googlemail.com> wrote:
>>
>> GCC 12 produces an array-bounds warning:
>>
>>     In file included from ../include/sepol/policydb/context.h:23,
>>                      from ../include/sepol/policydb/policydb.h:62,
>>                      from ../cil/src/cil_binary.c:41:
>>     In function ‘mls_level_init’,
>>         inlined from ‘mls_level_destroy’ at ../include/sepol/policydb/mls_types.h:99:2,
>>         inlined from ‘mls_level_destroy’ at ../include/sepol/policydb/mls_types.h:92:20,
>>         inlined from ‘mls_range_destroy’ at ../include/sepol/policydb/mls_types.h:149:2,
>>         inlined from ‘cil_rangetransition_to_policydb’ at ../cil/src/cil_binary.c:3231:6:
>>     ../include/sepol/policydb/mls_types.h:89:9: error: ‘memset’ offset [0, 23] is out of the bounds [0, 0] [-Werror=array-bounds]
>>        89 |         memset(level, 0, sizeof(mls_level_t));
>>           |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>     ../include/sepol/policydb/mls_types.h:89:9: error: ‘memset’ offset [0, 23] is out of the bounds [0, 0] [-Werror=array-bounds]
>>     cc1: all warnings being treated as errors
>>
>> This is a false positive, by inspecting the code and compiling with -O3
>> and -flto.
>>
>> Closes: https://github.com/SELinuxProject/selinux/issues/339
>>
>> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> Acked-by: James Carter <jwcart2@gmail.com>

Merged.

>> ---
>>  libsepol/cil/src/cil_binary.c | 9 +++++++++
>>  1 file changed, 9 insertions(+)
>>
>> diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
>> index 53017e2d..d5211f69 100644
>> --- a/libsepol/cil/src/cil_binary.c
>> +++ b/libsepol/cil/src/cil_binary.c
>> @@ -3222,7 +3222,16 @@ int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, st
>>                                         } else {
>>                                                 cil_log(CIL_ERR, "Out of memory\n");
>>                                         }
>> +// TODO: add upper version bound once fixed in upstream GCC
>> +#if defined(__GNUC__) && (__GNUC__ >= 12)
>> +# pragma GCC diagnostic push
>> +# pragma GCC diagnostic ignored "-Warray-bounds"
>> +# pragma GCC diagnostic ignored "-Wstringop-overflow"
>> +#endif
>>                                         mls_range_destroy(newdatum);
>> +#if defined(__GNUC__) && (__GNUC__ >= 12)
>> +# pragma GCC diagnostic pop
>> +#endif
>>                                         free(newdatum);
>>                                         free(newkey);
>>                                         if (rc != SEPOL_OK) {
>> --
>> 2.35.1
>>
diff mbox series

Patch

diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
index 53017e2d..d5211f69 100644
--- a/libsepol/cil/src/cil_binary.c
+++ b/libsepol/cil/src/cil_binary.c
@@ -3222,7 +3222,16 @@  int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, st
 					} else {
 						cil_log(CIL_ERR, "Out of memory\n");
 					}
+// TODO: add upper version bound once fixed in upstream GCC
+#if defined(__GNUC__) && (__GNUC__ >= 12)
+# pragma GCC diagnostic push
+# pragma GCC diagnostic ignored "-Warray-bounds"
+# pragma GCC diagnostic ignored "-Wstringop-overflow"
+#endif
 					mls_range_destroy(newdatum);
+#if defined(__GNUC__) && (__GNUC__ >= 12)
+# pragma GCC diagnostic pop
+#endif
 					free(newdatum);
 					free(newkey);
 					if (rc != SEPOL_OK) {