On Mon, Oct 21, 2024 at 04:24:03PM +0200, Emilio Pozuelo Monfort wrote:
> On 21/10/2024 15:24, Peter Colberg wrote:
> > Hi,
> >
> > The build of fuzzel on some non-x86 archs failed due to false-positive
> > errors [1] by gcc-14_14.2.0-3, e.g., on mips64el. I would like to retry
> > the build to see if the errors are reproducible using gcc-14_14.2.0-7.
> >
> > gb fuzzel_1.11.1+ds-1 . mips64el
>
> Somebody gave it back, and it has failed again.
Thanks. I was able to reproduce the same build failure on riscv64
using a porterbox (ricci.debian.org) and gcc 14.2.0-7.
ricci:~/git/debian.org/swaywm-team/fuzzel/obj-riscv64-linux-gnu% debuild
ricci:~/git/debian.org/swaywm-team/fuzzel/obj-riscv64-linux-gnu% cc -Ifuzzel.p
-I. -I.. -I/usr/include/pixman-1 -I/usr/include/freetype2
-I/usr/include/libpng16 -I/usr/include/cairo -I/usr/include/harfbuzz
-I/usr/include/glib-2.0 -I/usr/lib/riscv64-linux-gnu/glib-2.0/include
-I/usr/include/sysprof-6 -fdiagnostics-color=always -DNDEBUG
-D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Werror -std=c18 -D_GNU_SOURCE
-fno-asynchronous-unwind-tables -DMEMFD_CREATE -fmacro-prefix-map=../=
-DFUZZEL_ENABLE_CAIRO=1 -DFUZZEL_ENABLE_PNG_LIBPNG=1
-DFUZZEL_ENABLE_SVG_NANOSVG=1 -g -O2 -Werror=implicit-function-declaration
-ffile-prefix-map=/home/pcolberg/git/debian.org/swaywm-team/fuzzel=.
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
-D_FORTIFY_SOURCE=2 -pthread -DUTF8PROC_EXPORTS -MD -MQ fuzzel.p/match.c.o -MF
fuzzel.p/match.c.o.d -o fuzzel.p/match.c.o -c ../match.c
../match.c: In function 'matches_update_internal':
../match.c:1487:21: error: pointer 'tokens' may be used after 'reallocarray'
[-Werror=use-after-free]
1487 | free(tokens);
| ^~~~~~~~~~~~
../match.c:1478:37: note: call to 'reallocarray' here
1478 | char32_t **new_tokens = reallocarray(
| ^~~~~~~~~~~~~
1479 | tokens, tok_count, sizeof(tokens[0]));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../match.c:1491:21: error: pointer 'tok_lengths' may be used after
'reallocarray' [-Werror=use-after-free]
1491 | free(tok_lengths);
| ^~~~~~~~~~~~~~~~~
../match.c:1480:39: note: call to 'reallocarray' here
1480 | size_t *new_tok_lengths = reallocarray(
| ^~~~~~~~~~~~~
1481 | tok_lengths, tok_count, sizeof(tok_lengths[0]));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
The issue may be worked around by simplifying the code, e.g.,
--- a/match.c
+++ b/match.c
@@ -1477,18 +1477,19 @@ matches_update_internal(struct matches *matches, bool
incremental)
char32_t **new_tokens = reallocarray(
tokens, tok_count, sizeof(tokens[0]));
+
+ if (new_tokens == NULL) {
+ free(tokens);
+ free(copy);
+ goto unlock_and_return;
+ }
+
size_t *new_tok_lengths = reallocarray(
tok_lengths, tok_count, sizeof(tok_lengths[0]));
- if (new_tokens == NULL || new_tok_lengths == NULL) {
- if (new_tokens != NULL)
- free(new_tokens);
- else
- free(tokens);
- if (new_tok_lengths != NULL)
- free(new_tok_lengths);
- else
- free(tok_lengths);
+ if (new_tok_lengths == NULL) {
+ free(tok_lengths);
+ free(new_tokens);
free(copy);
goto unlock_and_return;
}
ricci:~/git/debian.org/swaywm-team/fuzzel/obj-riscv64-linux-gnu% cc -Ifuzzel.p
-I. -I.. -I/usr/include/pixman-1 -I/usr/include/freetype2
-I/usr/include/libpng16 -I/usr/include/cairo -I/usr/include/harfbuzz
-I/usr/include/glib-2.0 -I/usr/lib/riscv64-linux-gnu/glib-2.0/include
-I/usr/include/sysprof-6 -fdiagnostics-color=always -DNDEBUG
-D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Werror -std=c18 -D_GNU_SOURCE
-fno-asynchronous-unwind-tables -DMEMFD_CREATE -fmacro-prefix-map=../=
-DFUZZEL_ENABLE_CAIRO=1 -DFUZZEL_ENABLE_PNG_LIBPNG=1
-DFUZZEL_ENABLE_SVG_NANOSVG=1 -g -O2 -Werror=implicit-function-declaration
-ffile-prefix-map=/home/pcolberg/git/debian.org/swaywm-team/fuzzel=.
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
-D_FORTIFY_SOURCE=2 -pthread -DUTF8PROC_EXPORTS -MD -MQ fuzzel.p/match.c.o -MF
fuzzel.p/match.c.o.d -o fuzzel.p/match.c.o -c ../match.c
ricci:~/git/debian.org/swaywm-team/fuzzel/obj-riscv64-linux-gnu% gcc --version
gcc (Debian 14.2.0-7) 14.2.0
Copyright (C) 2024 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Peter
