RE: Build problems in kdd.c with xen-4.14.0-rc4

Fri, 03 Jul 2020 02:50:00 -0700 

On Fri, 3 Jul 2020, Paul Durrant wrote:


-----Original Message-----
From: Xen-devel <xen-devel-boun...@lists.xenproject.org> On Behalf Of Michael 
Young
Sent: 30 June 2020 23:22
To: xen-devel@lists.xenproject.org
Cc: Tim Deegan <t...@xen.org>
Subject: Build problems in kdd.c with xen-4.14.0-rc4
I get the following errors when trying to build xen-4.14.0-rc4

kdd.c: In function 'kdd_tx':
kdd.c:754:15: error: array subscript 16 is above array bounds of 'uint8_t[16]' 
{aka 'unsigned
char[16]'} [-Werror=array-bounds]
   754 |         s->txb[len++] = 0xaa;
       |         ~~~~~~^~~~~~~
kdd.c:82:17: note: while referencing 'txb'
    82 |         uint8_t txb[sizeof (kdd_hdr)];           /* Marshalling area 
for tx */
       |                 ^~~
kdd.c: In function 'kdd_break':
kdd.c:819:19: error: array subscript 16 is above array bounds of 'uint8_t[16]' 
{aka 'unsigned
char[16]'} [-Werror=array-bounds]
   819 |             s->txb[sizeof (kdd_hdr) + i] = i;
       |             ~~~~~~^~~~~~~~~~~~~~~~~~~~~~
kdd.c:82:17: note: while referencing 'txb'
    82 |         uint8_t txb[sizeof (kdd_hdr)];           /* Marshalling area 
for tx */
       |                 ^~~
In file included from /usr/include/stdio.h:867,
                  from kdd.c:36:
In function 'vsnprintf',
     inlined from 'kdd_send_string' at kdd.c:791:11:
/usr/include/bits/stdio2.h:80:10: error: '__builtin___vsnprintf_chk' specified 
bound 65519 exceeds
destination size 0 [-Werror=stringop-overflow=]
    80 |   return __builtin___vsnprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
       |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    81 |         __bos (__s), __fmt, __ap);
       |         ~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[4]: *** 
[/builddir/build/BUILD/xen-4.14.0-rc4/tools/debugger/kdd/../../../tools/Rules.mk:216:
kdd.o] Error 1

The first two array-bounds errors seem to be a result of the

kdd: stop using [0] arrays to access packet contents

patch at
http://xenbits.xenproject.org/gitweb/?p=xen.git;a=commit;h=3471cafbdda35eacf04670881dd2aee2558b4f08

which reduced the size of txb from
sizeof (kdd_hdr) + 65536
to
sizeof (kdd_hdr)
which means the code now tries to write beyond the end of txb in both
cases.


Sorry not to get back to you sooner. Which compiler are you using?

 Paul

This was with gcc-10.1.1-1.fc32.x86_64
Full build logs are (at the moment) at https://download.copr.fedorainfracloud.org/results/myoung/xentest/fedora-32-x86_64/01515056-xen/ 
        Michael Young

Reply via email to