On Fri, 27 Jun 2025 19:56:57 +0100
Bruce Richardson <bruce.richard...@intel.com> wrote:

> On Fri, Jun 27, 2025 at 09:22:35AM -0700, Stephen Hemminger wrote:
> > The rte_argparse API use variable length arrays for the args.
> > But the test was only putting space on stack for the argparse
> > part, not the args. This can lead to out of bounds writes.
> > 
> > The bug only gets detected if DPDK is compiled with LTO.
> > In function ‘test_argparse_copy’,
> >     inlined from ‘test_argparse_init_obj’ at 
> > ../app/test/test_argparse.c:108:2,
> >     inlined from ‘test_argparse_opt_callback_parse_int_of_no_val’ at 
> > ../app/test/test_argparse.c:490:8:
> > ../app/test/test_argparse.c:96:17: warning: ‘memcpy’ writing 56 bytes into 
> > a region of size 0 overflows the destination [-Wstringop-overflow=]
> >    96 |                 memcpy(&dst->args[i], &src->args[i], 
> > sizeof(src->args[i]));
> > 
> > Fixes: 6c5c6571601c ("argparse: verify argument config")
> > Cc: fengcheng...@huawei.com
> > Signed-off-by: Stephen Hemminger <step...@networkplumber.org>
> > ---  
> 
> It looks to me like this is a false positive. If it's not, then the whole
> method of declaring argparse arguments is broken, and the library is not
> really usable.
> 
> See below for what I see in gdb for a regular (non-LTO) debug build. Looks
> to me like the compiler is doing the right thing.
> 
> /Bruce

The problem is that the when structure is initialized its size gets boosted.
        
https://www.gnu.org/software/c-intro-and-ref/manual/html_node/Flexible-Array-Fields.html
        GNU C allows static initialization of flexible array fields. 
        The effect is to “make the array long enough” for the initializer.

        struct f1 { int x; int y[]; } f1
                  = { 1, { 2, 3, 4 } };

It looks like a compiler bug that the extra size info doesn't get propogated
into the copy code. 

Reply via email to