On Fri, 27 Jun 2025 19:56:57 +0100
Bruce Richardson <bruce.richard...@intel.com> wrote:
> On Fri, Jun 27, 2025 at 09:22:35AM -0700, Stephen Hemminger wrote:
> > The rte_argparse API use variable length arrays for the args.
> > But the test was only putting space on stack for the argparse
> > part, not the args. This can lead to out of bounds writes.
> >
> > The bug only gets detected if DPDK is compiled with LTO.
> > In function ‘test_argparse_copy’,
> > inlined from ‘test_argparse_init_obj’ at
> > ../app/test/test_argparse.c:108:2,
> > inlined from ‘test_argparse_opt_callback_parse_int_of_no_val’ at
> > ../app/test/test_argparse.c:490:8:
> > ../app/test/test_argparse.c:96:17: warning: ‘memcpy’ writing 56 bytes into
> > a region of size 0 overflows the destination [-Wstringop-overflow=]
> > 96 | memcpy(&dst->args[i], &src->args[i],
> > sizeof(src->args[i]));
> >
> > Fixes: 6c5c6571601c ("argparse: verify argument config")
> > Cc: fengcheng...@huawei.com
> > Signed-off-by: Stephen Hemminger <step...@networkplumber.org>
> > ---
>
> It looks to me like this is a false positive. If it's not, then the whole
> method of declaring argparse arguments is broken, and the library is not
> really usable.
>
> See below for what I see in gdb for a regular (non-LTO) debug build. Looks
> to me like the compiler is doing the right thing.
>
> /Bruce
The problem is that the when structure is initialized its size gets boosted.
https://www.gnu.org/software/c-intro-and-ref/manual/html_node/Flexible-Array-Fields.html
GNU C allows static initialization of flexible array fields.
The effect is to “make the array long enough” for the initializer.
struct f1 { int x; int y[]; } f1
= { 1, { 2, 3, 4 } };
It looks like a compiler bug that the extra size info doesn't get propogated
into the copy code.
