[DTrace-devel] [PATCH] parser: do not bounds-check arrays of size 0 or 1
Nick Alcock
nick.alcock at oracle.com
Wed Sep 6 14:23:14 UTC 2023
This is both a pretty useless degenerate check to carry out, and breaks when
-fstrict-flex-arrays is used (whereupon trailing old-style flexible arrays
gain bounds of 0). It is almost certainly wrong to use trailing zero-size
arrays and -fstrict-flex-arrays in conjunction, but since C doesn't
bounds-check this is commonplace. In particular the Linux kernel has turned
this on *before* transitioning away from such arrays, rather than
afterwards.
Fixes system translators (in particular the pr_pgid and pr_sid members of
psinfo_t) in conjunction with Linux 6.5+.
Signed-off-by: Nick Alcock <nick.alcock at oracle.com>
---
libdtrace/dt_parser.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libdtrace/dt_parser.c b/libdtrace/dt_parser.c
index 870faaa92ce4b..e5d40d7d4346c 100644
--- a/libdtrace/dt_parser.c
+++ b/libdtrace/dt_parser.c
@@ -3580,6 +3580,10 @@ dt_cook_op2(dt_node_t *dnp, uint_t idflags)
/*
* Array bounds-checking. (Non-associative arrays only.)
+ *
+ * Checking for arrays of size 0 and 1 is skipped: these
+ * degenerate cases are often used for dynamically-sized arrays
+ * at the ends of structures.
*/
artype = ctf_type_resolve(lp->dn_ctfp, lp->dn_type);
arkind = ctf_type_kind(lp->dn_ctfp, artype);
@@ -3591,6 +3595,7 @@ dt_cook_op2(dt_node_t *dnp, uint_t idflags)
if (rp->dn_kind == DT_NODE_INT &&
ctf_array_info(lp->dn_ctfp, type, &r) == 0 &&
+ r.ctr_nelems > 1 &&
rp->dn_value >= r.ctr_nelems)
xyerror(D_ARR_BOUNDS, "index outside "
"array bounds: %llu, max is %i\n",
--
2.41.0.270.g68fa1d84b5
More information about the DTrace-devel
mailing list