Re: [PATCH] libsepol/cil: silence GCC 12 array-bounds false positive

Petr Lautrbach <plautrba@xxxxxxxxxx> · Wed, 06 Apr 2022 11:25:23 +0200

James Carter <jwcart2@xxxxxxxxx> writes:

> On Thu, Mar 31, 2022 at 11:34 AM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
>>
>> GCC 12 produces an array-bounds warning:
>>
>>     In file included from ../include/sepol/policydb/context.h:23,
>>                      from ../include/sepol/policydb/policydb.h:62,
>>                      from ../cil/src/cil_binary.c:41:
>>     In function ‘mls_level_init’,
>>         inlined from ‘mls_level_destroy’ at ../include/sepol/policydb/mls_types.h:99:2,
>>         inlined from ‘mls_level_destroy’ at ../include/sepol/policydb/mls_types.h:92:20,
>>         inlined from ‘mls_range_destroy’ at ../include/sepol/policydb/mls_types.h:149:2,
>>         inlined from ‘cil_rangetransition_to_policydb’ at ../cil/src/cil_binary.c:3231:6:
>>     ../include/sepol/policydb/mls_types.h:89:9: error: ‘memset’ offset [0, 23] is out of the bounds [0, 0] [-Werror=array-bounds]
>>        89 |         memset(level, 0, sizeof(mls_level_t));
>>           |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>     ../include/sepol/policydb/mls_types.h:89:9: error: ‘memset’ offset [0, 23] is out of the bounds [0, 0] [-Werror=array-bounds]
>>     cc1: all warnings being treated as errors
>>
>> This is a false positive, by inspecting the code and compiling with -O3
>> and -flto.
>>
>> Closes: https://github.com/SELinuxProject/selinux/issues/339
>>
>> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>

Merged.

>> ---
>>  libsepol/cil/src/cil_binary.c | 9 +++++++++
>>  1 file changed, 9 insertions(+)
>>
>> diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
>> index 53017e2d..d5211f69 100644
>> --- a/libsepol/cil/src/cil_binary.c
>> +++ b/libsepol/cil/src/cil_binary.c
>> @@ -3222,7 +3222,16 @@ int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, st
>>                                         } else {
>>                                                 cil_log(CIL_ERR, "Out of memory\n");
>>                                         }
>> +// TODO: add upper version bound once fixed in upstream GCC
>> +#if defined(__GNUC__) && (__GNUC__ >= 12)
>> +# pragma GCC diagnostic push
>> +# pragma GCC diagnostic ignored "-Warray-bounds"
>> +# pragma GCC diagnostic ignored "-Wstringop-overflow"
>> +#endif
>>                                         mls_range_destroy(newdatum);
>> +#if defined(__GNUC__) && (__GNUC__ >= 12)
>> +# pragma GCC diagnostic pop
>> +#endif
>>                                         free(newdatum);
>>                                         free(newkey);
>>                                         if (rc != SEPOL_OK) {
>> --
>> 2.35.1
>>