[Bug 2053134] Re: FTBFS: arm64, riscv64: ‘read’ writing 1 byte into a region of size 0 overflows the destination

Gianfranco Costamagna 2053134 at bugs.launchpad.net
Thu Feb 15 13:38:00 UTC 2024 

Description: 
bs.c: In function ‘bs_sig_request_done’:
bs.c:196:15: error: ‘read’ writing 1 byte into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
  196 |         ret = read(fd, (char *)siginfo, sizeof(siginfo));
      |               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bs.c:193:33: note: destination object ‘siginfo’ of size 0
  193 |         struct signalfd_siginfo siginfo[16];
      |                                 ^~~~~~~
In file included from /usr/include/unistd.h:1217,
                 from bs.c:33:
/usr/include/aarch64-linux-gnu/bits/unistd.h:26:1: note: in a call to function ‘read’ declared with attribute ‘access (write_only, 2)’
   26 | read (int __fd, void *__buf, size_t __nbytes)
      | ^~~~
Origin: Upstream https://www.spinics.net/lists/linux-stgt/msg04784.html
Last-Update: 2024-02-15

diff --git a/usr/bs.c b/usr/bs.c
index 8171a32..8da5a9b 100644
--- a/usr/bs.c
+++ b/usr/bs.c
@@ -311,7 +311,7 @@ static int bs_init_signalfd(void)
 	sigaddset(&mask, SIGUSR2);
 	sigprocmask(SIG_BLOCK, &mask, NULL);
 
-	sig_fd = __signalfd(-1, &mask, 0);
+	sig_fd = signalfd(-1, &mask, 0);
 	if (sig_fd < 0)
 		return 1;
 
diff --git a/usr/util.h b/usr/util.h
index c709f9b..8aef6ab 100644
--- a/usr/util.h
+++ b/usr/util.h
@@ -14,6 +14,7 @@
 #include <string.h>
 #include <limits.h>
 #include <linux/types.h>
+#include <sys/signalfd.h>
 
 #include "be_byteshift.h"
 
@@ -99,44 +101,6 @@ static inline int between(uint32_t seq1, uint32_t seq2, uint32_t seq3)
 
 extern unsigned long pagesize, pageshift;
 
-#if defined(__NR_signalfd) && defined(USE_SIGNALFD)
-
-/*
- * workaround for broken linux/signalfd.h including
- * usr/include/linux/fcntl.h
- */
-#define _LINUX_FCNTL_H
-
-#include <linux/signalfd.h>
-
-static inline int __signalfd(int fd, const sigset_t *mask, int flags)
-{
-	int fd2, ret;
-
-	fd2 = syscall(__NR_signalfd, fd, mask, _NSIG / 8);
-	if (fd2 < 0)
-		return fd2;
-
-	ret = fcntl(fd2, F_GETFL);
-	if (ret < 0) {
-		close(fd2);
-		return -1;
-	}
-
-	ret = fcntl(fd2, F_SETFL, ret | O_NONBLOCK);
-	if (ret < 0) {
-		close(fd2);
-		return -1;
-	}
-
-	return fd2;
-}
-#else
-#define __signalfd(fd, mask, flags) (-1)
-struct signalfd_siginfo {
-};
-#endif
-
 /* convert string to integer, check for validity of the string numeric format
  * and the natural boundaries of the integer value type (first get a 64-bit
  * value and check that it fits the range of the destination integer).

** Changed in: tgt (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/2053134

Title:
  FTBFS: arm64, riscv64: ‘read’ writing 1 byte into a region of size 0
  overflows the destination

Status in GLibC:
  Confirmed
Status in glibc package in Ubuntu:
  New
Status in tgt package in Ubuntu:
  Fix Released

Bug description:
  Log from arm64:

  
  cc -Wdate-time -D_FORTIFY_SOURCE=3 -c -g -O2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix-map=/home/ubuntu/git/packages/tgt/tgt=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -fdebug-prefix-map=/home/ubuntu/git/packages/tgt/tgt=/usr/src/tgt-1:1.0.85-1.1ubuntu1 -DUSE_SIGNALFD -DUSE_TIMERFD -DHAVE_GFAPI_VER_7_6 -DUSE_SYSTEMD -DUSE_EVENTFD -D_GNU_SOURCE -I. -g -O2 -fno-strict-aliasing -Wall -Wstrict-prototypes -Werror -DTGT_VERSION=\"1.0.85\" -DBSDIR=\"/usr/lib/tgt/backing-store\" bs_sheepdog.c -o bs_sheepdog.o
  bs.c: In function ‘bs_sig_request_done’:
  bs.c:196:15: error: ‘read’ writing 1 byte into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
    196 |         ret = read(fd, (char *)siginfo, sizeof(siginfo));
        |               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  bs.c:193:33: note: destination object ‘siginfo’ of size 0
    193 |         struct signalfd_siginfo siginfo[16];
        |                                 ^~~~~~~
  In file included from /usr/include/unistd.h:1217,
                   from bs.c:33:
  /usr/include/aarch64-linux-gnu/bits/unistd.h:26:1: note: in a call to function ‘read’ declared with attribute ‘access (write_only, 2)’
     26 | read (int __fd, void *__buf, size_t __nbytes)
        | ^~~~
  cc -Wdate-time -D_FORTIFY_SOURCE=3 -c -g -O2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix-map=/home/ubuntu/git/packages/tgt/tgt=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -fdebug-prefix-map=/home/ubuntu/git/packages/tgt/tgt=/usr/src/tgt-1:1.0.85-1.1ubuntu1 -DUSE_SIGNALFD -DUSE_TIMERFD -DHAVE_GFAPI_VER_7_6 -DUSE_SYSTEMD -DUSE_EVENTFD -D_GNU_SOURCE -I. -g -O2 -fno-strict-aliasing -Wall -Wstrict-prototypes -Werror -DTGT_VERSION=\"1.0.85\" -DBSDIR=\"/usr/lib/tgt/backing-store\" tgtadm.c -o tgtadm.o
  cc1: all warnings being treated as errors

To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/2053134/+subscriptions

More information about the foundations-bugs mailing list