From 9272c0cd5a465450edfe26a46825e568382c3fd2 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Mon, 4 Apr 2016 14:39:16 -0400 Subject: [PATCH] Fix: use BUG_ON instead of accessing array subscript above array bounds MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Building lttng-modules lttng-filter-interpreter.c on a 4.6-rc kernel triggers the following gcc warning: In file included from /home/compudj/git/lttng-modules/lttng-filter-interpreter.c:25:0: /home/compudj/git/lttng-modules/lttng-filter-interpreter.c: In function ‘lttng_filter_interpret_bytecode’: /home/compudj/git/lttng-modules/lttng-filter.h:144:14: warning: array subscript is above array bounds [-Warray-bounds] &(stack)->e[top]; \ ^ /home/compudj/git/lttng-modules/lttng-filter-interpreter.c:714:4: note: in expansion of macro ‘estack_ax’ estack_ax(stack, top)->u.s.str = insn->data; ^ /home/compudj/git/lttng-modules/lttng-filter.h:144:14: warning: array subscript is above array bounds [-Warray-bounds] &(stack)->e[top]; \ ^ /home/compudj/git/lttng-modules/lttng-filter-interpreter.c:715:4: note: in expansion of macro ‘estack_ax’ estack_ax(stack, top)->u.s.seq_len = UINT_MAX; This is because the bound checking is performed in a prior validation phase (which the compiler does not know about), and we only WARN_ON_ONCE() if the interpreter sees values that don't fit in array range. Use BUG_ON() in the interpreter instead, which ensures we never, ever reach the out-of-bound condition from a compiler perspective. Signed-off-by: Mathieu Desnoyers --- lttng-filter.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lttng-filter.h b/lttng-filter.h index 7eea1487..7ac794d6 100644 --- a/lttng-filter.h +++ b/lttng-filter.h @@ -139,19 +139,19 @@ struct estack { #define estack_ax(stack, top) \ ({ \ - WARN_ON_ONCE((top) <= FILTER_STACK_EMPTY); \ + BUG_ON((top) <= FILTER_STACK_EMPTY); \ &(stack)->e[top]; \ }) #define estack_bx(stack, top) \ ({ \ - WARN_ON_ONCE((top) <= FILTER_STACK_EMPTY + 1); \ + BUG_ON((top) <= FILTER_STACK_EMPTY + 1); \ &(stack)->e[(top) - 1]; \ }) #define estack_push(stack, top, ax, bx) \ do { \ - WARN_ON_ONCE((top) >= FILTER_STACK_LEN - 1); \ + BUG_ON((top) >= FILTER_STACK_LEN - 1); \ (stack)->e[(top) - 1].u.v = (bx); \ (bx) = (ax); \ ++(top); \ @@ -159,7 +159,7 @@ struct estack { #define estack_pop(stack, top, ax, bx) \ do { \ - WARN_ON_ONCE((top) <= FILTER_STACK_EMPTY); \ + BUG_ON((top) <= FILTER_STACK_EMPTY); \ (ax) = (bx); \ (bx) = (stack)->e[(top) - 2].u.v; \ (top)--; \ -- 2.34.1