FTBFS: arm64, riscv64: ‘read’ writing 1 byte into a region of size 0 overflows the destination
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GLibC |
Fix Released
|
Medium
|
|||
glibc (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
tgt (Ubuntu) |
Fix Released
|
High
|
Andreas Hasenack |
Bug Description
Log from arm64:
cc -Wdate-time -D_FORTIFY_SOURCE=3 -c -g -O2 -fno-omit-
bs.c: In function ‘bs_sig_
bs.c:196:15: error: ‘read’ writing 1 byte into a region of size 0 overflows the destination [-Werror=
196 | ret = read(fd, (char *)siginfo, sizeof(siginfo));
| ^~~~~~~
bs.c:193:33: note: destination object ‘siginfo’ of size 0
193 | struct signalfd_siginfo siginfo[16];
| ^~~~~~~
In file included from /usr/include/
/usr/include/
26 | read (int __fd, void *__buf, size_t __nbytes)
| ^~~~
cc -Wdate-time -D_FORTIFY_SOURCE=3 -c -g -O2 -fno-omit-
cc1: all warnings being treated as errors
Related branches
- git-ubuntu bot: Approve
- Sergio Durigan Junior (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 32 lines (+13/-0)2 files modifieddebian/changelog (+7/-0)
debian/rules (+6/-0)
tags: | added: server-todo |
Changed in glibc: | |
importance: | Unknown → Medium |
status: | Unknown → Confirmed |
Changed in glibc: | |
status: | Confirmed → In Progress |
Changed in glibc: | |
status: | In Progress → Fix Released |
tags: | removed: server-todo |
This is happening on arm64 because __NR_signalfd is not defined there. arm64 only has __NR_signalfd4[1]
The following #ifdef[2] in usr/util.h then fails:
#if defined( __NR_signalfd) && defined( USE_SIGNALFD)
...
And we end up in the #else clause, which:
#else
#define __signalfd(fd, mask, flags) (-1)
struct signalfd_siginfo {
};
#endif
This essentially makes this struct zero, and gcc/glibc is now catching that in usr/bs.c[3]:
struct signalfd_siginfo siginfo[16];
...
ret = read(fd, (char *)siginfo, sizeof(siginfo));
sizeof(siginfo) is zero, so nothing should be written, but this is tripping the -Wstringop-overflow check.
I also wonder if we are incorrectly building tgt without signalfd support for all this time, unknowingly, because of this...
1. https:/ /github. com/bminor/ glibc/blob/ f9ac84f92f151e0 7586c55e14ed628 d493a5929d/ sysdeps/ unix/sysv/ linux/aarch64/ arch-syscall. h#L255
2. https:/ /github. com/fujita/ tgt/blob/ master/ usr/util. h#L106
3. https:/ /github. com/fujita/ tgt/blob/ master/ usr/bs. c#L196