Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gcc format-truncation warnings on Ubuntu 24.04 #2398

Open
rst0git opened this issue Apr 26, 2024 · 6 comments · May be fixed by #2413
Open

gcc format-truncation warnings on Ubuntu 24.04 #2398

rst0git opened this issue Apr 26, 2024 · 6 comments · May be fixed by #2413

Comments

@rst0git
Copy link
Member

rst0git commented Apr 26, 2024
edited

Building CRIU on Ubuntu 24.04 (with gcc 13.2.0 and glibc 2.39) fails with the following errors:

  CC       criu/net.o
criu/net.c: In function ‘unix_conf_op’:
criu/net.c:236:32: error: ‘net/unix/’ directive output truncated writing 9 bytes into a region of size 0 [-Werror=format-truncation=]
  236 | #define CONF_UNIX_BASE         "net/unix"
      |                                ^~~~~~~~~~
criu/net.c:237:32: note: in expansion of macro ‘CONF_UNIX_BASE’
  237 | #define CONF_UNIX_FMT          CONF_UNIX_BASE "/%s"
      |                                ^~~~~~~~~~~~~~
criu/net.c:378:55: note: in expansion of macro ‘CONF_UNIX_FMT’
  378 |                 snprintf(path[i], MAX_CONF_UNIX_PATH, CONF_UNIX_FMT, unix_conf_entries[i]);
      |                                                       ^~~~~~~~~~~~~
criu/net.c:236:33: note: format string is defined here
  236 | #define CONF_UNIX_BASE         "net/unix"
      |                                 ^~~~~~~~~
  237 | #define CONF_UNIX_FMT          CONF_UNIX_BASE "/%s"
      | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/stdio.h:980,
                 from /usr/include/libnl3/netlink/netlink.h:9,
                 from /usr/include/libnl3/netlink/attr.h:9,
                 from criu/net.c:16:
In function ‘snprintf’,
    inlined from ‘unix_conf_op’ at criu/net.c:378:3:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:54:10: note: ‘__builtin___snprintf_chk’ output 24 bytes into a destination of size 0
   54 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   55 |                                    __glibc_objsize (__s), __fmt,
      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   56 |                                    __va_arg_pack ());
      |                                    ~~~~~~~~~~~~~~~~~
At top level:
cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
cc1: all warnings being treated as errors
@adrianreber
Copy link
Member

adrianreber commented Apr 26, 2024
edited

We tried it in the latest Fedora rawhide with GCC 14 and it does not happen there. I also do not see it on Fedora 40 (also GCC 14) and Fedora 39 which GCC 13.2. So not clear right now if that is Ubuntu specific or not.

@fweimer-rh
Copy link

@rst0git Could you provide full preprocessed sources (the .i file obtained from gcc -save-temps)? Then we can investigate further on the GCC side. Thanks.

@rst0git
Copy link
Member Author

rst0git commented Apr 26, 2024

@fweimer-rh I have attached the content of net.i created with the following gcc command:
net.i.txt

$ gcc -save-temps -c -O2 -D_GNU_SOURCE -iquote include/ -I ./compel/include/uapi -fno-strict-aliasing -iquote criu/include -iquote include -iquote images -iquote criu/arch/x86/include -iquote . -I/usr/include/libnl3 criu/net.c -o criu/net.d 
criu/net.c: In function ‘unix_conf_op’:
criu/net.c:378:72: warning: ‘net/unix/’ directive output truncated writing 9 bytes into a region of size 0 [-Wformat-truncation=]
  378 |                 snprintf(path[i], MAX_CONF_UNIX_PATH, CONF_UNIX_FMT, unix_conf_entries[i]);
      |                                                                        ^~~~~~~~~~
In file included from /usr/include/stdio.h:980,
                 from /usr/include/libnl3/netlink/netlink.h:9,
                 from /usr/include/libnl3/netlink/attr.h:9,
                 from criu/net.c:16:
In function ‘snprintf’,
    inlined from ‘unix_conf_op’ at criu/net.c:378:3:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:54:10: note: ‘__builtin___snprintf_chk’ output 24 bytes into a destination of size 0
   54 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   55 |                                    __glibc_objsize (__s), __fmt,
      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   56 |                                    __va_arg_pack ());
      |                                    ~~~~~~~~~~~~~~~~~~  
$ gcc --version
gcc (Ubuntu 13.2.0-23ubuntu4) 13.2.0
Copyright (C) 2023 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

ldd --version
ldd (Ubuntu GLIBC 2.39-0ubuntu8) 2.39
Copyright (C) 2024 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.

@fweimer-rh
Copy link

Thanks, I can reproduce the warning with gcc-14.0.1-0.15.fc40.x86_64:

$ gcc -O2 -fno-strict-aliasing -c net.i  
In file included from /usr/include/stdio.h:980,
                 from /usr/include/libnl3/netlink/netlink.h:9,
                 from /usr/include/libnl3/netlink/attr.h:9,
                 from criu/net.c:16:
In function ‘snprintf’,
    inlined from ‘unix_conf_op’ at criu/net.c:378:3:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:54:10: warning: ‘__builtin___snprintf_chk’ specified bound 42 exceeds destination size 0 [-Wstringop-overflow=]

I'll try to look into this further, to see if it's a glibc header issue or more of a GCC thing.

@rst0git
Copy link
Member Author

rst0git commented Apr 26, 2024

@fweimer-rh I'm not sure if it is the same warning:

$ gcc -O2 -fno-strict-aliasing -c net.i  
criu/net.c: In function ‘unix_conf_op’:
criu/net.c:378:58: warning: ‘net/unix/’ directive output truncated writing 9 bytes into a region of size 0 [-Wformat-truncation=]
In file included from /usr/include/stdio.h:980,
                 from /usr/include/libnl3/netlink/netlink.h:9,
                 from /usr/include/libnl3/netlink/attr.h:9,
                 from criu/net.c:16:
In function ‘snprintf’,
    inlined from ‘unix_conf_op’ at criu/net.c:378:3:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:54:10: note: ‘__builtin___snprintf_chk’ output 24 bytes into a destination of size 0
   54 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   55 |                                    __glibc_objsize (__s), __fmt,
      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   56 |                                    __va_arg_pack ());
      |                                    ~~~~~~~~~~~~~~~~~~

@rst0git
Copy link
Member Author

rst0git commented Apr 26, 2024

@fweimer-rh Note that the following change fixes the problem:

diff --git a/criu/net.c b/criu/net.c
index b5c4a6ee3..5486c4484 100644
--- a/criu/net.c
+++ b/criu/net.c
@@ -362,7 +362,7 @@ static int ipv6_conf_op(char *tgt, SysctlEntry **conf, int n, int op, SysctlEntr
 static int unix_conf_op(SysctlEntry ***rconf, size_t *n, int op)
 {
        int i, ret = -1, flags = 0;
-       char path[ARRAY_SIZE(unix_conf_entries)][MAX_CONF_UNIX_PATH] = {};
+       char path[ARRAY_SIZE(unix_conf_entries)+1][MAX_CONF_UNIX_PATH] = {};
        struct sysctl_req req[ARRAY_SIZE(unix_conf_entries)] = {};
        SysctlEntry **conf = *rconf;

I have attached the content of net.i with this change: net.i.txt

@mihalicyn mihalicyn mentioned this issue May 20, 2024
Open
avagin added a commit to avagin/criu that referenced this issue May 25, 2024
@avagin
net: Fix TOCTOU race condition in unix_conf_op
bf21b3d 
The unix_conf_op function reads the size of the sysctl entry array
twice. gcc thinks that it can lead to a time-of-check to time-of-use
(TOCTOU) race condition if the array size changes between the two reads.

Fixes checkpoint-restore#2398
@avagin avagin linked a pull request May 25, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

net: Fix TOCTOU race condition in unix_conf_op avagin/criu
3 participants
@adrianreber @rst0git @fweimer-rh