lib/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-07-28 00:21:52 +03:00
Code Activity

posix: Fix -Warray-bounds instances building timer_create [BZ #26687]

Browse Source 
GCC 11 -Warray-bounds triggers invalid warnings when building
Linux timer_create.c:

../sysdeps/unix/sysv/linux/timer_create.c: In function '__timer_create_new':
../sysdeps/unix/sysv/linux/timer_create.c:83:17: warning: array subscript 'struct timer[0]' is partly outside array bounds of 'unsigned char[8]' [-Warray-bounds]
   83 |             newp->sigev_notify = (evp != NULL
      |                 ^~
../sysdeps/unix/sysv/linux/timer_create.c:59:47: note: referencing an object of size 8 allocated by 'malloc'
   59 |         struct timer *newp = (struct timer *) malloc (offsetof (struct timer,
      |                                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   60 |                                                                 thrfunc));
      |                                                                 ~~~~~~~~~

The struct allocated for !SIGEV_THREAD timers only requires two 'int'
fields (sigev_notify and ktimerid) and the offsetof trick tries minimize
the memory usage by only allocation the required size.  However,
although the resulting size is suffice for !SIGEV_THREAD time, accessing
the partially allocated object is error-prone and UB.

This patch fixes both issues by embedding the information whether
the timer if a SIGEV_THREAD in the returned 'timer_t'.  For
!SIGEV_THREAD, the resulting 'timer_t' is the returned kernel timer
identifer (kernel_timer_t), while for SIGEV_THREAD it uses the fact
malloc returns at least _Alignof (max_align_t) pointers plus that
valid kernel_timer_t are always positive to set MSB bit of the returned
'timer_t' to indicate the timer handles a SIGEV_THREAD.

It allows to remove the memory allocation for !SIGEV_THREAD and also
remove the 'sigev_notify' field from 'struct timer'.

Checked on x86_64-linux-gnu and i686-linux-gnu.
This commit is contained in:
Adhemerval Zanella
2020-10-05 17:30:05 -03:00
parent 862897d2ad
commit 7a887dd537
8 changed files with 83 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
sysdeps/unix/sysv/linux/timer_create.c
View File

@ -52,16 +52,6 @@ timer_create (clockid_t clock_id, struct sigevent *evp, timer_t *timerid)
{
struct sigevent local_evp;
/* We avoid allocating too much memory by basically
using struct timer as a derived class with the
first two elements being in the superclass. We only
need these two elements here. */
struct timer *newp = (struct timer *) malloc (offsetof (struct timer,
thrfunc));
if (newp == NULL)
/* No more memory. */
return -1;
if (evp == NULL)
{
/* The kernel has to pass up the timer ID which is a
@ -69,31 +59,17 @@ timer_create (clockid_t clock_id, struct sigevent *evp, timer_t *timerid)
the kernel to determine it. */
local_evp.sigev_notify = SIGEV_SIGNAL;
local_evp.sigev_signo = SIGALRM;
local_evp.sigev_value.sival_ptr = newp;
local_evp.sigev_value.sival_ptr = NULL;
evp = &local_evp;
}
kernel_timer_t ktimerid;
int retval = INLINE_SYSCALL (timer_create, 3, syscall_clockid, evp,
&ktimerid);
if (INLINE_SYSCALL_CALL (timer_create, syscall_clockid, evp,
&ktimerid) == -1)
return -1;
if (retval != -1)
{
newp->sigev_notify = (evp != NULL
? evp->sigev_notify : SIGEV_SIGNAL);
newp->ktimerid = ktimerid;
*timerid = (timer_t) newp;
}
else
{
/* Cannot allocate the timer, fail. */
free (newp);
retval = -1;
}
return retval;
*timerid = kernel_timer_to_timerid (ktimerid);
}
else
{
@ -106,20 +82,18 @@ timer_create (clockid_t clock_id, struct sigevent *evp, timer_t *timerid)
return -1;
}
struct timer *newp;
newp = (struct timer *) malloc (sizeof (struct timer));
struct timer *newp = malloc (sizeof (struct timer));
if (newp == NULL)
return -1;
/* Copy the thread parameters the user provided. */
newp->sival = evp->sigev_value;
newp->thrfunc = evp->sigev_notify_function;
newp->sigev_notify = SIGEV_THREAD;
/* We cannot simply copy the thread attributes since the
implementation might keep internal information for
each instance. */
(void) pthread_attr_init (&newp->attr);
pthread_attr_init (&newp->attr);
if (evp->sigev_notify_attributes != NULL)
{
struct pthread_attr *nattr;
@ -137,8 +111,7 @@ timer_create (clockid_t clock_id, struct sigevent *evp, timer_t *timerid)
}
/* In any case set the detach flag. */
(void) pthread_attr_setdetachstate (&newp->attr,
PTHREAD_CREATE_DETACHED);
pthread_attr_setdetachstate (&newp->attr, PTHREAD_CREATE_DETACHED);
/* Create the event structure for the kernel timer. */
struct sigevent sev =
@ -149,27 +122,24 @@ timer_create (clockid_t clock_id, struct sigevent *evp, timer_t *timerid)
/* Create the timer. */
int res;
res = INTERNAL_SYSCALL_CALL (timer_create,
syscall_clockid, &sev, &newp->ktimerid);
if (! INTERNAL_SYSCALL_ERROR_P (res))
res = INTERNAL_SYSCALL_CALL (timer_create, syscall_clockid, &sev,
&newp->ktimerid);
if (INTERNAL_SYSCALL_ERROR_P (res))
{
/* Add to the queue of active timers with thread
delivery. */
pthread_mutex_lock (&__active_timer_sigev_thread_lock);
newp->next = __active_timer_sigev_thread;
__active_timer_sigev_thread = newp;
pthread_mutex_unlock (&__active_timer_sigev_thread_lock);
*timerid = (timer_t) newp;
return 0;
free (newp);
__set_errno (INTERNAL_SYSCALL_ERRNO (res));
return -1;
}
/* Free the resources. */
free (newp);
/* Add to the queue of active timers with thread delivery. */
pthread_mutex_lock (&__active_timer_sigev_thread_lock);
newp->next = __active_timer_sigev_thread;
__active_timer_sigev_thread = newp;
pthread_mutex_unlock (&__active_timer_sigev_thread_lock);
__set_errno (INTERNAL_SYSCALL_ERRNO (res));
return -1;
*timerid = timer_to_timerid (newp);
}
}
return 0;
}