Re: [PATCH RFC] exec: avoid possible undefined behavior in count()
From: Andrew Morton
Date: Mon Jan 07 2013 - 16:44:09 EST
On Sun, 6 Jan 2013 00:29:05 -0500
Xi Wang <xi.wang@xxxxxxxxx> wrote:
> The tricky problem is this check:
> if (i++ >= max)
> icc (mis)optimizes this check as:
> if (++i > max)
> The check now becomes a no-op since max is MAX_ARG_STRINGS (0x7FFFFFFF).
> This is "allowed" by the C standard, assuming i++ never overflows,
> because signed integer overflow is undefined behavior. This optimization
> effectively reverts the previous commit 362e6663ef ("exec.c, compat.c:
> fix count(), compat_count() bounds checking") that tries to fix the check.
> This patch simply moves ++ after the check.
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -434,8 +434,9 @@ static int count(struct user_arg_ptr argv, int max)
> if (IS_ERR(p))
> return -EFAULT;
> - if (i++ >= max)
> + if (i >= max)
> return -E2BIG;
> + ++i;
> if (fatal_signal_pending(current))
> return -ERESTARTNOHAND;
I have no problem working around a compiler bug when the workaround is
so small and simple. For clarity and accuracy I renamed the patch to
"fs/exec.c: work around icc miscompilation".
However I'd also like to be able to add "this bug has been reported to
the icc developers and will be fixed in version X.Y"?
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/