Re: [REGRESSION][BISECTED] erroneous buffer overflow detected in bch2_xattr_validate

From: Kees Cook
Date: Thu Oct 03 2024 - 17:28:15 EST

Next message: Steven Rostedt: "[PATCH] tracing: Remove definition of trace_*_rcuidle()"
Previous message: Ian Rogers: "Re: [Patch v5 0/6] Bug fixes on topdown events reordering"
In reply to: Jan Hendrik Farr: "Re: [REGRESSION][BISECTED] erroneous buffer overflow detected in bch2_xattr_validate"
Next in thread: Jan Hendrik Farr: "Re: [REGRESSION][BISECTED] erroneous buffer overflow detected in bch2_xattr_validate"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 03, 2024 at 05:17:08PM +0200, Jan Hendrik Farr wrote:
> gcc currently says that the __bdos of struct containing a flexible array
> member is:
>
> sizeof(<whole struct>) + sizeof(<flexible array element>) * <count>
>
> clang however does the following:
>
> max(sizeof(<whole struct>), offsetof(<flexible array member>) + sizeof(<flexible array element>) * <count>)

Clang's calculation seems very wrong. I would expect it to match GCC's.

--
Kees Cook

Next message: Steven Rostedt: "[PATCH] tracing: Remove definition of trace_*_rcuidle()"
Previous message: Ian Rogers: "Re: [Patch v5 0/6] Bug fixes on topdown events reordering"
In reply to: Jan Hendrik Farr: "Re: [REGRESSION][BISECTED] erroneous buffer overflow detected in bch2_xattr_validate"
Next in thread: Jan Hendrik Farr: "Re: [REGRESSION][BISECTED] erroneous buffer overflow detected in bch2_xattr_validate"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]