You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by GitBox <gi...@apache.org> on 2021/02/05 01:39:04 UTC
[GitHub] [trafficserver] masaori335 opened a new issue #7487: An array-bounds warning on PROXY Protocol Builder
masaori335 opened a new issue #7487:
URL: https://github.com/apache/trafficserver/issues/7487
@bneradt noticed the master branch has a build issue after 1baffec5f2d5ce5272c9af5d46b2b54f4b9bbe6a.
```
In file included from ProxyProtocol.cc:29:
In member function ‘virtual ts::FixedBufferWriter& ts::FixedBufferWriter::write(const void*, size_t)’,
inlined from ‘size_t {anonymous}::proxy_protocol_v1_build(uint8_t*, size_t, const ProxyProtocol&)’ at ProxyProtocol.cc:341:34,
inlined from ‘size_t proxy_protocol_build(uint8_t*, size_t, const ProxyProtocol&, ProxyProtocolVersion)’ at ProxyProtocol.cc:492:34:
../../include/tscore/BufferWriter.h:264:20: error: ‘void* memcpy(void*, const void*, size_t)’ forming offset [47, 94] is out of the bounds [0, 46] of object ‘src_ip_buf’ with type ‘char [46]’ [-Werror=array-bounds]
std::memcpy(_buf + _attempted, data, _capacity - _attempted);
~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ProxyProtocol.cc: In function ‘size_t proxy_protocol_build(uint8_t*, size_t, const ProxyProtocol&, ProxyProtocolVersion)’:
ProxyProtocol.cc:337:8: note: ‘src_ip_buf’ declared here
char src_ip_buf[INET6_ADDRSTRLEN];
^~~~~~~~~~
```
- CentOS7 & devtoolset-8
FWIW, our CentOS 7 build for the master branch is using devtoolset-7.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] masaori335 commented on issue #7487: An array-bounds warning on PROXY Protocol Builder
Posted by GitBox <gi...@apache.org>.
masaori335 commented on issue #7487:
URL: https://github.com/apache/trafficserver/issues/7487#issuecomment-773736721
I doubt this warning is a false positive. Because the `src_ip_len` can't be larger than `sizeof(src_ip_buf)`.
https://github.com/apache/trafficserver/blob/1baffec5f2d5ce5272c9af5d46b2b54f4b9bbe6a/iocore/net/ProxyProtocol.cc#L336-L341
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] maskit commented on issue #7487: An array-bounds warning on PROXY Protocol Builder
Posted by GitBox <gi...@apache.org>.
maskit commented on issue #7487:
URL: https://github.com/apache/trafficserver/issues/7487#issuecomment-773792097
Does't the error say it's trying to access `src_ip_buf[47]` to `src_ip_buf[94]`? I have no idea how it can happen but it doesn't seem like because of `src_ip_len`. Note that 47 * 2 = 94.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] masaori335 closed issue #7487: An array-bounds warning on PROXY Protocol Builder
Posted by GitBox <gi...@apache.org>.
masaori335 closed issue #7487:
URL: https://github.com/apache/trafficserver/issues/7487
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] SolidWallOfCode commented on issue #7487: An array-bounds warning on PROXY Protocol Builder
Posted by GitBox <gi...@apache.org>.
SolidWallOfCode commented on issue #7487:
URL: https://github.com/apache/trafficserver/issues/7487#issuecomment-773757429
I'm not seeing that on master with Fedora 32, g++ 10.2, even with "-O2" and "-Werror=array_bounds". The reported errors looks like the compiler is complaining the _destination_ indices are out of bounds of the _source_ array, which is a bizarre thing to complain about.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] bneradt commented on issue #7487: An array-bounds warning on PROXY Protocol Builder
Posted by GitBox <gi...@apache.org>.
bneradt commented on issue #7487:
URL: https://github.com/apache/trafficserver/issues/7487#issuecomment-774168514
In case it's helpful, I also reproduce this locally with g++ 9.3.1 (I originally observed this in 8.x):
```
$ pwd
/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/net
$ c++ --version
c++ (GCC) 9.3.1 20200408 (Red Hat 9.3.1-2)
Copyright (C) 2019 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
$ c++ -DHAVE_CONFIG_H -I. -I../../include -Dlinux -D_LARGEFILE64_SOURCE=1 -D_COMPILE64BIT_SOURCE=1 -D_REENTRANT -D__STDC_LIMIT_MACROS=1 -D__STDC_FORMAT_MACROS=1 -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/eventsystem -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/net -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/net/quic -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/aio -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/hostdb -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/cache -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/utils -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/dns -I/home/bneradt/repos/ts_os_master_use_new_pv_202/include -I/home/bneradt/repos/ts_os_master_use_new_pv_202/lib -I/home/bneradt/repos/ts_os_master_use_new_pv_202/proxy -I/home/bneradt/repos/ts_os_master_use_new_pv_202/proxy/hdrs -I/home/bneradt/repos/ts_os_master_use_new_pv_202/proxy/shared -I/home/bneradt/repos/ts_os_maste
r_use_new_pv_202/proxy/logging -I/home/bneradt/repos/ts_os_master_use_new_pv_202/mgmt -I/home/bneradt/repos/ts_os_master_use_new_pv_202/mgmt/utils -I/home/bneradt/repos/ts_os_master_use_new_pv_202/proxy/http -I/opt/oath/openssl/1.1.1//include -I/home/bneradt/repos/ts_os_master_use_new_pv_202/lib/yamlcpp/include -D_GNU_SOURCE -I/opt/oath/openssl/1.1.1//include -DOPENSSL_NO_SSL_INTERN -std=c++17 -g -pipe -Wall -Wextra -Wno-ignored-qualifiers -Wno-unused-parameter -Wno-format-truncation -Wno-cast-function-type -Wno-stringop-overflow -O3 -feliminate-unused-debug-symbols -fno-strict-aliasing -Wno-invalid-offsetof -Wno-noexcept-type -mcx16 -MT ProxyProtocol.o -MD -MP -MF $depbase.Tpo -c -o ProxyProtocol.o ProxyProtocol.cc
In file included from ProxyProtocol.cc:29:
In member function ‘virtual ts::FixedBufferWriter& ts::FixedBufferWriter::write(const void*, size_t)’,
inlined from ‘size_t {anonymous}::proxy_protocol_v1_build(uint8_t*, size_t, const ProxyProtocol&)’ at ProxyProtocol.cc:341:34,
inlined from ‘size_t proxy_protocol_build(uint8_t*, size_t, const ProxyProtocol&, ProxyProtocolVersion)’ at ProxyProtocol.cc:492:34:
../../include/tscore/BufferWriter.h:264:20: warning: ‘void* memcpy(void*, const void*, size_t)’ forming offset [47, 94] is out of the bounds [0, 46] of object ‘src_ip_buf’ with type ‘char [46]’ [-Warray-bounds]
264 | std::memcpy(_buf + _attempted, data, _capacity - _attempted);
| ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ProxyProtocol.cc: In function ‘size_t proxy_protocol_build(uint8_t*, size_t, const ProxyProtocol&, ProxyProtocolVersion)’:
ProxyProtocol.cc:337:8: note: ‘src_ip_buf’ declared here
337 | char src_ip_buf[INET6_ADDRSTRLEN];
| ^~~~~~~~~~
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] maskit commented on issue #7487: An array-bounds warning on PROXY Protocol Builder
Posted by GitBox <gi...@apache.org>.
maskit commented on issue #7487:
URL: https://github.com/apache/trafficserver/issues/7487#issuecomment-773792097
Does't the error say it's trying to access `src_ip_buf[47]` to `src_ip_buf[94]`? I have no idea how it can happen but it doesn't seem like because of `src_ip_len`. Note that 47 * 2 = 94.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] SolidWallOfCode commented on issue #7487: An array-bounds warning on PROXY Protocol Builder
Posted by GitBox <gi...@apache.org>.
SolidWallOfCode commented on issue #7487:
URL: https://github.com/apache/trafficserver/issues/7487#issuecomment-773757429
I'm not seeing that on master with Fedora 32, g++ 10.2, even with "-O2" and "-Werror=array_bounds". The reported errors looks like the compiler is complaining the _destination_ indices are out of bounds of the _source_ array, which is a bizarre thing to complain about.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] bneradt edited a comment on issue #7487: An array-bounds warning on PROXY Protocol Builder
Posted by GitBox <gi...@apache.org>.
bneradt edited a comment on issue #7487:
URL: https://github.com/apache/trafficserver/issues/7487#issuecomment-774194857
Some observe that they are not seeing the warning in 10, but fwiw I can reproduce this warning there as well:
```
$ c++ --version
c++ (GCC) 10.2.1 20200804 (Red Hat 10.2.1-2)
Copyright (C) 2020 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
$ c++ -DHAVE_CONFIG_H -I. -I../../include -Dlinux -D_LARGEFILE64_SOURCE=1 -D_COMPILE64BIT_SOURCE=1 -D_REENTRANT -D__STDC_LIMIT_MACROS=1 -D__STDC_FORMAT_MACROS=1 -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/e
ventsystem -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/net -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/net/quic -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/aio -I/home/bneradt/repos
/ts_os_master_use_new_pv_202/iocore/hostdb -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/cache -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/utils -I/home/bneradt/repos/ts_os_master_use_new_pv_202/i
ocore/dns -I/home/bneradt/repos/ts_os_master_use_new_pv_202/include -I/home/bneradt/repos/ts_os_master_use_new_pv_202/lib -I/home/bneradt/repos/ts_os_master_use_new_pv_202/proxy -I/home/bneradt/repos/ts_os_master_use_new
_pv_202/proxy/hdrs -I/home/bneradt/repos/ts_os_master_use_new_pv_202/proxy/shared -I/home/bneradt/repos/ts_os_master_use_new_pv_202/proxy/logging -I/home/bneradt/repos/ts_os_master_use_new_pv_202/mgmt -I/home/bneradt/rep
os/ts_os_master_use_new_pv_202/mgmt/utils -I/home/bneradt/repos/ts_os_master_use_new_pv_202/proxy/http -I/opt/oath/openssl/1.1.1//include -I/home/bneradt/repos/ts_os_master_use_new_pv_202/lib/yamlcpp/include -D_GNU_SOUR
CE -I/opt/oath/openssl/1.1.1//include -DOPENSSL_NO_SSL_INTERN -std=c++17 -g -pipe -Wall -Wextra -Wno-ignored-qualifiers -Wno-unused-parameter -Wno-format-truncation -Wno-cast-function-type -Wno-stringop-overflow -O3 -fel
iminate-unused-debug-symbols -fno-strict-aliasing -Wno-invalid-offsetof -Wno-noexcept-type -mcx16 -MT ProxyProtocol.o -MD -MP -MF $depbase.Tpo -c -o ProxyProtocol.o ProxyProtocol.cc
In file included from ProxyProtocol.cc:29:
In member function ‘virtual ts::FixedBufferWriter& ts::FixedBufferWriter::write(const void*, size_t)’,
inlined from ‘size_t {anonymous}::proxy_protocol_v1_build(uint8_t*, size_t, const ProxyProtocol&)’ at ProxyProtocol.cc:341:34,
inlined from ‘size_t proxy_protocol_build(uint8_t*, size_t, const ProxyProtocol&, ProxyProtocolVersion)’ at ProxyProtocol.cc:492:34:
../../include/tscore/BufferWriter.h:264:20: warning: ‘void* memcpy(void*, const void*, size_t)’ forming offset [46, 93] is out of the bounds [0, 46] of object ‘src_ip_buf’ with type ‘char [46]’ [-Warray-bounds]
264 | std::memcpy(_buf + _attempted, data, _capacity - _attempted);
| ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ProxyProtocol.cc: In function ‘size_t proxy_protocol_build(uint8_t*, size_t, const ProxyProtocol&, ProxyProtocolVersion)’:
ProxyProtocol.cc:337:8: note: ‘src_ip_buf’ declared here
337 | char src_ip_buf[INET6_ADDRSTRLEN];
| ^~~~~~~~~~
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] masaori335 commented on issue #7487: An array-bounds warning on PROXY Protocol Builder
Posted by GitBox <gi...@apache.org>.
masaori335 commented on issue #7487:
URL: https://github.com/apache/trafficserver/issues/7487#issuecomment-773736721
I doubt this warning is a false positive. Because the `src_ip_len` can't be larger than `sizeof(src_ip_buf)`.
https://github.com/apache/trafficserver/blob/1baffec5f2d5ce5272c9af5d46b2b54f4b9bbe6a/iocore/net/ProxyProtocol.cc#L336-L341
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] masaori335 edited a comment on issue #7487: An array-bounds warning on PROXY Protocol Builder
Posted by GitBox <gi...@apache.org>.
masaori335 edited a comment on issue #7487:
URL: https://github.com/apache/trafficserver/issues/7487#issuecomment-773736721
I wonder if this warning is a false positive. Because the `src_ip_len` can't be larger than `sizeof(src_ip_buf)`.
https://github.com/apache/trafficserver/blob/1baffec5f2d5ce5272c9af5d46b2b54f4b9bbe6a/iocore/net/ProxyProtocol.cc#L336-L341
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] bneradt commented on issue #7487: An array-bounds warning on PROXY Protocol Builder
Posted by GitBox <gi...@apache.org>.
bneradt commented on issue #7487:
URL: https://github.com/apache/trafficserver/issues/7487#issuecomment-774194857
Some observe that they are not seeing the warning in 10, but fwiw I can reproduce this warning there as well:
```
$ c++ --version
c++ (GCC) 10.2.1 20200804 (Red Hat 10.2.1-2)
Copyright (C) 2020 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
[0 18:01:51 bneradt@touchmuch (autest_update_to_proxy_verifier_v2.0.2) ~/repos/ts_os_master_use_new_pv_202/iocore/net]
$ c++ -DHAVE_CONFIG_H -I. -I../../include -Dlinux -D_LARGEFILE64_SOURCE=1 -D_COMPILE64BIT_SOURCE=1 -D_REENTRANT -D__STDC_LIMIT_MACROS=1 -D__STDC_FORMAT_MACROS=1 -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/e
ventsystem -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/net -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/net/quic -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/aio -I/home/bneradt/repos
/ts_os_master_use_new_pv_202/iocore/hostdb -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/cache -I/home/bneradt/repos/ts_os_master_use_new_pv_202/iocore/utils -I/home/bneradt/repos/ts_os_master_use_new_pv_202/i
ocore/dns -I/home/bneradt/repos/ts_os_master_use_new_pv_202/include -I/home/bneradt/repos/ts_os_master_use_new_pv_202/lib -I/home/bneradt/repos/ts_os_master_use_new_pv_202/proxy -I/home/bneradt/repos/ts_os_master_use_new
_pv_202/proxy/hdrs -I/home/bneradt/repos/ts_os_master_use_new_pv_202/proxy/shared -I/home/bneradt/repos/ts_os_master_use_new_pv_202/proxy/logging -I/home/bneradt/repos/ts_os_master_use_new_pv_202/mgmt -I/home/bneradt/rep
os/ts_os_master_use_new_pv_202/mgmt/utils -I/home/bneradt/repos/ts_os_master_use_new_pv_202/proxy/http -I/opt/oath/openssl/1.1.1//include -I/home/bneradt/repos/ts_os_master_use_new_pv_202/lib/yamlcpp/include -D_GNU_SOUR
CE -I/opt/oath/openssl/1.1.1//include -DOPENSSL_NO_SSL_INTERN -std=c++17 -g -pipe -Wall -Wextra -Wno-ignored-qualifiers -Wno-unused-parameter -Wno-format-truncation -Wno-cast-function-type -Wno-stringop-overflow -O3 -fel
iminate-unused-debug-symbols -fno-strict-aliasing -Wno-invalid-offsetof -Wno-noexcept-type -mcx16 -MT ProxyProtocol.o -MD -MP -MF $depbase.Tpo -c -o ProxyProtocol.o ProxyProtocol.cc
In file included from ProxyProtocol.cc:29:
In member function ‘virtual ts::FixedBufferWriter& ts::FixedBufferWriter::write(const void*, size_t)’,
inlined from ‘size_t {anonymous}::proxy_protocol_v1_build(uint8_t*, size_t, const ProxyProtocol&)’ at ProxyProtocol.cc:341:34,
inlined from ‘size_t proxy_protocol_build(uint8_t*, size_t, const ProxyProtocol&, ProxyProtocolVersion)’ at ProxyProtocol.cc:492:34:
../../include/tscore/BufferWriter.h:264:20: warning: ‘void* memcpy(void*, const void*, size_t)’ forming offset [46, 93] is out of the bounds [0, 46] of object ‘src_ip_buf’ with type ‘char [46]’ [-Warray-bounds]
264 | std::memcpy(_buf + _attempted, data, _capacity - _attempted);
| ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ProxyProtocol.cc: In function ‘size_t proxy_protocol_build(uint8_t*, size_t, const ProxyProtocol&, ProxyProtocolVersion)’:
ProxyProtocol.cc:337:8: note: ‘src_ip_buf’ declared here
337 | char src_ip_buf[INET6_ADDRSTRLEN];
| ^~~~~~~~~~
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] masaori335 edited a comment on issue #7487: An array-bounds warning on PROXY Protocol Builder
Posted by GitBox <gi...@apache.org>.
masaori335 edited a comment on issue #7487:
URL: https://github.com/apache/trafficserver/issues/7487#issuecomment-773736721
I wonder if this warning is a false positive. Because the `src_ip_len` can't be larger than `sizeof(src_ip_buf)`.
https://github.com/apache/trafficserver/blob/1baffec5f2d5ce5272c9af5d46b2b54f4b9bbe6a/iocore/net/ProxyProtocol.cc#L336-L341
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org