From: Jeff King <peff@peff.net>
To: Vegard Nossum <vegard.nossum@oracle.com>
Cc: "René Scharfe" <l.s.r@web.de>,
"Lars Schneider" <larsxschneider@gmail.com>,
"Junio C Hamano" <gitster@pobox.com>,
allan.x.xavier@oracle.com,
"Johannes Schindelin" <Johannes.Schindelin@gmx.de>,
"Git Mailing List" <git@vger.kernel.org>
Subject: [PATCH] line-log: use COPY_ARRAY to fix mis-sized memcpy
Date: Sun, 5 Mar 2017 06:44:46 -0500 [thread overview]
Message-ID: <20170305114446.wqm33o52yizlffju@sigill.intra.peff.net> (raw)
In-Reply-To: <20170305113618.ko2jymle4n5f2b5l@sigill.intra.peff.net>
On Sun, Mar 05, 2017 at 06:36:19AM -0500, Jeff King wrote:
> > range_set_init(dst, src->nr);
> > - memcpy(dst->ranges, src->ranges, src->nr*sizeof(struct range_set));
> > + memcpy(dst->ranges, src->ranges, src->nr*sizeof(struct range));
>
> I think "sizeof(*dst->ranges)" is probably an even better fix, as it
> infers the type of "dst". But these days we have COPY_ARRAY() to make it
> even harder to get this kind of thing wrong.
So here's your fix wrapped up with a commit message, mostly for Junio's
convenience. I listed you as the author, since you did the hard part. If
you're OK with it, please indicate that it's OK to add your
signed-off-by. If you prefer to do it differently, feel free to post
your own patch.
-- >8 --
From: Vegard Nossum <vegard.nossum@oracle.com>
Subject: [PATCH] line-log: use COPY_ARRAY to fix mis-sized memcpy
This memcpy meant to get the sizeof a "struct range", not a
"range_set", as the former is what our array holds. Rather
than swap out the types, let's convert this site to
COPY_ARRAY, which avoids the problem entirely (and confirms
that the src and dst types match).
Note for curiosity's sake that this bug doesn't trigger on
I32LP64 systems, but does on ILP32 systems. The mistaken
"struct range_set" has two ints and a pointer. That's 16
bytes on LP64, or 12 on ILP32. The correct "struct range"
type has two longs, which is also 16 on LP64, but only 8 on
ILP32.
Likewise an IL32P64 system would experience the bug.
Signed-off-by: Jeff King <peff@peff.net>
---
line-log.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/line-log.c b/line-log.c
index 65f3558b3..a2477f601 100644
--- a/line-log.c
+++ b/line-log.c
@@ -43,9 +43,10 @@ void range_set_release(struct range_set *rs)
static void range_set_copy(struct range_set *dst, struct range_set *src)
{
range_set_init(dst, src->nr);
- memcpy(dst->ranges, src->ranges, src->nr*sizeof(struct range_set));
+ COPY_ARRAY(dst->ranges, src->ranges, src->nr);
dst->nr = src->nr;
}
+
static void range_set_move(struct range_set *dst, struct range_set *src)
{
range_set_release(dst);
--
2.12.0.426.g9d5d0eeae
next prev parent reply other threads:[~2017-03-05 11:44 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-28 19:17 [PATCH] Travis: also test on 32-bit Linux Johannes Schindelin
2017-02-28 20:34 ` Johannes Schindelin
2017-03-02 5:06 ` Junio C Hamano
2017-03-02 10:51 ` [PATCH v1] " Lars Schneider
2017-03-02 11:24 ` Johannes Schindelin
2017-03-02 11:38 ` Lars Schneider
2017-03-02 14:22 ` Johannes Schindelin
2017-03-02 15:53 ` Christian Couder
2017-03-02 18:03 ` Junio C Hamano
2017-03-03 2:17 ` Johannes Schindelin
2017-03-03 18:43 ` Junio C Hamano
2017-03-04 0:03 ` Junio C Hamano
2017-03-04 4:11 ` Junio C Hamano
2017-03-04 17:23 ` Lars Schneider
2017-03-04 18:08 ` Vegard Nossum
2017-03-04 19:49 ` Vegard Nossum
2017-03-04 20:08 ` Vegard Nossum
2017-03-05 11:36 ` Jeff King
2017-03-05 11:44 ` Jeff King [this message]
2017-03-05 12:20 ` [PATCH] line-log: use COPY_ARRAY to fix mis-sized memcpy Vegard Nossum
2017-03-05 11:46 ` [PATCH v1] Travis: also test on 32-bit Linux Jeff King
2017-03-10 0:14 ` René Scharfe
2017-03-10 8:18 ` Jeff King
2017-03-10 16:20 ` René Scharfe
2017-03-10 17:57 ` Jeff King
2017-03-10 18:31 ` René Scharfe
2017-03-10 20:13 ` Junio C Hamano
2017-03-10 20:18 ` Jeff King
2017-03-10 22:04 ` René Scharfe
2017-03-10 23:33 ` Junio C Hamano
2017-03-11 14:17 ` René Scharfe
2017-03-10 0:14 ` René Scharfe
2017-03-10 7:45 ` Jeff King
2017-03-02 15:17 ` Ramsay Jones
2017-03-05 17:38 ` Lars Schneider
2017-03-05 22:16 ` Ramsay Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170305114446.wqm33o52yizlffju@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=Johannes.Schindelin@gmx.de \
--cc=allan.x.xavier@oracle.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=l.s.r@web.de \
--cc=larsxschneider@gmail.com \
--cc=vegard.nossum@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).