From: mame@ruby-lang.org
To: ruby-core@ruby-lang.org
Subject: [ruby-core:69681] [Ruby trunk - Bug #11270] [Rejected] Coverity Scan warns out-of-bounds access in ext/socket
Date: Fri, 19 Jun 2015 14:11:23 +0000 [thread overview]
Message-ID: <redmine.journal-53053.20150619141122.c8ca296810b2533d@ruby-lang.org> (raw)
In-Reply-To: redmine.issue-11270.20150616182142@ruby-lang.org
Issue #11270 has been updated by Yusuke Endoh.
Status changed from Open to Rejected
I talked with akr on twitter, and was convinced that `(void*)&arg.buf.addr == (void*)&arg.buf` was guaranteed. So closing.
6.3.2.3 (7) says that a cast to `char *` yields a pointer to the lowest addressed byte of the object. This indirectly guarantees the equality, I think.
```
A pointer to an object or incomplete type may be converted to a pointer to a different
object or incomplete type. If the resulting pointer is not correctly aligned for the
pointed-to type, the behavior is undefined. Otherwise, when converted back again, the
result shall compare equal to the original pointer. When a pointer to an object is
converted to a pointer to a character type, the result points to the lowest addressed byte of
the object. Successive increments of the result, up to the size of the object, yield pointers
to the remaining bytes of the object.
```
Thank you very much!
--
Yusuke Endoh <mame@ruby-lang.org>
----------------------------------------
Bug #11270: Coverity Scan warns out-of-bounds access in ext/socket
https://bugs.ruby-lang.org/issues/11270#change-53053
* Author: Yusuke Endoh
* Status: Rejected
* Priority: Normal
* Assignee:
* ruby -v:
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
Hello,
Coverity Scan warns ext/socket/init.c and raddrinfo.c.
`rsock_s_recvfrom` in ext/socket/init.c does:
arg.alen = (socklen_t)sizeof(arg.buf);
then calls `rsock_io_socket_addrinfo`:
return rb_assoc_new(str, rsock_io_socket_addrinfo(sock, &arg.buf.addr, arg.alen));
`rsock_io_socket_addrinfo` indirectly calls `init_addrinfo` in ext/socket/raddrinfo.c.
(`rsock_io_socket_addrinfo` -> `rsock_fd_socket_addrinfo` -> `rsock_addrinfo_new` -> `init_addrinfo`)
`init_addrinfo` does:
memcpy((void *)&rai->addr, (void *)sa, len);
Note that `sa` is `&arg.buf.addr`, and `len` is `arg.alen`. `&arg.buf.addr` is a pointer to sockaddr, and `arg.len` is `sizeof(union_sockaddr)`, not `sizeof(sockaddr)`, which is indeed inconsistent.
I don't think this inconsistency will cause actual harm, but it would be better to fix.
--
Yusuke Endoh <mame@ruby-lang.org>
--
https://bugs.ruby-lang.org/
prev parent reply other threads:[~2015-06-19 13:49 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <redmine.issue-11270.20150616182142@ruby-lang.org>
2015-06-16 18:21 ` [ruby-core:69613] [Ruby trunk - Bug #11270] [Open] Coverity Scan warns out-of-bounds access in ext/socket mame
2015-06-18 7:49 ` [ruby-core:69647] [Ruby trunk - Bug #11270] [Feedback] " akr
2015-06-18 15:59 ` [ruby-core:69662] [Ruby trunk - Bug #11270] [Open] " mame
2015-06-19 1:36 ` [ruby-core:69672] [Ruby trunk - Bug #11270] " akr
2015-06-19 14:11 ` mame [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.ruby-lang.org/en/community/mailing-lists/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=redmine.journal-53053.20150619141122.c8ca296810b2533d@ruby-lang.org \
--to=ruby-core@ruby-lang.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).