From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: poffice@blade.nagaokaut.ac.jp Delivered-To: poffice@blade.nagaokaut.ac.jp Received: from kankan.nagaokaut.ac.jp (kankan.nagaokaut.ac.jp [133.44.2.24]) by blade.nagaokaut.ac.jp (Postfix) with ESMTP id 8AAAE196000C for ; Fri, 19 Jun 2015 22:49:10 +0900 (JST) Received: from funfun.nagaokaut.ac.jp (smtp.nagaokaut.ac.jp [133.44.2.201]) by kankan.nagaokaut.ac.jp (Postfix) with ESMTP id B592AB5D8E8 for ; Fri, 19 Jun 2015 23:12:08 +0900 (JST) Received: from funfun.nagaokaut.ac.jp (localhost.nagaokaut.ac.jp [127.0.0.1]) by funfun.nagaokaut.ac.jp (Postfix) with ESMTP id 7822E97A827 for ; Fri, 19 Jun 2015 23:12:11 +0900 (JST) X-Virus-Scanned: amavisd-new at nagaokaut.ac.jp Authentication-Results: funfun.nagaokaut.ac.jp (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=sendgrid.me Received: from funfun.nagaokaut.ac.jp ([127.0.0.1]) by funfun.nagaokaut.ac.jp (funfun.nagaokaut.ac.jp [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BbHjQGZ-LY5t for ; Fri, 19 Jun 2015 23:12:10 +0900 (JST) Received: from voscc.nagaokaut.ac.jp (voscc.nagaokaut.ac.jp [133.44.1.100]) by funfun.nagaokaut.ac.jp (Postfix) with ESMTP id D666897A826 for ; Fri, 19 Jun 2015 23:12:10 +0900 (JST) Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by voscc.nagaokaut.ac.jp (Postfix) with ESMTP id CE74495243E for ; Fri, 19 Jun 2015 23:12:07 +0900 (JST) Received: from [221.186.184.76] (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id BDFA912048D; Fri, 19 Jun 2015 23:12:06 +0900 (JST) X-Original-To: ruby-core@ruby-lang.org Delivered-To: ruby-core@ruby-lang.org Received: from o10.shared.sendgrid.net (o10.shared.sendgrid.net [173.193.132.135]) by neon.ruby-lang.org (Postfix) with ESMTPS id 8B88F120476 for ; Fri, 19 Jun 2015 23:12:02 +0900 (JST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.me; h=from:to:references:subject:mime-version:content-type:content-transfer-encoding:list-id; s=smtpapi; bh=7RM7D6qvZWLOZ0atzBJ4iEGoh5s=; b=pL6TSogGphYrDsPS7l 3e5Y+OcsVa2Rj1rAAlT1NfLqMgpPUqBapK0yZjdlIXYlQV+jjsLvw3LzRrbg6SLp HBjkvEp7GZa/cnKoGxKJb3Vfnwl3ejQMbUx5jzlmf8KHuF5qx3Hz2jlWbxxmYESV 31JGNv6DPpj2TJB/J9C2rujdk= Received: by filter0494p1mdw1.sendgrid.net with SMTP id filter0494p1mdw1.21325.5584230B27 2015-06-19 14:11:23.572758476 +0000 UTC Received: from herokuapp.com (ec2-54-160-249-82.compute-1.amazonaws.com [54.160.249.82]) by ismtpd-052 (SG) with ESMTP id 14e0c28e552.23fb.497972 for ; Fri, 19 Jun 2015 14:11:23 +0000 (UTC) Date: Fri, 19 Jun 2015 14:11:23 +0000 From: mame@ruby-lang.org To: ruby-core@ruby-lang.org Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Redmine-MailingListIntegration-Message-Ids: 44238 X-Redmine-Project: ruby-trunk X-Redmine-Issue-Id: 11270 X-Redmine-Issue-Author: mame X-Redmine-Sender: mame X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-SG-EID: ync6xU2WACa70kv/Ymy4QrNMhiuLXJG8OTL2vJD1yS7yAkTmJOsoDjh9dxr60WwPT8lmbUfuKSGCmF WOdywAxvqmTIKHWTCTIFi5NhQ5VeJBlA3y70pJAo9lgehjeSsx9A72Os+NabF6kfx4xDu2O9VyDIeb 8rJG8qBjMlgQDPLqWBDmgsxPvS6c5YTAF3uZ X-SendGrid-Contentd-ID: {"test_id":"1434723086"} X-ML-Name: ruby-core X-Mail-Count: 69681 Subject: [ruby-core:69681] [Ruby trunk - Bug #11270] [Rejected] Coverity Scan warns out-of-bounds access in ext/socket X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: Ruby developers List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" Issue #11270 has been updated by Yusuke Endoh. Status changed from Open to Rejected I talked with akr on twitter, and was convinced that `(void*)&arg.buf.addr == (void*)&arg.buf` was guaranteed. So closing. 6.3.2.3 (7) says that a cast to `char *` yields a pointer to the lowest addressed byte of the object. This indirectly guarantees the equality, I think. ``` A pointer to an object or incomplete type may be converted to a pointer to a different object or incomplete type. If the resulting pointer is not correctly aligned for the pointed-to type, the behavior is undefined. Otherwise, when converted back again, the result shall compare equal to the original pointer. When a pointer to an object is converted to a pointer to a character type, the result points to the lowest addressed byte of the object. Successive increments of the result, up to the size of the object, yield pointers to the remaining bytes of the object. ``` Thank you very much! -- Yusuke Endoh ---------------------------------------- Bug #11270: Coverity Scan warns out-of-bounds access in ext/socket https://bugs.ruby-lang.org/issues/11270#change-53053 * Author: Yusuke Endoh * Status: Rejected * Priority: Normal * Assignee: * ruby -v: * Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN ---------------------------------------- Hello, Coverity Scan warns ext/socket/init.c and raddrinfo.c. `rsock_s_recvfrom` in ext/socket/init.c does: arg.alen = (socklen_t)sizeof(arg.buf); then calls `rsock_io_socket_addrinfo`: return rb_assoc_new(str, rsock_io_socket_addrinfo(sock, &arg.buf.addr, arg.alen)); `rsock_io_socket_addrinfo` indirectly calls `init_addrinfo` in ext/socket/raddrinfo.c. (`rsock_io_socket_addrinfo` -> `rsock_fd_socket_addrinfo` -> `rsock_addrinfo_new` -> `init_addrinfo`) `init_addrinfo` does: memcpy((void *)&rai->addr, (void *)sa, len); Note that `sa` is `&arg.buf.addr`, and `len` is `arg.alen`. `&arg.buf.addr` is a pointer to sockaddr, and `arg.len` is `sizeof(union_sockaddr)`, not `sizeof(sockaddr)`, which is indeed inconsistent. I don't think this inconsistency will cause actual harm, but it would be better to fix. -- Yusuke Endoh -- https://bugs.ruby-lang.org/