Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20240610160408.GN10433@brightrain.aerifal.cx>
Date: Mon, 10 Jun 2024 12:04:08 -0400
From: Rich Felker <dalias@...c.org>
To: Ismael Luceno <ismael@...ev.co.uk>
Cc: musl@...ts.openwall.com
Subject: Re: [PATCH] ioctl: Fix implicit constant conversion overflow

On Mon, Jun 03, 2024 at 03:57:18AM +0200, Ismael Luceno wrote:
> On 02/Jun/2024 18:50, Rich Felker wrote:
> > On Sun, Jun 02, 2024 at 05:01:10AM +0200, Ismael Luceno wrote:
> > > On 31/May/2024 22:34, Rich Felker wrote:
> > > <...>
> > > > > +#define _IOW(a,b,c) _IOC(_IOC_WRITE,(a),(b),(int)sizeof(c))
> > > > > +#define _IOR(a,b,c) _IOC(_IOC_READ,(a),(b),(int)sizeof(c))
> > > > > +#define _IOWR(a,b,c) _IOC(_IOC_READ|_IOC_WRITE,(a),(b),(int)sizeof(c))
> > > > 
> > > > I don't see how this helps with the warning you're trying to suppress,
> > > 
> > > GCC disagrees; the warnings go away because it's this element that
> > > causes the whole expression to be promoted to unsigned long long,
> > > so making it smaller (we can use unsigned int instead) avoids the
> > > issue.
> > 
> > In that case gcc is just being inconsistent. Both the conversion from
> > unsigned int to int and size_t to int are non-value-preserving. It
> > makes no sense that it warns for the latter but not for the former.
> > 
> > "Make weird inconsistent warning messages go away" is not a motivation
> > for a change. If the command macros could all be made to have type int
> > (matcing the ioctl argument) without introducing new problems, that
> > would be a well-motivated change. I suppose "make them have type
> > unsigned int rather than unsigned long so that they're not
> > gratuitously over-wide" might be well-motivated too, but I suspect it
> > leaves in place warnings in some places. "Fix implicit constant
> > conversion overflow" is not a well-motivated change since there is no
> > overflow.
> 
> GCC doesn't make much sense here but the warning appears with several
> versions of GCC.
> 
> An explicit cast at _IOC instead would make sense to me, but what could
> break in your opinion?

I'm not sure. It needs investigation. There might have been some
concern with breakage from kernel headers that define ioctl numbers or
something. I just remember this hasn't been as simple as it sounds
from past times it came up..

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.