From patchwork Wed Apr 26 17:14:18 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Joseph Myers <joseph@codesourcery.com>
X-Patchwork-Id: 1774195
Return-Path: <libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org
 (client-ip=8.43.85.97; helo=sourceware.org;
 envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org;
 receiver=<UNKNOWN>)
Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4Q65Gq4BPTz23s0
	for <incoming@patchwork.ozlabs.org>; Thu, 27 Apr 2023 03:20:19 +1000 (AEST)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 83F433858D1E
	for <incoming@patchwork.ozlabs.org>; Wed, 26 Apr 2023 17:20:16 +0000 (GMT)
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from esa1.mentor.iphmx.com (esa1.mentor.iphmx.com [68.232.129.153])
 by sourceware.org (Postfix) with ESMTPS id C3B233858C53
 for <libc-alpha@sourceware.org>; Wed, 26 Apr 2023 17:20:05 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C3B233858C53
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none)
 header.from=codesourcery.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=mentor.com
X-IronPort-AV: E=Sophos;i="5.99,228,1677571200";
   d="scan'208";a="4048722"
Received: from orw-gwy-01-in.mentorg.com ([192.94.38.165])
 by esa1.mentor.iphmx.com with ESMTP; 26 Apr 2023 09:20:04 -0800
IronPort-SDR: 
 N/TZLdX5ZZaqDnp8OFJRONaO5x9Kf/7bCkcglodNJIg3MnGhcF7KJ+wDR+ZSuvnBHYGS9kj2+S
 W2hl/av7I3YNdeWTEsGjAZKUuGg4mUsqzhskVcijPT0I7V/laFkFy9rDG5FRlbVf5LYc3QNTPR
 3dfQqPFctugLqj+l7FGnrdwAmRkMQideq5wXtp27509k+nCjqgt/2cvn/MQAYbwFTdfxlh9l71
 7TkZ8X0/PML2NRnO2mCS1/uhE+LIqSwwcB8ARwZ+Va1mShj4U3z9bSi/MLnryASXSeFEvLeNVa
 rfQ=
Date: Wed, 26 Apr 2023 17:14:18 +0000
From: Joseph Myers <joseph@codesourcery.com>
To: <libc-alpha@sourceware.org>
CC: <samuel.thibault@ens-lyon.org>
Subject: Fix Hurd getcwd build with GCC >= 13
Message-ID: <18587337-7815-4056-ebd0-724df262d591@codesourcery.com>
MIME-Version: 1.0
X-Originating-IP: [137.202.0.90]
X-ClientProxiedBy: svr-ies-mbx-13.mgc.mentorg.com (139.181.222.13) To
 svr-ies-mbx-10.mgc.mentorg.com (139.181.222.10)
X-Spam-Status: No, score=-3112.8 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 HEADER_FROM_DIFFERENT_DOMAINS, KAM_DMARC_STATUS, KAM_NUMSUBJECT,
 SPF_HELO_PASS,
 SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org
Sender: "Libc-alpha"
 <libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org>

The build of glibc for i686-gnu has been failing for a while with GCC
mainline / GCC 13:

../sysdeps/mach/hurd/getcwd.c: In function '__hurd_canonicalize_directory_name_internal':
../sysdeps/mach/hurd/getcwd.c:242:48: error: pointer 'file_name' may be used after 'realloc' [-Werror=use-after-free]
  242 |                   file_namep = &buf[file_namep - file_name + size / 2];
      |                                     ~~~~~~~~~~~^~~~~~~~~~~
../sysdeps/mach/hurd/getcwd.c:236:25: note: call to 'realloc' here
  236 |                   buf = realloc (file_name, size);
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~

This appears to be a genuine bug; fix by doing the subtraction before
the reallocation makes the pointer invalid for arithmetic.

Tested with build-many-glibcs.py for i686-gnu.

diff --git a/sysdeps/mach/hurd/getcwd.c b/sysdeps/mach/hurd/getcwd.c
index f24b35b380..cd3aedd9cd 100644
--- a/sysdeps/mach/hurd/getcwd.c
+++ b/sysdeps/mach/hurd/getcwd.c
@@ -222,8 +222,9 @@ __hurd_canonicalize_directory_name_internal (file_t thisdir,
       found:
 	{
 	  /* Prepend the directory name just discovered.  */
+	  size_t offset = file_namep - file_name;
 
-	  if (file_namep - file_name < d->d_namlen + 1)
+	  if (offset < d->d_namlen + 1)
 	    {
 	      if (orig_size > 0)
 		{
@@ -239,7 +240,7 @@ __hurd_canonicalize_directory_name_internal (file_t thisdir,
 		      free (file_name);
 		      return NULL;
 		    }
-		  file_namep = &buf[file_namep - file_name + size / 2];
+		  file_namep = &buf[offset + size / 2];
 		  file_name = buf;
 		  /* Move current contents up to the end of the buffer.
 		     This is guaranteed to be non-overlapping.  */