gcc 8 -Wstringop-overflow is uhappy when the specified bounds depend
on the length of the source and is not smart enough to see the check
we do. Besides we don't want the padding effect of strncpy() here.
An alternative approach would be to check the valie in settime1(), but
it would result in multiple checks for valid tv_nsec, as there are
settime1() users that need to check the ranges earlier.
Reported-by: syzbot+96e5ce2c2c704d96c2f0@syzkaller.appspotmail.com
zfs_netbsd_{create,mknod,link,etc..} that call functions called
zfs_{create,mknod,link,etc..}. These later functions may return a
error code along with a *vpp that is NULL. This situation was not
handled by the zfs_netbsd_* functions and would result in a panic in a
number of cases. The simplest to trigger it was filling up a dataset
or pool resulting in a over quota condition. An attempt to create
another file, or directory at that point would panic.
The condition would be rechecked later again after subtracting start time
and most invalid inputs rejected. In corner cases the current code can
accept certain invalid inputs that will pass checks later and behave like
valid ones (due to signed integer overflow).
Reported-by: syzbot+3a4a07b62558bbbd3baa@syzkaller.appspotmail.com
- code that will be unreachable on platforms with
sizeof(double) != sizeof(unsigned long) triggered an valid out
of bounds warning. avoid the error by using sizeof ul.
- also assert that the sizes are the same if entering here.
both from kamil@.
- file has looks bogus maybe-uninitialized
- llvm triggers an attribute violation:
ScheduleDAGInstrs.cpp:1430:14: error: declaration of
'llvm::raw_ostream& llvm::operator<<(llvm::raw_ostream&, const llvm::ILPValue&)'
with attribute 'noinline' follows inline declaration [-Werror=attributes]
- ntp and pkg_install have obvious restrict violations, should be
fixed but i'm avoiding patching upstream code in this pass
- tftp has an array bounds that doesn't seem real issue
- sysinst's partman.c has major problem with passing the same
string as source and dest in snprintf, as a way to strcat
with formatting which trip restrict violations. non trivial
to fix so for now the warning is elided.
- Xext's XEVI.c has similar issue as partman.c
everyone and GCC 8 gets these warnings turned off for now:
-Wno-format-truncation
-Wno-stringop-overflow
-Wno-stringop-truncation
-Wno-cast-function-type
as they trip a large amount of code. most of them should be
investigated, but the few i looked at were not finding actually
real bugs, vs instances of poor coding, so skipping for now.
