[New-bugs-announce] [issue38282] socketmodule.c: _FORTIFY_SOURCE=2 warning in AF_ALG case of getsockaddrarg()

STINNER Victor report at bugs.python.org
Wed Sep 25 21:11:45 EDT 2019 

New submission from STINNER Victor <vstinner at python.org>:

To test bpo-32375, I just recompiled the master branch of Python twice using these flags:

* -D_FORTIFY_SOURCE=2 -Og
* -D_FORTIFY_SOURCE=2 -O3

I got a few warnings, the same that I get without FORTIFY SOURCE.

Using -D_FORTIFY_SOURCE=2 -O3, I get one warning, but it's no longer from getpath.c:

In file included from /usr/include/string.h:494,
                 from ./Include/Python.h:30,
                 from /home/vstinner/python/master/Modules/socketmodule.c:103:
In function ‘memset’,
    inlined from ‘getsockaddrarg’ at /home/vstinner/python/master/Modules/socketmodule.c:2331:9,
    inlined from ‘sock_bind’ at /home/vstinner/python/master/Modules/socketmodule.c:3113:10:
/usr/include/bits/string_fortified.h:71:10: warning: ‘__builtin_memset’ offset [17, 88] from the object at ‘addrbuf’ is out of the bounds of referenced subobject ‘sa’ with type ‘struct sockaddr’ at offset 0 [-Warray-bounds]
   71 |   return __builtin___memset_chk (__dest, __ch, __len, __bos0 (__dest));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The warning comes from the code:

    case AF_ALG:
        ...
        struct sockaddr_alg *sa;
        sa = (struct sockaddr_alg *)addr_ret;
        memset(sa, 0, sizeof(*sa));

called from:

static PyObject *
sock_bind(PySocketSockObject *s, PyObject *addro)
{
    sock_addr_t addrbuf;
    int addrlen;
    int res;

    if (!getsockaddrarg(s, addro, SAS2SA(&addrbuf), &addrlen, "bind")) {
        return NULL;
    }

----------
components: Library (Lib)
messages: 353251
nosy: christian.heimes, pitrou, vstinner
priority: normal
severity: normal
status: open
title: socketmodule.c: _FORTIFY_SOURCE=2 warning in AF_ALG case of getsockaddrarg()
versions: Python 3.9

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue38282>
_______________________________________

More information about the New-bugs-announce mailing list