From: "Jₑₙₛ Gustedt" <jens.gustedt@inria.fr>
To: Rich Felker <dalias@libc.org>
Cc: musl@lists.openwall.com, Mike Cui <cuicui@gmail.com>,
NRK <nrk@disroot.org>
Subject: Re: [musl] Potential bug in __res_msend_rc() wrt to union initialization.
Date: Tue, 19 Mar 2024 17:39:30 +0100 [thread overview]
Message-ID: <20240319173930.57b8eb30@inria.fr> (raw)
In-Reply-To: <20240319160832.GL4163@brightrain.aerifal.cx>
Hi,
actually the introduction of `{}` versus `{0}` in C23 was not meant to
provide any difference in semantics, just to make the syntax nicer and
consistent with C++.
on Tue, 19 Mar 2024 12:08:32 -0400 you (Rich Felker <dalias@libc.org>)
wrote:
> On Tue, Mar 19, 2024 at 08:55:22AM -0700, Mike Cui wrote:
> > On Tue, Mar 19, 2024 at 8:42 AM Rich Felker <dalias@libc.org> wrote:
> >
> > > On Tue, Mar 19, 2024 at 08:04:31AM -0700, Mike Cui wrote:
> [...]
> [...]
> [...]
> [...]
> [...]
> [...]
> [...]
> > > types.
> > >
> > > No, the part below that you didn't reply to covers unions:
> > >
> > >
> > The full 6.7.9 ¶10:
> >
> > 10 If an object that has automatic storage duration is not
> > initialized explicitly, its value is indeterminate. If an object
> > that has static or thread storage duration is not initialized
> > explicitly, then:
> > - if it has pointer type, it is initialized to a null pointer;
> > - if it has arithmetic type, it is initialized to (positive or
> > unsigned) zero;
> > - if it is an aggregate, every member is initialized (recursively)
> > according to these rules, and any padding is initialized to zero
> > bits;
> > - if it is a union, the first named member is initialized
> > (recursively) according to these rules, and any padding is
> > initialized to zero bits;
> >
> > The second part that you quoted applies to "static or thread storage
> > duration". The first sentence specifically says that anything not
> > initialized is indeterminate.
> > The only other paragraph which invokes 6.7.9 p10 is 6.7.9p21, which
> > also does not apply to unions. (p21 ensures that the "ns" array of
> > unions in the code would be zeroed out, but not the "sa" which a
> > single union allocated on the stack.)
>
> ¶19 says:
>
> "all subobjects that are not initialized explicitly shall be
> initialized implicitly the same as objects that have static
> storage duration."
>
> The term "subobject" does not seem to be defined, so there's some
> ambiguity, but I would read ¶19 as applying the above text about
> static unions to automatic ones.
>
> In any case, what clang wants to do here seems like a big gratuitous
> footgun. We'll make the code in musl safe against this but I suspect
> it will have lots of bad effects elsewhere...
To avoid such differences in interpretation, the simplest solution
seems to be to always put the biggest union member first, or to even
add an artificial first one `char [size-of-the-union] __dummy;`, such
that this is always 0-byte initialized if there is any initialization
at all.
Jₑₙₛ
--
:: ICube :::::::::::::::::::::::::::::: deputy director ::
:: Université de Strasbourg :::::::::::::::::::::: ICPS ::
:: INRIA Nancy Grand Est :::::::::::::::::::::::: Camus ::
:: :::::::::::::::::::::::::::::::::::: ☎ +33 368854536 ::
:: https://icube-icps.unistra.fr/index.php/Jens_Gustedt ::
next prev parent reply other threads:[~2024-03-19 16:39 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-18 19:56 Mike Cui
2024-03-18 21:34 ` Rich Felker
2024-03-18 22:22 ` NRK
2024-03-18 22:39 ` [musl] Potential bug in __res_msend_rc() wrt to union initialisation Thorsten Glaser
2024-03-19 0:01 ` [musl] Potential bug in __res_msend_rc() wrt to union initialization Mike Cui
2024-03-19 13:18 ` Rich Felker
2024-03-19 15:04 ` Mike Cui
2024-03-19 15:42 ` Rich Felker
2024-03-19 15:55 ` Mike Cui
2024-03-19 16:08 ` Rich Felker
2024-03-19 16:39 ` Jₑₙₛ Gustedt [this message]
2024-03-19 20:47 ` Thorsten Glaser
2024-03-21 10:58 ` Jₑₙₛ Gustedt
2024-03-21 16:41 ` Thorsten Glaser
2024-03-19 21:04 ` NRK
2024-03-19 21:36 ` Rich Felker
2024-03-20 17:11 ` NRK
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240319173930.57b8eb30@inria.fr \
--to=jens.gustedt@inria.fr \
--cc=cuicui@gmail.com \
--cc=dalias@libc.org \
--cc=musl@lists.openwall.com \
--cc=nrk@disroot.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).