From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/13816 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: Error in getaddrinfo()? Date: Tue, 19 Feb 2019 17:30:46 -0500 Message-ID: <20190219223046.GY23599@brightrain.aerifal.cx> References: <20190219202700.GB19969@voyager> Reply-To: musl@lists.openwall.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="13569"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Mutt/1.5.21 (2010-09-15) To: musl@lists.openwall.com Original-X-From: musl-return-13832-gllmg-musl=m.gmane.org@lists.openwall.com Tue Feb 19 23:31:02 2019 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.89) (envelope-from ) id 1gwDun-0003R5-VV for gllmg-musl@m.gmane.org; Tue, 19 Feb 2019 23:31:02 +0100 Original-Received: (qmail 1631 invoked by uid 550); 19 Feb 2019 22:30:59 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 1613 invoked from network); 19 Feb 2019 22:30:58 -0000 Content-Disposition: inline In-Reply-To: Original-Sender: Rich Felker Xref: news.gmane.org gmane.linux.lib.musl.general:13816 Archived-At: On Tue, Feb 19, 2019 at 01:09:21PM -0800, Michael Forney wrote: > On 2019-02-19, Markus Wichmann wrote: > > And while we're on the subject, a few lines later we get > > > > .ai_next = &out[k+1].ai }; > > > > Now, for the last k, isn't this calculation undefined? The array index > > is out of bounds, then. It won't matter what is calculated here, since > > the last .ai_next is explicitly nulled a few lines further down, but the > > calculation might invoke undefined behavior, and these last few years > > compilers have gotten really agressive about that. > > I don't think it is undefined behavior, as long as it is not > dereferenced. See http://port70.net/~nsz/c/c11/n1570.html#6.5.6p8: > > "If both the pointer operand and the result point to elements of the > same array object, or one past the last element of the array object, > the evaluation shall not produce an overflow; otherwise, the behavior > is undefined. If the result points one past the last element of the > array object, it shall not be used as the operand of a unary * > operator that is evaluated." This would be true if not for the ".ai". As written, I think it may be UB, but it's questionable whether that depends on how much extra space was allocated for ai_canonname. In any case it's bad. The initializer should probably be 0, followed by: if (k) out[k-1].ai.ai_next = &out[k].ai; That would get rid of the need to later zero the final one, too. Rich