[musl] [PATCH 1/2] fix error checking in pthread_getname_np

[musl] [PATCH 1/2] fix error checking in pthread_getname_np

[Érico Nogueira]

len is unsigned and can never be smaller than 0. though unlikely, an
error in read() would have lead to an out of bounds write to name.

Reported-by: Michael Forney <mforney@mforney.org>
---
 src/thread/pthread_getname_np.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/thread/pthread_getname_np.c b/src/thread/pthread_getname_np.c
index 48d1a294..85504e45 100644
--- a/src/thread/pthread_getname_np.c
+++ b/src/thread/pthread_getname_np.c
@@ -17,7 +17,7 @@ int pthread_getname_np(pthread_t thread, char *name, size_t len)
 
 	snprintf(f, sizeof f, "/proc/self/task/%d/comm", thread->tid);
 	pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
-	if ((fd = open(f, O_RDONLY|O_CLOEXEC)) < 0 || (len = read(fd, name, len)) < 0) status = errno;
+	if ((fd = open(f, O_RDONLY|O_CLOEXEC)) < 0 || (len = read(fd, name, len)) == -1) status = errno;
 	else name[len-1] = 0; /* remove trailing new line only if successful */
 	if (fd >= 0) close(fd);
 	pthread_setcancelstate(cs, 0);
-- 
2.32.0

[musl] [PATCH 2/2] add -Wtype-limits to enabled warning list

[Érico Nogueira]

this warning catches conditionals which are never true, such as checking
if an unsigned value is smaller than zero. this leads to two warnings in
the getgr_a.c and getpw_a.c files, which assume that the underlying type
for gid_t and uid_t might still change.
---
 configure | 1 +
 1 file changed, 1 insertion(+)

diff --git a/configure b/configure
index a5231a0e..b7beaeab 100755
--- a/configure
+++ b/configure
@@ -546,6 +546,7 @@ tryflag CFLAGS_AUTO -Winit-self
 tryflag CFLAGS_AUTO -Wreturn-type
 tryflag CFLAGS_AUTO -Wsequence-point
 tryflag CFLAGS_AUTO -Wstrict-aliasing
+tryflag CFLAGS_AUTO -Wtype-limits
 tryflag CFLAGS_AUTO -Wunused-function
 tryflag CFLAGS_AUTO -Wunused-label
 tryflag CFLAGS_AUTO -Wunused-variable
-- 
2.32.0

Re: [musl] [PATCH 2/2] add -Wtype-limits to enabled warning list

[Rich Felker]

On Sat, Jul 10, 2021 at 12:25:00AM -0300, Érico Nogueira wrote:
> this warning catches conditionals which are never true, such as checking
> if an unsigned value is smaller than zero. this leads to two warnings in
> the getgr_a.c and getpw_a.c files, which assume that the underlying type
> for gid_t and uid_t might still change.
> ---
>  configure | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/configure b/configure
> index a5231a0e..b7beaeab 100755
> --- a/configure
> +++ b/configure
> @@ -546,6 +546,7 @@ tryflag CFLAGS_AUTO -Winit-self
>  tryflag CFLAGS_AUTO -Wreturn-type
>  tryflag CFLAGS_AUTO -Wsequence-point
>  tryflag CFLAGS_AUTO -Wstrict-aliasing
> +tryflag CFLAGS_AUTO -Wtype-limits
>  tryflag CFLAGS_AUTO -Wunused-function
>  tryflag CFLAGS_AUTO -Wunused-label
>  tryflag CFLAGS_AUTO -Wunused-variable
> -- 
> 2.32.0

I probably won't adopt this, since it necessarily breaks generic
(macro) or underlying-type-agnostic code written to be safe with both
signed and unsigned types.