diff options
| author | Hauke Mehrtens <hauke@hauke-m.de> | 2019-11-01 15:06:01 +0100 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2019-11-08 23:51:41 +0100 |
| commit | fc417e808087f96466d9ce18819e16476af9527b (patch) | |
| tree | 125cdade9cf1ce435159f3948c384c3f4bf884e7 /file.c | |
| parent | 2c8e4a347bb68229937ceda6e099fb10e9b792d1 (diff) | |
| download | uci-fc417e808087f96466d9ce18819e16476af9527b.tar.gz | |
build: Add -Wclobbered to detect problems with longjmp
When we jump back to a save point in UCI_THROW() with longjmp all the
registers will be reset to the old values when we called UCI_TRAP_SAVE()
last time, but the memory is not restored. This will revert all the
variables which are stored in registers, but not the variables stored on
the stack.
Mark all the variables which the compiler could put into a register as
volatile to store them safely on the stack and make sure they have the
defined current values also after longjmp was called.
The setjmp() manage says the following:
----------------------------------------------------------------------
The compiler may optimize variables into registers, and longjmp()
may restore the values of other registers in addition to the stack
pointer and program counter. Consequently, the values of automatic
variables are unspecified after a call to longjmp() if they meet all the
following criteria:
* they are local to the function that made the corresponding setjmp()
call;
* their values are changed between the calls to setjmp() and longjmp();
and
* they are not declared as volatile.
---------------------------------------------------------------------
The -Wclobbered compiler option warns about all variables which are
written after setjmp() was called, not all of them could cause problems,
but to make sure to catch all real problems add this warning and fix all
occurrences of this warning.
This also activates a compiler warning which should warn us in such
cases.
This could fix some potential problems in error paths like the one
reported in CVE-2019-15513.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'file.c')
| -rw-r--r-- | file.c | 11 |
1 files changed, 6 insertions, 5 deletions
@@ -721,10 +721,10 @@ static void uci_file_commit(struct uci_context *ctx, struct uci_package **packag { struct uci_package *p = *package; FILE *f1, *f2 = NULL; - char *name = NULL; - char *path = NULL; + char *volatile name = NULL; + char *volatile path = NULL; char *filename = NULL; - bool do_rename = false; + volatile bool do_rename = false; int fd; if (!p->path) { @@ -881,12 +881,13 @@ static char **uci_list_config_files(struct uci_context *ctx) return configs; } -static struct uci_package *uci_file_load(struct uci_context *ctx, const char *name) +static struct uci_package *uci_file_load(struct uci_context *ctx, + const char *volatile name) { struct uci_package *package = NULL; char *filename; bool confdir; - FILE *file = NULL; + FILE *volatile file = NULL; switch (name[0]) { case '.': |