I'm looking into a "PAX: size overflow" error from ZFSOnLinux:
https://github.com/zfsonlinux/zfs/issues/2505
I have a naive test program demonstrating the problem which bugs out with a "size overflow" when compiled with gcc -O (4.6.3 and 4.7.2), but doesn't error when compiled without optimisation:
- Code: Select all
$ gcc -fplugin=linux/tools/gcc/size_overflow_plugin/size_overflow_plugin.so test.c -o test -O 2> /dev/null && ./test
SIZE_OVERFLOW: size overflow detected in function main test.c:25 cicus.8_14 min, count: 2
$ gcc -fplugin=linux/tools/gcc/size_overflow_plugin/size_overflow_plugin.so test.c -o test 2> /dev/null && ./test
exit ok
This is using grsecurity-3.0-3.14.12.
The test program, based on the example in https://forums.grsecurity.net/viewtopic.php?f=7&t=3043
- Code: Select all
#include <stdint.h>
#include <stdio.h>
extern void *malloc(size_t size) __attribute__((size_overflow(1)));
void * __attribute__((size_overflow(1))) coolmalloc(size_t size)
{
return malloc(size);
}
void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name)
{
printf("SIZE_OVERFLOW: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name);
fflush(stdout);
_exit(1);
}
#define P2ROUNDUP_TYPED(x, align, type) \
(-(-(type)(x) & -(type)(align)))
int main(int argc, char *argv[])
{
size_t namesize = strlen(argv[0]);
namesize = P2ROUNDUP_TYPED(namesize, sizeof (uint64_t), size_t);
coolmalloc(20 + namesize);
printf("exit ok\n");
}
Is this my error (first time I've looked at grsecurity), an error in the code, an error in gcc, or an error in grsecurity?
Cheers,
Chris