Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
a bug of gcc -O2 for mips64el-n32 on loongson 2f ?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo on Alternative Architectures
View previous topic :: View next topic  
Author Message
XiaoaiX
n00b
n00b


Joined: 30 May 2015
Posts: 30

PostPosted: Sun Jun 12, 2022 2:22 am    Post subject: a bug of gcc -O2 for mips64el-n32 on loongson 2f ? Reply with quote

I met this problem when upgrading to coreutils-8.32 on an mips64el-n32 system of Yeeloong netbook with loongon-2f mips cpu. It occurs when testing the "%n" parameter for sprintf compiled with "gcc -O2" when doing the ./configure. The c program is as follows ( I've modified the original test code in the configure process of the coreutils-8.32 a little but kept the same problem here)
Code:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
static char fmtstring[10];
static char buf[100];
int main ()
{
int count = -1;
/* Copy the format string. Some systems (glibc with _FORTIFY_SOURCE=2)
support %n in format strings in read-only memory but not in writable
memory. */

strcpy (fmtstring, "%d %n");
if (sprintf (buf, fmtstring, 123, &count, 33, 44, 55) < 0
|| strcmp (buf, "123 ") != 0
|| count != 4)
{
printf("wrong");
return 1;
}
printf("right");
return 0;
}


If compile without "-O2" optimization, there is no problem at runtime. But if with -O2, there will be a problem at runtime:

Code:

*** %n in writable segment detected ***

This happens both with gcc-11.3.0 and with 8.3.0.

Is this a bug of gcc?
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 23021

PostPosted: Sun Jun 12, 2022 2:57 am    Post subject: Reply with quote

No. This is a bug in the C program that is attempting to use the unsafe modifier %n from writable memory, while fortification is enabled. %n can be used in certain exploits, so glibc includes some elaborate code to refuse to accept it in writable memory.
Back to top
View user's profile Send private message
XiaoaiX
n00b
n00b


Joined: 30 May 2015
Posts: 30

PostPosted: Sun Jun 12, 2022 3:28 am    Post subject: Reply with quote

Hu wrote:
No. This is a bug in the C program that is attempting to use the unsafe modifier %n from writable memory, while fortification is enabled. %n can be used in certain exploits, so glibc includes some elaborate code to refuse to accept it in writable memory.


But compiled without "-O2", it can run successfully. Why only refuse to accept it only with "-O2" optimization?

On amd64 system, this program is also compiled and run without a problem both with and without "-O2".
Back to top
View user's profile Send private message
sam_
Developer
Developer


Joined: 14 Aug 2020
Posts: 2096

PostPosted: Sun Jun 12, 2022 7:55 am    Post subject: Reply with quote

XiaoaiX wrote:
Hu wrote:
No. This is a bug in the C program that is attempting to use the unsafe modifier %n from writable memory, while fortification is enabled. %n can be used in certain exploits, so glibc includes some elaborate code to refuse to accept it in writable memory.


But compiled without "-O2", it can run successfully. Why only refuse to accept it only with "-O2" optimization?

On amd64 system, this program is also compiled and run without a problem both with and without "-O2".


1. Some optimisation is needed for FORTIFY_SOURCE.
2. Optimisation unlocks more introspection (and obviously optimisation) passes within the compiler through which it learns more about the code.

If the program is clearly doing something naughty, the options which make it work - or not - should not be read into. Compilers are free to ignore - or not ignore - undefined behaviour as they wish. They are not compliance checkers.

It sounds a bit to me like this test is supposed to fail anyway, right? What's the original problem you hit?
Back to top
View user's profile Send private message
XiaoaiX
n00b
n00b


Joined: 30 May 2015
Posts: 30

PostPosted: Sun Jun 12, 2022 9:33 am    Post subject: Reply with quote

sam_ wrote:
XiaoaiX wrote:
Hu wrote:
No. This is a bug in the C program that is attempting to use the unsafe modifier %n from writable memory, while fortification is enabled. %n can be used in certain exploits, so glibc includes some elaborate code to refuse to accept it in writable memory.


But compiled without "-O2", it can run successfully. Why only refuse to accept it only with "-O2" optimization?

On amd64 system, this program is also compiled and run without a problem both with and without "-O2".


1. Some optimisation is needed for FORTIFY_SOURCE.
2. Optimisation unlocks more introspection (and obviously optimisation) passes within the compiler through which it learns more about the code.

If the program is clearly doing something naughty, the options which make it work - or not - should not be read into. Compilers are free to ignore - or not ignore - undefined behaviour as they wish. They are not compliance checkers.

It sounds a bit to me like this test is supposed to fail anyway, right? What's the original problem you hit?



Yes, the emerge hung up forever at the configure step while I am using "-O2" in the CFLAGS. The problem is caused by the test for the support of "%n" of sprintf. The configure would try to compile the test program like the one in my first post and run it and then it hung up forever.

I forgot to say that besides the error message in my original post, the program hung up forever in the runtime.

Do you mean that I need to add some more flags in CFLAGS to enable or disable FORTIFY_SOURCE? What CFLAGS should be added? Thanks.
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 23021

PostPosted: Sun Jun 12, 2022 3:47 pm    Post subject: Reply with quote

%n is strongly discouraged in writable memory, to the point that glibc will abort the program for trying it. Therefore, I consider it a bug for any C program that links to glibc to use %n in writable memory. If this configure test is as you showed, then the test is broken.

Regardless of that, the test program should have compiled quickly and correctly. Running it would not be useful, but compilation should have finished.
Back to top
View user's profile Send private message
XiaoaiX
n00b
n00b


Joined: 30 May 2015
Posts: 30

PostPosted: Mon Jun 13, 2022 3:52 am    Post subject: Reply with quote

Hu wrote:
%n is strongly discouraged in writable memory, to the point that glibc will abort the program for trying it. Therefore, I consider it a bug for any C program that links to glibc to use %n in writable memory. If this configure test is as you showed, then the test is broken.

Regardless of that, the test program should have compiled quickly and correctly. Running it would not be useful, but compilation should have finished.


Yes, the compilation is successful but the program would never return at runtime. But the configure script was waiting for the return value of the program forever.
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 23021

PostPosted: Mon Jun 13, 2022 2:45 pm    Post subject: Reply with quote

That is a strange failure mode. However, I maintain that it is a bug for this program to use %n in writable memory, while linked to glibc, and while using source fortification, because we know that glibc reacts badly to that combination. The program ought not do all those things at once. When using glibc with fortification, it should not use a writable %n. The authors of the test even seem to expect that this will not work well, so it is strange that they would test for it. I would further argue that testing for it at configure time is wrong anyway, since the user might build on a glibc that permits it, then upgrade to one that does not.
Back to top
View user's profile Send private message
XiaoaiX
n00b
n00b


Joined: 30 May 2015
Posts: 30

PostPosted: Tue Jun 14, 2022 4:14 am    Post subject: Reply with quote

Hu wrote:
That is a strange failure mode. However, I maintain that it is a bug for this program to use %n in writable memory, while linked to glibc, and while using source fortification, because we know that glibc reacts badly to that combination. The program ought not do all those things at once. When using glibc with fortification, it should not use a writable %n. The authors of the test even seem to expect that this will not work well, so it is strange that they would test for it. I would further argue that testing for it at configure time is wrong anyway, since the user might build on a glibc that permits it, then upgrade to one that does not.


Thanks. I understand your point. Maybe newer versions of the coreutils has no such problem. I will try later. If the problem is still there, I will come back.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo on Alternative Architectures All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum