[LTP] [PATCH 0/3] safe_macros: Fix undefined behaviour in vararg handling

Tudor Cretu tudor.cretu@arm.com
Wed Nov 23 15:47:43 CET 2022


Accessing elements in an empty va_list results in undefined behaviour[0]
that can include accessing arbitrary stack memory. While typically this
doesn't raise a fault, some new more security-oriented architectures
(e.g. CHERI[1] or Morello[2]) don't allow it.

Therefore, remove the variadicness from safe_* wrappers that always call
the functions with the optional argument included.

Adapt the respective SAFE_* macros to handle the change by passing a
default argument if they're omitted.

[0]: [ISO/IEC 9899:2011] Programming Languages—C, 3rd ed, paragraph 7.16.1.1
[1]: https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/
[2]: https://www.morello-project.org/

Tudor Cretu (3):
  safe_open: Fix undefined behaviour in vararg handling
  safe_openat: Fix undefined behaviour in vararg handling
  safe_semctl: Fix undefined behaviour in vararg handling

 include/old/safe_macros.h   |  6 ++++--
 include/safe_macros_fn.h    |  3 ++-
 include/tst_safe_file_at.h  | 10 ++++++----
 include/tst_safe_macros.h   |  6 ++++--
 include/tst_safe_sysv_ipc.h | 14 +++++++++-----
 lib/safe_macros.c           | 13 +------------
 lib/tst_cgroup.c            |  2 +-
 lib/tst_safe_file_at.c      | 11 +++--------
 lib/tst_safe_sysv_ipc.c     | 10 +---------
 9 files changed, 31 insertions(+), 44 deletions(-)

-- 
2.25.1



More information about the ltp mailing list