mirror of
https://gitlab.freedesktop.org/wayland/wayland.git
synced 2025-11-02 09:01:39 -05:00
util: fix undefined behavior in wl_array_for_each
If a wl_array has size zero, wl_array_for_each computes NULL + 0 to get to the end pointer. This should be fine, and indeed it would be fine in C++. But the C specification has a mistake here and it is actually undefined behavior. See https://davidben.net/2024/01/15/empty-slices.html Clang's -fsanitize=undefined flags this. I ran into this in Chromium's build with wayland-scanner on one of our XML files. ../../third_party/wayland/src/src/scanner.c:1853:2: runtime error: applying zero offset to null pointer #0 0x55c979b8e02c in emit_code third_party/wayland/src/src/scanner.c:1853:2 #1 0x55c979b89323 in main third_party/wayland/src/src/scanner.c #2 0x7f8dfdb8c6c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #3 0x7f8dfdb8c784 in __libc_start_main csu/../csu/libc-start.c:360:3 #4 0x55c979b70f39 in _start (...) An empty XML file is sufficient to hit this case, so I've added it as a test. To reproduce, undo the fix and include only the test, then build with: CC=clang CFLAGS="-fno-sanitize-recover=undefined" meson build/ -Db_sanitize=undefined -Db_lundef=false ninja -C build test Signed-off-by: David Benjamin <davidben@google.com>
This commit is contained in:
David Benjamin
parent
aa2a6d560b
commit
8a7ecd774c
7 changed files with 177 additions and 0 deletions
83
tests/data/empty-client.h
Normal file
83
tests/data/empty-client.h
Normal file
|
|
@ -0,0 +1,83 @@
|
|||
/* SCANNER TEST */
|
||||
|
||||
#ifndef EMPTY_CLIENT_PROTOCOL_H
|
||||
#define EMPTY_CLIENT_PROTOCOL_H
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stddef.h>
|
||||
#include "wayland-client.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* @page page_empty The empty protocol
|
||||
* @section page_ifaces_empty Interfaces
|
||||
* - @subpage page_iface_empty -
|
||||
*/
|
||||
struct empty;
|
||||
|
||||
#ifndef EMPTY_INTERFACE
|
||||
#define EMPTY_INTERFACE
|
||||
/**
|
||||
* @page page_iface_empty empty
|
||||
* @section page_iface_empty_api API
|
||||
* See @ref iface_empty.
|
||||
*/
|
||||
/**
|
||||
* @defgroup iface_empty The empty interface
|
||||
*/
|
||||
extern const struct wl_interface empty_interface;
|
||||
#endif
|
||||
|
||||
#define EMPTY_EMPTY 0
|
||||
|
||||
|
||||
/**
|
||||
* @ingroup iface_empty
|
||||
*/
|
||||
#define EMPTY_EMPTY_SINCE_VERSION 1
|
||||
|
||||
/** @ingroup iface_empty */
|
||||
static inline void
|
||||
empty_set_user_data(struct empty *empty, void *user_data)
|
||||
{
|
||||
wl_proxy_set_user_data((struct wl_proxy *) empty, user_data);
|
||||
}
|
||||
|
||||
/** @ingroup iface_empty */
|
||||
static inline void *
|
||||
empty_get_user_data(struct empty *empty)
|
||||
{
|
||||
return wl_proxy_get_user_data((struct wl_proxy *) empty);
|
||||
}
|
||||
|
||||
static inline uint32_t
|
||||
empty_get_version(struct empty *empty)
|
||||
{
|
||||
return wl_proxy_get_version((struct wl_proxy *) empty);
|
||||
}
|
||||
|
||||
/** @ingroup iface_empty */
|
||||
static inline void
|
||||
empty_destroy(struct empty *empty)
|
||||
{
|
||||
wl_proxy_destroy((struct wl_proxy *) empty);
|
||||
}
|
||||
|
||||
/**
|
||||
* @ingroup iface_empty
|
||||
*/
|
||||
static inline void
|
||||
empty_empty(struct empty *empty)
|
||||
{
|
||||
wl_proxy_marshal_flags((struct wl_proxy *) empty,
|
||||
EMPTY_EMPTY, NULL, wl_proxy_get_version((struct wl_proxy *) empty), 0);
|
||||
}
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
||||
Loading…
Add table
Add a link
Reference in a new issue