about summary refs log tree commit diff
path: root/sysdeps/unix/sysv/linux/timer_getoverr.c
diff options
context:
space:
mode:
authorAdhemerval Zanella <adhemerval.zanella@linaro.org>2020-10-05 17:30:05 -0300
committerAdhemerval Zanella <adhemerval.zanella@linaro.org>2020-10-06 15:29:35 -0300
commit7a887dd537cd00fe3cdf42b788b3f0e3b430b0ed (patch)
tree2ce82095bd3f24a54af4980703cbb69cd5b7d155 /sysdeps/unix/sysv/linux/timer_getoverr.c
parent862897d2addfacc2af85b571ebf5a82659455e8c (diff)
downloadglibc-7a887dd537cd00fe3cdf42b788b3f0e3b430b0ed.tar.gz
glibc-7a887dd537cd00fe3cdf42b788b3f0e3b430b0ed.tar.xz
glibc-7a887dd537cd00fe3cdf42b788b3f0e3b430b0ed.zip
posix: Fix -Warray-bounds instances building timer_create [BZ #26687]
GCC 11 -Warray-bounds triggers invalid warnings when building
Linux timer_create.c:

../sysdeps/unix/sysv/linux/timer_create.c: In function '__timer_create_new':
../sysdeps/unix/sysv/linux/timer_create.c:83:17: warning: array subscript 'struct timer[0]' is partly outside array bounds of 'unsigned char[8]' [-Warray-bounds]
   83 |             newp->sigev_notify = (evp != NULL
      |                 ^~
../sysdeps/unix/sysv/linux/timer_create.c:59:47: note: referencing an object of size 8 allocated by 'malloc'
   59 |         struct timer *newp = (struct timer *) malloc (offsetof (struct timer,
      |                                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   60 |                                                                 thrfunc));
      |                                                                 ~~~~~~~~~

The struct allocated for !SIGEV_THREAD timers only requires two 'int'
fields (sigev_notify and ktimerid) and the offsetof trick tries minimize
the memory usage by only allocation the required size.  However,
although the resulting size is suffice for !SIGEV_THREAD time, accessing
the partially allocated object is error-prone and UB.

This patch fixes both issues by embedding the information whether
the timer if a SIGEV_THREAD in the returned 'timer_t'.  For
!SIGEV_THREAD, the resulting 'timer_t' is the returned kernel timer
identifer (kernel_timer_t), while for SIGEV_THREAD it uses the fact
malloc returns at least _Alignof (max_align_t) pointers plus that
valid kernel_timer_t are always positive to set MSB bit of the returned
'timer_t' to indicate the timer handles a SIGEV_THREAD.

It allows to remove the memory allocation for !SIGEV_THREAD and also
remove the 'sigev_notify' field from 'struct timer'.

Checked on x86_64-linux-gnu and i686-linux-gnu.
Diffstat (limited to 'sysdeps/unix/sysv/linux/timer_getoverr.c')
-rw-r--r--sysdeps/unix/sysv/linux/timer_getoverr.c8
1 files changed, 2 insertions, 6 deletions
diff --git a/sysdeps/unix/sysv/linux/timer_getoverr.c b/sysdeps/unix/sysv/linux/timer_getoverr.c
index 81b9723f01..7862d162b9 100644
--- a/sysdeps/unix/sysv/linux/timer_getoverr.c
+++ b/sysdeps/unix/sysv/linux/timer_getoverr.c
@@ -31,10 +31,6 @@ int
 timer_getoverrun (timer_t timerid)
 {
 #undef timer_getoverrun
-  struct timer *kt = (struct timer *) timerid;
-
-  /* Get the information from the kernel.  */
-  int res = INLINE_SYSCALL (timer_getoverrun, 1, kt->ktimerid);
-
-  return res;
+  kernel_timer_t ktimerid = timerid_to_kernel_timer (timerid);
+  return INLINE_SYSCALL_CALL (timer_getoverrun, ktimerid);
 }