[LITMUS^RT] Error Compiling liblitmus

Manohar Vanga mvanga at mpi-sws.org
Fri Jul 15 12:47:09 CEST 2016 

On Fri, Jul 15, 2016 at 10:56 AM, Björn Brandenburg <bbb at mpi-sws.org> wrote:

>
> > On 15 Jul 2016, at 01:49, Roohollah <roohollahamiri at u.boisestate.edu>
> wrote:
> >
> > I am trying to compile liblitmus, the latest version. But I am getting
> the following error:
> >
> > src/migration.c:83:27: error: array subscript is below array bounds
> [-Werror=array-bounds]
> >
> > I am using Fedora 24, gcc-6.1.1 . Is there any one know how to solve
> that problem?
>
>
> Looks like there’s an out-of-bounds access in Glenn’s domain parsing code.
>
>
> https://github.com/LITMUS-RT/liblitmus/blob/master/src/migration.c#L83
>
> However, Mahir recently patched that loop and changed one of the indices.
> Perhaps the patch was incomplete?
>
>
> https://github.com/LITMUS-RT/liblitmus/commit/322eaadaa95b4f64f4102a9bc6aaa2237401ae41
>
> Mahir, can you please look into this?
>

The change is incorrect. It should be 8 because the last chunk doesn't have
a trailing comma. Consider the following example:

buf="xxx,xxxxxxxx,xxxxxxxx"
We want to parse it backwards starting with the last 8 characters.
At line 67, "chunk_str = buf + len - 8" gives the correct behavior
(chunk_str = "xxxxxxxx").
"chunk_str = buf + len - 9" ends up giving (chunk_str = ",xxxxxxxx").

On the other hand, the exit condition in the do-while loop is relying on
out-of-bounds pointer arithmetic which is undefined in the C standard. I'm
guessing the warning is something that was recently introduced in GCC.

The loop can just be rewritten as follows to avoid the use of undefined
behaviour (I leave the correct patching to Mahir). Hopefully this removes
the issue:

    /* process LSB chunks first (at the end of the str) and move backward */
    chunk_str = buf + len;
    i = 0;
    do
    {
        unsigned long chunk;
        chunk_str -= 9;
        if(chunk_str < buf)
            chunk_str = buf; /* when MSB mask is less than 8 chars */
        chunk = strtoul(chunk_str, NULL, 16);
        while (chunk) {
            int j = ffsl(chunk) - 1;
            int x = i*32 + j;
            CPU_SET_S(x, *sz, *set);
            chunk &= ~(1ul << j);
        }
        i += 1;
    } while(chunk_str > buf);

(Please do review this carefully though.) Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.litmus-rt.org/pipermail/litmus-dev/attachments/20160715/cdb2b273/attachment.html>

More information about the litmus-dev mailing list