Josh Triplett wrote:
> Russ Cox wrote:
>>> Yes, that makes sense. These functions just check for the annotation on
>>> their
>>> pointer argument, and having the const annotation would allow them to check
>>> const pointers without provoking a warning due to the lack of const.
>> They don't provoke a warning now. Sparse is silent on this program:
>>
>> #define __user __attribute__((noderef, address_space(1)))
>>
>> extern void __chk_user_ptr(void __user *);
>>
>> void
>> f(const void __user *p)
>> {
>> __chk_user_ptr(p);
>> }
>
> Hmmm, odd. After a few iterations, I managed to discover that Sparse will
> warn if you attempt to convert a const int * to an int *, but not if you
> attempt to convert a const void * to a void *. This seems like a bug to me.
This bug appears to come from the following code in compatible_assignment_types:
/* "void *" matches anything as long as the address space is OK
*/
target_as = t->ctype.as | target->ctype.as;
source_as = s->ctype.as | source->ctype.as;
if (source_as == target_as && (s->type == SYM_PTR || s->type ==
SYM_ARRAY)) {
s = get_base_type(s);
t = get_base_type(t);
if (s == &void_ctype || t == &void_ctype)
goto Cast;
}
This should almost certainly check more than just address spaces.
- Josh Triplett
signature.asc
Description: OpenPGP digital signature
