[Bug c/112539] a struct with an array of unknown size at the end allows writing past end of the struct

2023-11-15 Thread pgmer6809 at yahoo dot com via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112539

--- Comment #5 from Greg Morse  ---
 Thank you very much for the links.Fascinating stuff for someone who is not a
real programming Guru.I do wonder though what is so appealing about 'trailing
arrays' that they became so embedded in so much code, that the compiler
introduced this undefined behaviour deliberately to accomodate it.But oh well
it probably seemed like a good idea at the time.Thanks again.Greg Morse

On Tuesday, November 14, 2023 at 11:09:43 p.m. PST, sjames at gcc dot
gnu.org  wrote:  

 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112539

--- Comment #2 from Sam James  ---
https://people.kernel.org/kees/bounded-flexible-arrays-in-c and
https://developers.redhat.com/articles/2022/09/29/benefits-limitations-flexible-array-members
are good reads too

[Bug c/112539] New: a struct with an array of unknown size at the end allows writing past end of the struct

2023-11-14 Thread pgmer6809 at yahoo dot com via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112539

Bug ID: 112539
   Summary: a struct with an array of unknown size at the end
allows writing past end of the struct
   Product: gcc
   Version: 11.4.0
Status: UNCONFIRMED
  Severity: normal
  Priority: P3
 Component: c
  Assignee: unassigned at gcc dot gnu.org
  Reporter: pgmer6809 at yahoo dot com
  Target Milestone: ---

Created attachment 56590
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=56590=edit
the output of the gcc --save-temps command

See the manpage for sizeof operator at:
https://man7.org/linux/man-pages/man3/offsetof.3.html
it gives an example of code that shows the size of a struct defined as:
  struct s {
   int i;
   char c;
   double d;
   char a[];
   };
   struct s S;
in their sample program (attached?) the output shows that
the offset of a[] is given as 16; the size of the struct is also given as 16.
This is clearly incorrect.
Changing a[] to either simply a, or even a[1] makes the size of the struct 24
bytes which is correct.

I modified their program to actually try writing to locations S.a[0] and S.a[1]
successfully. The code compiles and runs, and even reports the correct values
when I try to print them out.

So (a) is this a bug in the sizeof operator?
(b) could one use the fact that we can write beyond the end of the struct as
the basis for some sort of exploit?

attached is the file with the gcc output from the --save-temps that you want me
to include with the bug report.
The actual output from the screen is below.
Hope this helps.
Regards,
Greg Morse; pgmer6...@yahoo.com
here is the printed output of the program

greg21@trojan:/tmp$ ./a.out
offsets: i=0; c=4; d=8 a=16
sizeof(struct s)=16
sizeof Int  = 4, char=1, double=8, 
The value of S.a is 5A:Z, W 
The address of S is 0x7fff9be5d070 ; The address of S.a is 0x7fff9be5d080 
The address of S.a[0] is 0x7fff9be5d080, and that of S.a[1] is: 0x7fff9be5d081

[Bug c/103447] left shift operator gives wrong result for shift of 48

2021-11-26 Thread pgmer6809 at yahoo dot com via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103447

--- Comment #2 from Greg Morse  ---
 Thanks for the  v. quick reply. I feel like an idiot.G. M. 

On Friday, November 26, 2021, 04:13:45 p.m. PST, pinskia at gcc dot gnu.org
 wrote:  

 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103447

Andrew Pinski  changed:

          What    |Removed                    |Added

            Status|UNCONFIRMED                |RESOLVED
        Resolution|---                        |INVALID

--- Comment #1 from Andrew Pinski  ---
Use 1ll<<48 to get the right value. 1 by itself is of type int which is 32 bit
so you are shifting outside of the bounds and there for it is undefined.

[Bug c/103447] New: left shift operator gives wrong result for shift of 48

2021-11-26 Thread pgmer6809 at yahoo dot com via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103447

Bug ID: 103447
   Summary: left shift operator gives wrong result for shift of 48
   Product: gcc
   Version: 9.3.0
Status: UNCONFIRMED
  Severity: normal
  Priority: P3
 Component: c
  Assignee: unassigned at gcc dot gnu.org
  Reporter: pgmer6809 at yahoo dot com
  Target Milestone: ---

Created attachment 51886
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=51886=edit
results of the gcc -v save-temps

GCC cannot handle  the statement:

unsigned long long int two48 = 1<<48

on a 64 bit machine with sizeof (two48) = 8.

However it can handle the following fragment:

unsigned long long int two16, two48;
two16 =  256 * 256;
two48=two16*two16*two16 ;

See below
I wanted to attach all the files but I can only attach one.
You said not to make archive or zip files so there it is. No .s or .i file