From nobody Sat Jul 13 05:22:59 2024
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WLcLD1lf2z5PvqG;
	Sat, 13 Jul 2024 05:23:00 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4WLcLC72nrz4nd0;
	Sat, 13 Jul 2024 05:22:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1720848180;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=8B267RMflq7sOhAAsAz2TlP8Dk4R3qIbHYD+aBj17Cg=;
	b=A9PCNBexQ/pczCOvmBjuLJddDbVFy8VAHZkcYkeTMpx5Dft6cC/+ZF5IJ3mIlpwoSlPCUE
	8fM9rpV+tJ+TTZG6uAuc0a31DCpDgSuu4guZiK+5rXVkBlHQr2Sseig8uTmD+fktU5FI2T
	lBRQZMyCfRQfGPRXPAQsBu6EMVNyVpEFJ2GewXp8hPnZa6S/+/KswbphZmMH/DLTFbNyu9
	2Wrt/lnqVR1LxBkrNE5WWNSRaVJcjJ/M5P7TQzBPANEkTOZHGZK7Nt/4Tlr+xi7KQWrD+Y
	+5i2Theh9mdreYdK5cdvm+hNa6djl2H6Piv8WGY7PWcNT7qfpfkzkz+PIBmYSA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1720848180; a=rsa-sha256; cv=none;
	b=J2U7rfyYgS0ZlUCyvQN2kD7oJxs7m3FN46WyLXCEsihB5MfQJW8nvBDPaT5bvOHIkU2A+t
	b2mOkNfw3FawV6iqNNQaIn2+98/wgtM2Q/GMzXOcC50151IU1bohIaWsW6F/ckeGroGIbN
	kiexcKr2n/mAOFeD+jacauHpJbn6iAl3vcS2FmoJsQYAiltT7d5376UpBzanaTe9aLvIYr
	QiuRMCouU7/mc2EMrfYzh1HWNMedqQXNTabKAQevIhtIoJMGS5wpk+OKLdLA0ew3HXoxAR
	qi3CaI/8G5YUVOguwdl/UDNetfcKCKX9IxRXIbm4wlzP8w0BoHPiLTrU7KSiqQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1720848180;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=8B267RMflq7sOhAAsAz2TlP8Dk4R3qIbHYD+aBj17Cg=;
	b=Wd4MnzmCbiK4thQsO/sANUZj7Hiym82wDfylpfKUpdv9N6PtNMxBeklqyMvhj/5CejyAmB
	JcGSyMcU7z/jBzX58h0JgouuaLZ9ND3Qg+M2AjtnU4m1SxGNvrCOOGRjDPqChTnAXI91yy
	R1XhAfJcoiHtKKkGlNorIplaNekgjuf0tUtECn5G6X4QAMybXyYf59x2O3TgVtbBAqTUbE
	zCtEg/rhfrGNHYeCVZ6jtKUqlAFYWhTUpK0IxB24R6OxR6slg4Who4zx4MzFcKAQPlZt9L
	N6StjjaoytpLop3Qkvciz5aPdaArDPF7nwXJoLuhJMEuUYbLkAps7AniEypjsw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WLcLC6fzyz1Cj6;
	Sat, 13 Jul 2024 05:22:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 46D5Mxvh032474;
	Sat, 13 Jul 2024 05:22:59 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 46D5MxKK032471;
	Sat, 13 Jul 2024 05:22:59 GMT
	(envelope-from git)
Date: Sat, 13 Jul 2024 05:22:59 GMT
Message-Id: <202407130522.46D5MxKK032471@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kyle Evans <kevans@FreeBSD.org>
Subject: git: c10d567ea022 - main - include: de-macro __ssp_overlap(),
  improve semantics and checking
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kevans
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: c10d567ea022de8705fb23f8563c4726f2d09ca0
Auto-Submitted: auto-generated

The branch main has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=c10d567ea022de8705fb23f8563c4726f2d09ca0

commit c10d567ea022de8705fb23f8563c4726f2d09ca0
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2024-07-13 05:16:10 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2024-07-13 05:16:23 +0000

    include: de-macro __ssp_overlap(), improve semantics and checking
    
    Switch away from pointer arithmetic to provide more obvious semantics
    for checking overlap on pointer ranges.  This lets us remove some casts
    that need not exist and removes some possible fragility in its use.
    
    While we're here, check for overflow just in case; sometimes we use a
    caller-supplied size if __builtin_object_size(3) can't deduce the buffer
    size, and we should fail the check if the size is nonsensical for the
    provided buffers.
    
    Reviewed by:    markj
    Sponsored by:   Klara, Inc.
    Sponsored by:   Stormshield
---
 include/ssp/ssp.h            | 19 +++++++++++++------
 lib/libc/secure/memcpy_chk.c |  2 +-
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/include/ssp/ssp.h b/include/ssp/ssp.h
index 622e9e901ba6..de109da4959e 100644
--- a/include/ssp/ssp.h
+++ b/include/ssp/ssp.h
@@ -83,12 +83,19 @@ __ssp_inline rtype fun args { \
 #define __ssp_redirect0(rtype, fun, args, call) \
     __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos0)
 
-/*
- * Take caution when using __ssp_overlap!  Don't use it in contexts where we
- * can end up with double-evaluation of a statement with some side-effects.
- */
-#define __ssp_overlap(a, b, l) \
-    (((a) <= (b) && (b) < (a) + (l)) || ((b) <= (a) && (a) < (b) + (l)))
+#include <machine/_stdint.h>
+
+static inline int
+__ssp_overlap(const void *leftp, const void *rightp, __size_t sz)
+{
+	__uintptr_t left = (__uintptr_t)leftp;
+	__uintptr_t right = (__uintptr_t)rightp;
+
+	if (left <= right)
+		return (SIZE_MAX - sz < left || right < left + sz);
+
+	return (SIZE_MAX - sz < right || left < right + sz);
+}
 
 __BEGIN_DECLS
 void __stack_chk_fail(void) __dead2;
diff --git a/lib/libc/secure/memcpy_chk.c b/lib/libc/secure/memcpy_chk.c
index 2a269cb475ab..ac995d00ee8c 100644
--- a/lib/libc/secure/memcpy_chk.c
+++ b/lib/libc/secure/memcpy_chk.c
@@ -44,7 +44,7 @@ __memcpy_chk(void * __restrict dst, const void * __restrict src, size_t len,
 	if (len > slen)
 		__chk_fail();
 
-	if (__ssp_overlap((const char *)src, (const char *)dst, len))
+	if (__ssp_overlap(src, dst, len))
 		__chk_fail();
 
 	return (memcpy(dst, src, len));