search

ANSSI-FR / libecc

Library for elliptic curves cryptography
Other
258 stars 86 forks source link

Error compilation example, overflow #29

Closed atxr closed 2 years ago

atxr commented 2 years ago

Hi it's me again :upside_down_face: When trying to compile the examples I have compilation errors about an overflow with the KCDSA sig test.

Step to reproduce:

cd src/examples
make

Here is the output I have

In function ‘buf_lshift’,
    inlined from ‘kcdsa_sign’ at kcdsa.c:262:9:
kcdsa.c:113:32: error: writing 16 bytes into a region of size 2 [-Werror=stringop-overflow=]
  113 |                 buf[i - shift] = buf[i];
      |                 ~~~~~~~~~~~~~~~^~~~~~~~
kcdsa.c: In function ‘kcdsa_sign’:
kcdsa.c:154:12: note: at offset 112 into destination object ‘hash’ of size 114
  154 |         u8 hash[MAX_DIGEST_SIZE];
      |            ^~~~
In function ‘buf_lshift’,
    inlined from ‘kcdsa_sign’ at kcdsa.c:262:9:
kcdsa.c:113:32: error: writing 16 bytes into a region of size 0 [-Werror=stringop-overflow=]
  113 |                 buf[i - shift] = buf[i];
      |                 ~~~~~~~~~~~~~~~^~~~~~~~
kcdsa.c: In function ‘kcdsa_sign’:
kcdsa.c:154:12: note: at offset 128 into destination object ‘hash’ of size 114
  154 |         u8 hash[MAX_DIGEST_SIZE];
      |            ^~~~
In function ‘buf_lshift’,
    inlined from ‘kcdsa_sign’ at kcdsa.c:262:9:
        ^~~~

[...]

These errors are quite repetitive so I cut the output to avoid flooding the issue, but I can send the full errors if needed. Thanks,

rben-dev commented 2 years ago

Hi again :-),

This is weird, with gcc 11.3.0 as well as clang-15 (debian packaged) I have no issue compiling the examples. Can you please provide your compiler flavor and version?

Nonetheless, these stringop-overflow are false positive warnings (that trigger an error due to the -Werror strict compilation flag).

Regards,

rben-dev commented 2 years ago

A little update: I have indeed the same warnings with gcc 10, and confirm that these are false alarms (see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102513 and https://gcc.gnu.org/pipermail/gcc-patches/2022-February/590371.html, which explains why gcc 11 does not emit them). By the way, the reported overflows should be prevented by the check at the beginning of the function buf_lshift:

        if (shift > buflen) {
                shift = buflen;
        }

As a quick fix, you can force the Wno-error behavior using the following toggle:

$ WNOERROR=1 make

Regards,

atxr commented 2 years ago

Hi! With the WNOERROR=1 flag I can indeed skip those false positives. Thank you for these answers!