box86 icon indicating copy to clipboard operation
box86 copied to clipboard
verified publisher icon ptitSeb

out of bounds access in interpreter mode

Open Cloudef opened this issue 3 years ago • 4 comments

Currently in progress of porting box86 to android (ndk / bionic) and fixing bunch of compiler warnings in the project, I came upon this which seems quite obvious error, but just confirming that this actually is mistake and me not just understanding something:

/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/emu/x86run66.c:586:38: warning: array index 1 is past the end of the array (which contains 1 element) [-Warray-bounds]
                            tmp32u2= ED->dword[1];
                                     ^         ~
/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/emu/modrm.h:139:21: note: expanded from macro 'ED'
#define ED          oped
                    ^
/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/include/regs.h:16:2: note: array 'dword' declared here
        uint32_t dword[1];
        ^
/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/emu/x86run66.c:590:33: warning: array index 1 is past the end of the array (which contains 1 element) [-Warray-bounds]
                                ED->dword[1] = R_ECX;
                                ^         ~
/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/emu/modrm.h:139:21: note: expanded from macro 'ED'
#define ED          oped
                    ^
/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/include/regs.h:16:2: note: array 'dword' declared here
        uint32_t dword[1];
        ^
In file included from /tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/emu/x86run.c:1046:
/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/emu/rundc.h:156:24: warning: pragma diagnostic pop could not pop, no matching push [-Wunknown-pragmas]
#pragma GCC diagnostic pop
                       ^
In file included from /tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/emu/x86run.c:273:
/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/emu/run0f.h:37:21: warning: array index 2 is past the end of the array (which contains 2 elements) [-Warray-bounds]
                    ED->word[2] = 0xd000;
                    ^        ~
/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/emu/modrm.h:139:21: note: expanded from macro 'ED'
#define ED          oped
                    ^
/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/include/regs.h:18:2: note: array 'word' declared here
        uint16_t word[2];
        ^
In file included from /tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/emu/x86run.c:273:
/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/emu/run0f.h:43:21: warning: array index 2 is past the end of the array (which contains 2 elements) [-Warray-bounds]
                    ED->word[2] = 0;
                    ^        ~
/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/emu/modrm.h:139:21: note: expanded from macro 'ED'
#define ED          oped
                    ^
/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/include/regs.h:18:2: note: array 'word' declared here
        uint16_t word[2];
        ^
In file included from /tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/emu/x86run.c:273:
/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/emu/run0f.h:1116:30: warning: array index 1 is past the end of the array (which contains 1 element) [-Warray-bounds]
                    tmp32u2= ED->dword[1];
                             ^         ~
/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/emu/modrm.h:139:21: note: expanded from macro 'ED'
#define ED          oped
                    ^
/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/include/regs.h:16:2: note: array 'dword' declared here
        uint32_t dword[1];
        ^
In file included from /tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/emu/x86run.c:273:
/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/emu/run0f.h:1120:25: warning: array index 1 is past the end of the array (which contains 1 element) [-Warray-bounds]
                        ED->dword[1] = R_ECX;
                        ^         ~
/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/emu/modrm.h:139:21: note: expanded from macro 'ED'
#define ED          oped
                    ^
/tmp/nix-build-box86-android-armv7a-unknown-linux-androideabi.drv-10/box86/src/include/regs.h:16:2: note: array 'dword' declared here
        uint32_t dword[1];
        ^
2 warnings generated.

Cloudef avatar Feb 15 '22 10:02 Cloudef

No it's on purpose. Those opcodes acces 8bytes of memory instead of 4 like most. I'll probably change the way I define the structure later to avoid that warning.

ptitSeb avatar Feb 15 '22 12:02 ptitSeb

I'll add some CI later for as many platforms as I can, with nix + github actions. Apart from checking builds and warnings would you be interested in static analysis, valgrind, UBSAN, and perhaps code coverage reports?

Cloudef avatar Feb 15 '22 12:02 Cloudef

Why not. But not of this, I guess, will be working to cover the dynarec generated code. But yeah, at least the other code can be checked. The current integrated test are very light, coverage is really low currently.

ptitSeb avatar Feb 15 '22 12:02 ptitSeb

I already fixed all other warnings, I should have PR in upcoming weeks.

Cloudef avatar Feb 15 '22 13:02 Cloudef