10468 __ctype_mask[EOF] has been working by accident

10469 GCC's -faggressive-loop-optimizations is too aggressive
10470 array over-read in has_saved_fp()
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: John Levon <john.levon@joyent.com>
Reviewed by: Toomas Soome <tsoome@me.com>
Reviewed by: Igor Kozhukhov <igor@dilos.org>
Reviewed by: Andy Fiddaman <andy@omniosce.org>
Reviewed by: Gergő Doma <domag02@gmail.com>
Reviewed by: Gary Mills <gary_mills@fastmail.fm>
Approved by: Richard Lowe <richlowe@richlowe.net>

5 files changed, 42 insertions, 24 deletions

diff --git a/usr/src/Makefile.master b/usr/src/Makefile.master
index 501853a6ed..5321004bff 100644
--- a/usr/src/Makefile.master
+++ b/usr/src/Makefile.master
@@ -372,6 +372,17 @@ CCNOREORDER=	\
 	-_gcc7=-fno-reorder-functions \
 	-_gcc8=-fno-reorder-functions
 
+#
+# gcc has a rather aggressive optimization on by default that infers loop
+# bounds based on undefined behavior (!!).  This can lead to some VERY
+# surprising optimizations -- ones that may be technically correct in the
+# strictest sense but also result in incorrect program behavior.  We turn
+# this optimization off, with extreme prejudice.
+#
+CCNOAGGRESSIVELOOPS= \
+	-_gcc7=-fno-aggressive-loop-optimizations \
+	-_gcc8=-fno-aggressive-loop-optimizations
+
 # One optimization the compiler might perform is to turn this:
 #	#pragma weak foo
 #	extern int foo;
@@ -601,10 +612,12 @@ $(SRCDBGBLD)CCSOURCEDEBUGFLAGS	= $(CCGDEBUG) -xs
 CFLAGS=         $(COPTFLAG) $($(MACH)_CFLAGS) $(SPACEFLAG) $(CCMODE) \
 		$(ILDOFF) $(CERRWARN) $(CSTD) $(CCUNBOUND) $(IROPTFLAG) \
 		$(CGLOBALSTATIC) $(CCNOAUTOINLINE) $(CCNOREORDER) \
+		$(CCNOAGGRESSIVELOOPS) \
 		$(CSOURCEDEBUGFLAGS) $(CUSERFLAGS)
 CFLAGS64=       $(COPTFLAG64) $($(MACH64)_CFLAGS) $(SPACEFLAG64) $(CCMODE64) \
 		$(ILDOFF) $(CERRWARN) $(CSTD) $(CCUNBOUND) $(IROPTFLAG64) \
 		$(CGLOBALSTATIC) $(CCNOAUTOINLINE) $(CCNOREORDER) \
+		$(CCNOAGGRESSIVELOOPS) \
 		$(CSOURCEDEBUGFLAGS) $(CUSERFLAGS64)
 #
 # Flags that are used to build parts of the code that are subsequently
diff --git a/usr/src/lib/libc/port/locale/table.c b/usr/src/lib/libc/port/locale/table.c
index 3c0ce09901..0ccb3d9292 100644
--- a/usr/src/lib/libc/port/locale/table.c
+++ b/usr/src/lib/libc/port/locale/table.c
@@ -1,6 +1,7 @@
 /*
  * Copyright 2013 Garrett D'Amore <garrett@damore.org>
  * Copyright 2017 Nexenta Systems, Inc.
+ * Copyright 2019 Joyent, Inc.
  * Copyright (c) 1993
  *	The Regents of the University of California.  All rights reserved.
  *
@@ -39,7 +40,7 @@
 #include "mblocal.h"
 #include "_ctype.h"
 
-#define	_DEFRUNETYPE { \
+#define	_DEFRUNETYPE \
 	/* 00 */ \
 	_CTYPE_C, \
 	_CTYPE_C, \
@@ -183,10 +184,9 @@
 	_CTYPE_P|_CTYPE_R|_CTYPE_G, \
 	_CTYPE_P|_CTYPE_R|_CTYPE_G, \
 	_CTYPE_P|_CTYPE_R|_CTYPE_G, \
-	_CTYPE_C, \
-}
+	_CTYPE_C
 
-#define	_DEFMAPLOWER { \
+#define	_DEFMAPLOWER \
 	0x00,	0x01,	0x02,	0x03,	0x04,	0x05,	0x06,	0x07, \
 	0x08,	0x09,	0x0a,	0x0b,	0x0c,	0x0d,	0x0e,	0x0f, \
 	0x10,	0x11,	0x12,	0x13,	0x14,	0x15,	0x16,	0x17, \
@@ -218,10 +218,9 @@
 	0xe0,	0xe1,	0xe2,	0xe3,	0xe4,	0xe5,	0xe6,	0xe7, \
 	0xe8,	0xe9,	0xea,	0xeb,	0xec,	0xed,	0xee,	0xef, \
 	0xf0,	0xf1,	0xf2,	0xf3,	0xf4,	0xf5,	0xf6,	0xf7, \
-	0xf8,	0xf9,	0xfa,	0xfb,	0xfc,	0xfd,	0xfe,	0xff, \
-}
+	0xf8,	0xf9,	0xfa,	0xfb,	0xfc,	0xfd,	0xfe,	0xff
 
-#define	_DEFMAPUPPER { \
+#define	_DEFMAPUPPER \
 	0x00,	0x01,	0x02,	0x03,	0x04,	0x05,	0x06,	0x07, \
 	0x08,	0x09,	0x0a,	0x0b,	0x0c,	0x0d,	0x0e,	0x0f, \
 	0x10,	0x11,	0x12,	0x13,	0x14,	0x15,	0x16,	0x17, \
@@ -253,27 +252,32 @@
 	0xe0,	0xe1,	0xe2,	0xe3,	0xe4,	0xe5,	0xe6,	0xe7, \
 	0xe8,	0xe9,	0xea,	0xeb,	0xec,	0xed,	0xee,	0xef, \
 	0xf0,	0xf1,	0xf2,	0xf3,	0xf4,	0xf5,	0xf6,	0xf7, \
-	0xf8,	0xf9,	0xfa,	0xfb,	0xfc,	0xfd,	0xfe,	0xff, \
-}
+	0xf8,	0xf9,	0xfa,	0xfb,	0xfc,	0xfd,	0xfe,	0xff,
 
 _RuneLocale _DefaultRuneLocale = {
 	_RUNE_MAGIC_1,
 	"NONE",
-	_DEFRUNETYPE,
-	_DEFMAPLOWER,
-	_DEFMAPUPPER,
+	{ _DEFRUNETYPE },
+	{ _DEFMAPLOWER },
+	{ _DEFMAPUPPER },
 };
 
 /*
  * __ctype_mask, __trans_lower, and __trans_upper come from former _ctype.c and
  * have to stay pointers for binary compatibility, so we provide separate
- * storage for them, initialized to "C" locale contents by default.
+ * storage for them, initialized to "C" locale contents by default.  Note that
+ * legacy code may dereference __ctype_mask[-1] when checking against EOF,
+ * relying on that value to be 0.  To allow this, ___ctype_mask is expanded by
+ * one value and prepended with a leading 0, with __ctype_mask being set to
+ * point to ___ctype_mask[1].  (__trans_lower and __trans_upper do not suffer
+ * from this as EOF access was prevented in legacy code by a check against
+ * isascii(), which always returned 0 for EOF.)
  */
-static unsigned int ___ctype_mask[_CACHED_RUNES] = _DEFRUNETYPE;
-unsigned int *__ctype_mask = ___ctype_mask;
+static unsigned int ___ctype_mask[_CACHED_RUNES + 1] = { 0, _DEFRUNETYPE };
+unsigned int *__ctype_mask = &___ctype_mask[1];
 
-static int ___trans_lower[_CACHED_RUNES] = _DEFMAPLOWER;
+static int ___trans_lower[_CACHED_RUNES] = { _DEFMAPLOWER };
 int *__trans_lower = ___trans_lower;
 
-static int ___trans_upper[_CACHED_RUNES] = _DEFMAPUPPER;
+static int ___trans_upper[_CACHED_RUNES] = { _DEFMAPUPPER };
 int *__trans_upper = ___trans_upper;
diff --git a/usr/src/lib/libsaveargs/Makefile.com b/usr/src/lib/libsaveargs/Makefile.com
index 94d80c1d5b..883afb66c9 100644
--- a/usr/src/lib/libsaveargs/Makefile.com
+++ b/usr/src/lib/libsaveargs/Makefile.com
@@ -22,7 +22,7 @@
 # Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-# Copyright (c) 2018, Joyent, Inc.
+# Copyright (c) 2019, Joyent, Inc.
 
 #
 # The build process for libsaveargs is sightly different from that used by other
@@ -95,9 +95,6 @@ CFLAGS += $(CFLAGS_$(CURTYPE)) $(CFLAGS_common)
 CFLAGS64_standalone = $(STAND_FLAGS_64)
 CFLAGS64 += $(CCVERBOSE) $(CFLAGS64_$(CURTYPE)) $(CFLAGS64_common)
 
-# not linted
-SMATCH=off
-
 DYNFLAGS +=     $(ZINTERPOSE)
 
 .KEEP_STATE:
diff --git a/usr/src/lib/libsaveargs/amd64/saveargs.c b/usr/src/lib/libsaveargs/amd64/saveargs.c
index f07ef354c1..6d3ed769f2 100644
--- a/usr/src/lib/libsaveargs/amd64/saveargs.c
+++ b/usr/src/lib/libsaveargs/amd64/saveargs.c
@@ -23,6 +23,9 @@
  * Use is subject to license terms.
  */
 
+/*
+ * Copyright 2019 Joyent, Inc.
+ */
 
 /*
  * The Sun Studio and GCC (patched for opensolaris/illumos) compilers
@@ -217,7 +220,7 @@ instr_size(dis_handle_t *dhp, uint8_t *ins, unsigned int i, size_t size)
 static boolean_t
 has_saved_fp(dis_handle_t *dhp, uint8_t *ins, int size)
 {
-	int 		i, j;
+	int		i, j;
 	uint32_t	n;
 	boolean_t	found_push = B_FALSE;
 	ssize_t		sz = 0;
@@ -231,7 +234,7 @@ has_saved_fp(dis_handle_t *dhp, uint8_t *ins, int size)
 				continue;
 
 			n = INSTR1(ins, i);
-			for (j = 0; j <= NUM_FP_PUSHES; j++)
+			for (j = 0; j < NUM_FP_PUSHES; j++)
 				if (save_fp_pushes[j] == n) {
 					found_push = B_TRUE;
 					break;
@@ -240,7 +243,7 @@ has_saved_fp(dis_handle_t *dhp, uint8_t *ins, int size)
 			if (sz != 3)
 				continue;
 			n = INSTR3(ins, i);
-			for (j = 0; j <= NUM_FP_MOVS; j++)
+			for (j = 0; j < NUM_FP_MOVS; j++)
 				if (save_fp_movs[j] == n)
 					return (B_TRUE);
 		}
diff --git a/usr/src/uts/Makefile.uts b/usr/src/uts/Makefile.uts
index 8f341807e1..73f9e80f99 100644
--- a/usr/src/uts/Makefile.uts
+++ b/usr/src/uts/Makefile.uts
@@ -247,6 +247,7 @@ CFLAGS_uts		+= $(CTF_FLAGS_$(CLASS))
 CFLAGS_uts		+= $(CERRWARN)
 CFLAGS_uts		+= $(CCNOAUTOINLINE)
 CFLAGS_uts		+= $(CCNOREORDER)
+CFLAGS_uts		+= $(CCNOAGGRESSIVELOOPS)
 CFLAGS_uts		+= $(CGLOBALSTATIC)
 CFLAGS_uts		+= $(EXTRA_CFLAGS)
 CFLAGS_uts		+= $(CSOURCEDEBUGFLAGS)