Fix: use BUG_ON instead of accessing array subscript above array bounds

Building lttng-modules lttng-filter-interpreter.c on a 4.6-rc kernel
triggers the following gcc warning:

In file included from /home/compudj/git/lttng-modules/lttng-filter-interpreter.c:25:0:
/home/compudj/git/lttng-modules/lttng-filter-interpreter.c: In function ‘lttng_filter_interpret_bytecode’:
/home/compudj/git/lttng-modules/lttng-filter.h:144:14: warning: array subscript is above array bounds [-Warray-bounds]
   &(stack)->e[top];    \
              ^
/home/compudj/git/lttng-modules/lttng-filter-interpreter.c:714:4: note: in expansion of macro ‘estack_ax’
    estack_ax(stack, top)->u.s.str = insn->data;
    ^
/home/compudj/git/lttng-modules/lttng-filter.h:144:14: warning: array subscript is above array bounds [-Warray-bounds]
   &(stack)->e[top];    \
              ^
/home/compudj/git/lttng-modules/lttng-filter-interpreter.c:715:4: note: in expansion of macro ‘estack_ax’
    estack_ax(stack, top)->u.s.seq_len = UINT_MAX;

This is because the bound checking is performed in a prior validation
phase (which the compiler does not know about), and we only
WARN_ON_ONCE() if the interpreter sees values that don't fit in array
range.

Use BUG_ON() in the interpreter instead, which ensures we never, ever
reach the out-of-bound condition from a compiler perspective.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>

diff --git a/lttng-filter.h b/lttng-filter.h
index 0798354786fb6e61ef61c7a6e0d3896d559d68c3..c3f06c4bcbed1524fea98afb83256b2686f30cc8 100644 (file)
--- a/lttng-filter.h
+++ b/lttng-filter.h
@@ -139,19 +139,19 @@ struct estack {
 
 #define estack_ax(stack, top)                                  \
        ({                                                      \
-               WARN_ON_ONCE((top) <= FILTER_STACK_EMPTY);      \
+               BUG_ON((top) <= FILTER_STACK_EMPTY);            \
                &(stack)->e[top];                               \
        })
 
 #define estack_bx(stack, top)                                  \
        ({                                                      \
-               WARN_ON_ONCE((top) <= FILTER_STACK_EMPTY + 1);  \
+               BUG_ON((top) <= FILTER_STACK_EMPTY + 1);        \
                &(stack)->e[(top) - 1];                         \
        })
 
 #define estack_push(stack, top, ax, bx)                                \
        do {                                                    \
-               WARN_ON_ONCE((top) >= FILTER_STACK_LEN - 1);    \
+               BUG_ON((top) >= FILTER_STACK_LEN - 1);          \
                (stack)->e[(top) - 1].u.v = (bx);               \
                (bx) = (ax);                                    \
                ++(top);                                        \
@@ -159,7 +159,7 @@ struct estack {
 
 #define estack_pop(stack, top, ax, bx)                         \
        do {                                                    \
-               WARN_ON_ONCE((top) <= FILTER_STACK_EMPTY);      \
+               BUG_ON((top) <= FILTER_STACK_EMPTY);            \
                (ax) = (bx);                                    \
                (bx) = (stack)->e[(top) - 2].u.v;               \
                (top)--;                                        \