I’m trying to build iwlwifi module manually and for my needs.

https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes.git/tree/net/wireless/

When I run Makefile as make, I get:

subcmd-util.h: In function ‘xrealloc’:
subcmd-util.h:58:31: error: pointer ‘ptr’ may be used after ‘realloc’ [-Werror=use-after-free]
   58 |                         ret = realloc(ptr, 1);
      |                               ^~~~~~~~~~~~~~~
subcmd-util.h:52:21: note: call to ‘realloc’ here
   52 |         void *ret = realloc(ptr, size);
      |                     ^~~~~~~~~~~~~~~~~~
subcmd-util.h:56:23: error: pointer ‘ptr’ may be used after ‘realloc’ [-Werror=use-after-free]
   56 |                 ret = realloc(ptr, size);
      |                       ^~~~~~~~~~~~~~~~~~
subcmd-util.h:52:21: note: call to ‘realloc’ here
   52 |         void *ret = realloc(ptr, size);
      |                     ^~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[4]: *** [/data/iwlwifi-fixes/tools/build/Makefile.build:97: /data/iwlwifi-fixes/tools/objtool/help.o] Error 1
make[3]: *** [Makefile:59: /data/iwlwifi-fixes/tools/objtool/libsubcmd-in.o] Error 2
make[2]: *** [Makefile:63: /data/iwlwifi-fixes/tools/objtool/libsubcmd.a] Error 2
make[1]: *** [Makefile:69: objtool] Error 2
make: *** [Makefile:1349: tools/objtool] Error 2

Why is it? How to fix it?

  • @cbarrick
    link
    English
    3
    edit-2
    1 year ago

    Why is it?

    The code hitting that error is here:

    https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes.git/tree/tools/lib/subcmd/subcmd-util.h

    It looks fine to me.

    What you are seeing is a warning that your compiler may have found a use-after-free bug, but I think this is a false positive. Your build is configured to turn this warning into a hard error.

    How to fix it?

    I think it will be difficult to know how to fix this without knowing more about your build setup. Are you passing any custom CFLAGS? What compiler and version are you using?

    Also, here is someone asking about the same issue (in the same code) on Stack Exchange using GGC 12.1:

    https://unix.stackexchange.com/questions/709671/linux-kernel-5-15-54-compilation-errors-with-gcc-12-1

    This was the top result when Googling linux "-Werror=use-after-free".

    I believe you can disable this warning in this file by adding a pragma after the includes (line 8):

    #pragma GCC diagnostic ignored "-Wuse-after-free"
    

    See https://stackoverflow.com/questions/925179/selectively-remove-a-warning-message-using-gcc

    Edit: If you don’t want to change the code, try disabling the use-after-free warning from the make call:

    make CFLAGS="-Wno-use-after-free"
    
    • @nothingnessOP
      link
      1
      edit-2
      1 year ago
      1. make CFLAGS=“-Wno-use-after-free” —> didn’t work, same errors

      2. there’s no “use-after-free” flag in any Makefile of the repo, no string “use-after-free” either, only the comments

      3. (line 8): #pragma GCC diagnostic ignored “-Wuse-after-free” —> line 8 of what file? Makefile?

      Any idea?

      • @cbarrick
        link
        English
        1
        edit-2
        1 year ago
        1. Bummer that the CFLAGS trick didn’t work.

        2. use-after-free is a default warning. The makefile has -Werror to turn warnings into errors.

        3. The C file that I linked to (subcmd-util.h)

    • @[email protected]
      link
      fedilink
      English
      1
      edit-2
      1 year ago

      No objections to your answer to the OP’s question, but as a curiosity, I’m trying to figure out what the original xrealloc() function is trying to do.

      So far as I can tell, it tries a normal realloc() with the requested size, but if that fails, tries again with size=1. But strangely, it that fails, tries using the requested size a second time. And if that still fails, tries once more with size=1.

      The POSIX man page isn’t giving me any hints as to why size=1 might be special, or if this is some sort of Linux-specific behavior or workaround. I wondered if you might have some insight why this function is the way it is.

      Note: I’m on mobile, so haven’t checked the Git Blame history yet.

      • @cbarrick
        link
        English
        1
        edit-2
        1 year ago

        So realloc(ptr, 1) only happens when !ret && !size i.e. the call failed and size == 0.

        Presumably this is to support a size of zero even when the underlying realloc does not.

        The code is duplicated to try the realloc twice before failing.

        I’m not sure what the use case of zero size is though.

        • @[email protected]
          link
          fedilink
          English
          11 year ago

          Thanks for the explanation! I figured there was something odd, in combination with me reading the code too quickly.

    • @nothingnessOP
      link
      01 year ago

      I think it will be difficult to know how to fix this without knowing more about your build setup. Are you passing any custom CFLAGS? What compiler and version are you using?

      No.

      gcc --version
      gcc (GCC) 13.2.1 20230801
      

      The goal - simply compile it for now.

      • @cbarrick
        link
        English
        11 year ago

        If you don’t want to change the code, try disabling the use-after-free warning from the make call:

        make CFLAGS="-Wno-use-after-free"