From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1450502-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 9EF2F158021
	for <garchives@archives.gentoo.org>; Thu, 27 Oct 2022 23:37:50 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 9E0C7E0867;
	Thu, 27 Oct 2022 23:37:49 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 88028E0867
	for <gentoo-commits@lists.gentoo.org>; Thu, 27 Oct 2022 23:37:49 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 468FD340F5D
	for <gentoo-commits@lists.gentoo.org>; Thu, 27 Oct 2022 23:37:48 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 9C60562E
	for <gentoo-commits@lists.gentoo.org>; Thu, 27 Oct 2022 23:37:46 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1666913863.de8d2c8de7d456a15f83551bfc3fcf6ff1fffaf1.sam@gentoo>
Subject: [gentoo-commits] proj/portage:master commit in: bin/install-qa-check.d/
X-VCS-Repository: proj/portage
X-VCS-Files: bin/install-qa-check.d/90gcc-warnings
X-VCS-Directories: bin/install-qa-check.d/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: de8d2c8de7d456a15f83551bfc3fcf6ff1fffaf1
X-VCS-Branch: master
Date: Thu, 27 Oct 2022 23:37:46 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 15bc9e97-4ba2-4fef-a7bf-5df3c6d41d3f
X-Archives-Hash: fb82e0e828e5a55ea442986a626682b6

commit:     de8d2c8de7d456a15f83551bfc3fcf6ff1fffaf1
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 27 23:37:43 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Oct 27 23:37:43 2022 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=de8d2c8d

install-qa-check.d/90gcc-warnings: add -Wmismatched-dealloc

These could easily lead to UAFs / out of bound access if the
malloc used is oversized (e.g. using my_free() on something
allocated by malloc(), with my_free() assuming existence
of some extra data from my_malloc()).

Signed-off-by: Sam James <sam <AT> gentoo.org>

 bin/install-qa-check.d/90gcc-warnings | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/bin/install-qa-check.d/90gcc-warnings b/bin/install-qa-check.d/90gcc-warnings
index 256e6918b..3a57c0a3b 100644
--- a/bin/install-qa-check.d/90gcc-warnings
+++ b/bin/install-qa-check.d/90gcc-warnings
@@ -66,6 +66,9 @@ gcc_warn_check() {
 			'warning: .*\[-Waggressive-loop-optimizations\]'
 			# conversion between pointers that have incompatible types
 			'warning: .*\[-Wincompatible-pointer-types\]'
+			# using wrong deallocator, e.g. using free() on object allocated using my_malloc()
+			# when my_malloc() is annotated as needing my_free().
+			'warning: .*\[-Wmismatched-dealloc\]'
 			# clobbered: Warn for variables that might be changed by longjmp or vfork
 			# (This warning is also enabled by -Wextra.)
 			'warning: .*\[-Wclobbered\]'