Is GCC mishandling a pointer to a va_list passed to a function?

by

This is a known problem. On some architectures (in particular x86-64), va_list needs to be more complex than a simple pointer to the stack, for example because some arguments might be passed in registers or out-of-band in some other way (see this answer for the definition of va_list on x86-64).

On such architectures, it is common to make va_list an array type so that parameters of type va_list will be adjusted to pointer types, and instead of the whole structure, only a single pointer needs to be passed.

This should not violate the C standard, which only says that va_list must be a complete object type and even explicitly accounts for the fact that passing a va_list argument might not actually clone the necessary state: va_list objects have indeterminate value if they are passed as arguments and consumed in the called function.

But even if making va_list an array type is legal, it still leads to the problems you experienced: As parameters of type va_list have the ‘wrong’ type, eg struct __va_list_tag * instead of struct __va_list_tag [1], it will blow up in cases where the difference between arrays and pointers matter.

The real problem is not the type mismatch gcc warns about, but the by-pointer instead of by-value argument passing semantics: &args in test_val() points to the intermediate pointer variable instead of the va_list object; ignoring the warning means that you’ll invoke va_arg() in test_ptr() on the pointer variable, which should return garbage (or segfault if you’re lucky) and corrupt the stack.

One workaround is to wrap your va_list in a structure and pass that around instead. Another solution I’ve seen in the wild, even here on SO, is to use va_copy to create a local copy of the argument and then pass a pointer to that:

static void test_val(const char *fmt, va_list args)
{
    va_list args_copy;
    va_copy(args_copy, args);
    test_ptr(fmt, &args_copy);
    va_end(args_copy); 
}

This should work in practice, but technically it might or might not be undefined behaviour, depending on your interpretation of the standard:

If va_copy() is implemented as a macro, no parameter adjustments are performed, and it might matter that args is not of type va_list. However, as it is unspecified whether va_copy() is a macro or a function, one might argue that it at least could be a function and parameter adjustments are implicitly assumed in the prototype given for the macro. It might be a good idea to ask the officials for clarification or even file a defect report.

You could also use your build system to deal with the issue by defining a configuration flag like HAVE_VA_LIST_AS_ARRAY so you can do the right thing for your particular architecture:

#ifdef HAVE_VA_LIST_AS_ARRAY
#define MAKE_POINTER_FROM_VA_LIST_ARG(arg) ((va_list *)(arg))
#else
#define MAKE_POINTER_FROM_VA_LIST_ARG(arg) (&(arg))
#endif

static void test_val(const char *fmt, va_list args)
{
    test_ptr(fmt, MAKE_POINTER_FROM_VA_LIST_ARG(args));
}

More Related Contents:

  1. Passing variable number of arguments around
  2. An example of use of varargs in C
  3. call printf using va_list
  4. What is the purpose of the h and hh modifiers for printf?
  5. Does printf(“%x”,1) invoke undefined behavior?
  6. What is the format of the x86_64 va_list structure?
  7. How are variable arguments implemented in gcc?
  8. How to count the number of arguments passed to a function that accepts a variable number of arguments?
  9. Function with unknown number of parameters in C
  10. Passing an ellipsis to another variadic function [duplicate]
  11. Unspecified number of parameters in C functions – void foo()
  12. Variadic function (va_arg) doesn’t work with float?
  13. break statement doesn’t work in a loop [closed]
  14. How to convert from seconds to nanoseconds in a timeval struct?
  15. How can I correctly assign a new string value?
  16. Declaring a C function to return an array
  17. What common algorithms are used for C’s rand()?
  18. What does the C standard say about bitshifting more bits than the width of type?
  19. Passing struct to function
  20. Using pipe to pass integer values between parent and child
  21. argument of type const char* is incompatible with parameter of type “LPCWSTR”
  22. Why changing value of SO_RCVBUF doesn’t work?
  23. What does -fwrapv do?
  24. How to remove all occurrences of a given character from string in C?
  25. What primitive data type is time_t? [duplicate]
  26. 3 plus symbols between two variables (like a+++b) in C [duplicate]
  27. declaring variables without any data type in c
  28. Casting void pointers
  29. In C how do I print filename of file that is redirected as input in shell
  30. Detecting mismatched array enum initializers

Leave a Comment