Date: Fri, 7 Jan 2022 13:31:10 +0100 From: Stefan Esser <se@FreeBSD.org> To: Mark Millard <marklmi@yahoo.com> Cc: freebsd-current <freebsd-current@freebsd.org> Subject: Re: FYI: An example type of UBSAN failure during kyua test -k /usr/tests/Kyuafile Message-ID: <1fb8db3d-3d12-68ab-95d6-5f6e01af49f3@FreeBSD.org> In-Reply-To: <CE7EFE82-DDE5-43A5-B02D-1C5F39F20AE2@yahoo.com> References: <CE7EFE82-DDE5-43A5-B02D-1C5F39F20AE2.ref@yahoo.com> <CE7EFE82-DDE5-43A5-B02D-1C5F39F20AE2@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------0cW6aOMgqYKHje8P4UgSNdhf
Content-Type: multipart/mixed; boundary="------------dQNcQ4XtuFBT0tqIbytPK76Y";
protected-headers="v1"
From: Stefan Esser <se@FreeBSD.org>
To: Mark Millard <marklmi@yahoo.com>
Cc: freebsd-current <freebsd-current@freebsd.org>
Message-ID: <1fb8db3d-3d12-68ab-95d6-5f6e01af49f3@FreeBSD.org>
Subject: Re: FYI: An example type of UBSAN failure during kyua test -k
/usr/tests/Kyuafile
References: <CE7EFE82-DDE5-43A5-B02D-1C5F39F20AE2.ref@yahoo.com>
<CE7EFE82-DDE5-43A5-B02D-1C5F39F20AE2@yahoo.com>
In-Reply-To: <CE7EFE82-DDE5-43A5-B02D-1C5F39F20AE2@yahoo.com>
--------------dQNcQ4XtuFBT0tqIbytPK76Y
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Am 07.01.22 um 12:49 schrieb Mark Millard:
> Having done a buildworld with both WITH_ASAN=3D and WITH_UBSAN=3D
> after finding what to control to allow the build, I installed
> it in a directory tree for chroot use and have
> "kyua test -k /usr/tests/Kyuafile" running.
>=20
> I see evidence of various examples of one type of undefined
> behavior: "applying zero offset to null pointer"
>=20
> # more /usr/obj/DESTDIRs/main-amd64-xSAN-chroot/tmp/kyua.FKD2vh/356/std=
err.txt=20
> /usr/main-src/lib/libc/stdio/fread.c:133:10: runtime error: applying ze=
ro offset to null pointer
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/main-src/l=
ib/libc/stdio/fread.c:133:10 in=20
> /usr/main-src/lib/libc/stdio/fread.c:133:10: runtime error: applying ze=
ro offset to null pointer
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/main-src/l=
ib/libc/stdio/fread.c:133:10 in=20
> /usr/main-src/usr.bin/sed/process.c:715:18: runtime error: applying zer=
o offset to null pointer
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/main-src/u=
sr.bin/sed/process.c:715:18 in=20
> /usr/main-src/lib/libc/stdio/fread.c:133:10: runtime error: applying ze=
ro offset to null pointer
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/main-src/l=
ib/libc/stdio/fread.c:133:10 in=20
> Fail: stderr not empty
> --- /dev/null 2022-01-07 10:29:57.182903000 +0000
> +++ /tmp/kyua.FKD2vh/356/work/check.Mk9llD/stderr 2022-01-07 10:2=
9:57.173100000 +0000
> @@ -0,0 +1,2 @@
> +/usr/main-src/lib/libc/stdio/fread.c:133:10: runtime error: applying z=
ero offset to null pointer
> +SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/main-src/=
lib/libc/stdio/fread.c:133:10 in=20
> Files left in work directory after failure: mntpt, mounterr
>=20
>=20
> In general the lib/libc/stdio/fread.c:133:10 example seems to
> be in a place that would make it fairly common.
Interesting find:
while (resid > (r =3D fp->_r)) {
(void)memcpy((void *)p, (void *)fp->_p, (size_t)r);
fp->_p +=3D r; /* line 133 */
/* fp->_r =3D 0 ... done in __srefill */
p +=3D r;
resid -=3D r;
If fp->_p =3D=3D NULL in line 133, then NULL has been passed as source ad=
dress
in memcpy() in the line above, and I'd think that is undefined behavior,
even if a length of 0 is passed at the same time.
Maybe the code block quoted above (line 132 to 136) should be made wrappe=
d
into "if (r > 0) {}"?
Regards, STefan
--------------dQNcQ4XtuFBT0tqIbytPK76Y--
--------------0cW6aOMgqYKHje8P4UgSNdhf
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEo3HqZZwL7MgrcVMTR+u171r99UQFAmHYMo4FAwAAAAAACgkQR+u171r99UT0
HggAzNkq06QUTGT8lFrNwDiRmF2XCdeZyCfoii4u2ai6MHXZjy3dfcln/bAzCuziLWsCYUQbw26h
6fQ2x1IGePcCWR5v4+dk/DQh1wT5XAX5NrbMRjgMfMSvetNkOKPY4/hX72jecBv1+t5dC5bxgxMx
fcb34PC5MVQJRXME8HiUmzWzRCZYTA9gPkTjx42cqquZhFhZ3tiCaTbpeN5Efi36EbSYnGyJmg+j
28p3cKn3T7ynMyfGfRkcDm6yK+L6RLJs4VLNJzDtuRZdl+AdcAM0OyIB0QhCwCaoA23CsuZc05Zn
RZMZ+ctp70AElReRyIkavZnXTb8E09OecqxG0KUJuA==
=7Hb0
-----END PGP SIGNATURE-----
--------------0cW6aOMgqYKHje8P4UgSNdhf--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1fb8db3d-3d12-68ab-95d6-5f6e01af49f3>