From nobody Fri Jan 7 12:31:10 2022 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7C342192F70E for ; Fri, 7 Jan 2022 12:31:13 +0000 (UTC) (envelope-from se@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JVjJ1227vz4TBh; Fri, 7 Jan 2022 12:31:13 +0000 (UTC) (envelope-from se@FreeBSD.org) Received: from [IPV6:2003:cd:5f26:900:4c29:536a:ab75:1583] (p200300cd5f2609004c29536aab751583.dip0.t-ipconnect.de [IPv6:2003:cd:5f26:900:4c29:536a:ab75:1583]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: se/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 9E27C2520F; Fri, 7 Jan 2022 12:31:12 +0000 (UTC) (envelope-from se@FreeBSD.org) Message-ID: <1fb8db3d-3d12-68ab-95d6-5f6e01af49f3@FreeBSD.org> Date: Fri, 7 Jan 2022 13:31:10 +0100 List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.4.1 Subject: Re: FYI: An example type of UBSAN failure during kyua test -k /usr/tests/Kyuafile Content-Language: en-US To: Mark Millard References: From: Stefan Esser Cc: freebsd-current In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------0cW6aOMgqYKHje8P4UgSNdhf" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1641558673; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=sgN28PGgwuAMvtuX/iF9RxtBzqKORg87nu4qGCirdZU=; b=Qhhz6jnV/0vc/sFc+Dp+UNVIdhX+ZBXiaW8QEFG1UpO2IJFcCLtaJv4fbQVDYH4U4LwUN9 pWVLJB0Z4xVwnUE7vBUnzMDG/u88HY7L2r6rty0FjH1fexZ5u6ptQ7m3RJV1mpG2Dph4pq b/6tW6ei2OuPXwLyIy/dJBg6d9d1NZya9dLDkZ8peM4AeVRkkT8pkWDZ1ilH8SwoE8tIGM RDTn8LgNqwD2rTQmHiYQ6myVqLIQJsCDbRR60xv/8bhHMeNTn6Apg2JMxYeCD1E3jDbllx YfRO+Dqjp+tJ9KMuE+zd2AV5bsmYonAOQgwQNNJkhW8tfGoYlArVvvZJtQCmqQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1641558673; a=rsa-sha256; cv=none; b=kXHli2EENeXMjHGwaMyMqEYsOVre2WBguiQ+bZWYFEG8mvfs16Ng78K3bDuF9oX24lLcMm g1bkTXd8zSoU/rQpnypyxA0h14hlKm6+KBe+ZyNFWZZIo1jUEld7BnspNBVhmecBraaqIV JKBAOxBJZDPmNrcFriN/Xt2Z1jvgYlJMBqAtb7/WcX9hNNwWEfi3VgKx16SDT+Pp5+wrC2 hUlHlxe1qx12r78sq53+81UtiJ0eEkGMChCOb3lzumxRhqTaxXHOZBMmAsUVXmL4rD5cJA afBsyi5YN/2/+eeXgd2PUAsRxKIl2iDPZZahTg3yPP61r2v8+d+OcuIhySEUJw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------0cW6aOMgqYKHje8P4UgSNdhf Content-Type: multipart/mixed; boundary="------------dQNcQ4XtuFBT0tqIbytPK76Y"; protected-headers="v1" From: Stefan Esser To: Mark Millard Cc: freebsd-current Message-ID: <1fb8db3d-3d12-68ab-95d6-5f6e01af49f3@FreeBSD.org> Subject: Re: FYI: An example type of UBSAN failure during kyua test -k /usr/tests/Kyuafile References: In-Reply-To: --------------dQNcQ4XtuFBT0tqIbytPK76Y Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Am 07.01.22 um 12:49 schrieb Mark Millard: > Having done a buildworld with both WITH_ASAN=3D and WITH_UBSAN=3D > after finding what to control to allow the build, I installed > it in a directory tree for chroot use and have > "kyua test -k /usr/tests/Kyuafile" running. >=20 > I see evidence of various examples of one type of undefined > behavior: "applying zero offset to null pointer" >=20 > # more /usr/obj/DESTDIRs/main-amd64-xSAN-chroot/tmp/kyua.FKD2vh/356/std= err.txt=20 > /usr/main-src/lib/libc/stdio/fread.c:133:10: runtime error: applying ze= ro offset to null pointer > SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/main-src/l= ib/libc/stdio/fread.c:133:10 in=20 > /usr/main-src/lib/libc/stdio/fread.c:133:10: runtime error: applying ze= ro offset to null pointer > SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/main-src/l= ib/libc/stdio/fread.c:133:10 in=20 > /usr/main-src/usr.bin/sed/process.c:715:18: runtime error: applying zer= o offset to null pointer > SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/main-src/u= sr.bin/sed/process.c:715:18 in=20 > /usr/main-src/lib/libc/stdio/fread.c:133:10: runtime error: applying ze= ro offset to null pointer > SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/main-src/l= ib/libc/stdio/fread.c:133:10 in=20 > Fail: stderr not empty > --- /dev/null 2022-01-07 10:29:57.182903000 +0000 > +++ /tmp/kyua.FKD2vh/356/work/check.Mk9llD/stderr 2022-01-07 10:2= 9:57.173100000 +0000 > @@ -0,0 +1,2 @@ > +/usr/main-src/lib/libc/stdio/fread.c:133:10: runtime error: applying z= ero offset to null pointer > +SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/main-src/= lib/libc/stdio/fread.c:133:10 in=20 > Files left in work directory after failure: mntpt, mounterr >=20 >=20 > In general the lib/libc/stdio/fread.c:133:10 example seems to > be in a place that would make it fairly common. Interesting find: while (resid > (r =3D fp->_r)) { (void)memcpy((void *)p, (void *)fp->_p, (size_t)r); fp->_p +=3D r; /* line 133 */ /* fp->_r =3D 0 ... done in __srefill */ p +=3D r; resid -=3D r; If fp->_p =3D=3D NULL in line 133, then NULL has been passed as source ad= dress in memcpy() in the line above, and I'd think that is undefined behavior, even if a length of 0 is passed at the same time. Maybe the code block quoted above (line 132 to 136) should be made wrappe= d into "if (r > 0) {}"? Regards, STefan --------------dQNcQ4XtuFBT0tqIbytPK76Y-- --------------0cW6aOMgqYKHje8P4UgSNdhf Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEo3HqZZwL7MgrcVMTR+u171r99UQFAmHYMo4FAwAAAAAACgkQR+u171r99UT0 HggAzNkq06QUTGT8lFrNwDiRmF2XCdeZyCfoii4u2ai6MHXZjy3dfcln/bAzCuziLWsCYUQbw26h 6fQ2x1IGePcCWR5v4+dk/DQh1wT5XAX5NrbMRjgMfMSvetNkOKPY4/hX72jecBv1+t5dC5bxgxMx fcb34PC5MVQJRXME8HiUmzWzRCZYTA9gPkTjx42cqquZhFhZ3tiCaTbpeN5Efi36EbSYnGyJmg+j 28p3cKn3T7ynMyfGfRkcDm6yK+L6RLJs4VLNJzDtuRZdl+AdcAM0OyIB0QhCwCaoA23CsuZc05Zn RZMZ+ctp70AElReRyIkavZnXTb8E09OecqxG0KUJuA== =7Hb0 -----END PGP SIGNATURE----- --------------0cW6aOMgqYKHje8P4UgSNdhf--