Date: Tue, 11 Jan 2022 14:19:09 +0100 From: Stefan Esser <se@FreeBSD.org> To: bugs@openbsd.org Cc: freebsd-current <freebsd-current@freebsd.org>, Mark Millard <marklmi@yahoo.com>, Baptiste Daroussin <bapt@FreeBSD.org> Subject: Re: UBSAN report for main [so: 14] /usr/bin/whatis: non-zero (48) and zero offsets from null pointer in qsort.c Message-ID: <35333abc-9d4a-4b78-586d-1e869df4f9d4@FreeBSD.org> In-Reply-To: <A4577E70-AB32-450F-A3F6-A2B42B09A1B3@yahoo.com> References: <A4577E70-AB32-450F-A3F6-A2B42B09A1B3.ref@yahoo.com> <A4577E70-AB32-450F-A3F6-A2B42B09A1B3@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------q5tWnARR1ND0Yep0N8BIbkod
Content-Type: multipart/mixed; boundary="------------SqilZx8IPkjIo3mGiQtryTRf";
protected-headers="v1"
From: Stefan Esser <se@FreeBSD.org>
To: bugs@openbsd.org
Cc: freebsd-current <freebsd-current@freebsd.org>,
Mark Millard <marklmi@yahoo.com>, Baptiste Daroussin <bapt@FreeBSD.org>
Message-ID: <35333abc-9d4a-4b78-586d-1e869df4f9d4@FreeBSD.org>
Subject: Re: UBSAN report for main [so: 14] /usr/bin/whatis: non-zero (48) and
zero offsets from null pointer in qsort.c
References: <A4577E70-AB32-450F-A3F6-A2B42B09A1B3.ref@yahoo.com>
<A4577E70-AB32-450F-A3F6-A2B42B09A1B3@yahoo.com>
In-Reply-To: <A4577E70-AB32-450F-A3F6-A2B42B09A1B3@yahoo.com>
--------------SqilZx8IPkjIo3mGiQtryTRf
Content-Type: multipart/mixed; boundary="------------nLmWBUliSu8bWbhmESyLmdLR"
--------------nLmWBUliSu8bWbhmESyLmdLR
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Am 11.01.22 um 08:40 schrieb Mark Millard:
> # whatis dog
> /usr/main-src/lib/libc/stdlib/qsort.c:114:23: runtime error: applying n=
on-zero offset 48 to null pointer
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/main-src/l=
ib/libc/stdlib/qsort.c:114:23 in=20
> /usr/main-src/lib/libc/stdlib/qsort.c:114:44: runtime error: applying z=
ero offset to null pointer
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/main-src/l=
ib/libc/stdlib/qsort.c:114:44 in=20
> whatis: nothing appropriate
>=20
> This seems to be only for the not-found case.
>=20
> =3D=3D=3D
> Mark Millard
> marklmi at yahoo.com
The undefined behavior is caused by insufficient checking of parameters
in mansearch.c.
As part of the initializations performed at the start of mansearch(),
the variables cur and *res are initialized to 0 resp. NULL:
cur =3D maxres =3D 0;=09
if (res !=3D NULL)
*res =3D NULL;
If no match is found, these values are unchanged at line 223, where res
is checked to be non-NULL, but then *res is passed to qsort() and that
is still NULL.
Suggested fix (also attached to avoid white-space issues):
--- usr.bin/mandoc/mansearch.c
+++ usr.bin/mandoc/mansearch.c
@@ -220,7 +220,7 @@
if (cur && search->firstmatch)
break;
}
- if (res !=3D NULL)
+ if (res !=3D NULL && *res !=3D NULL)
qsort(*res, cur, sizeof(struct manpage), manpage_compare);
if (chdir_status && getcwd_status && chdir(buf) =3D=3D -1)
warn("%s", buf);
(File name as in OpenBSD, it is contrib/mandoc/mansearch.c in FreeBSD.)
Regards, STefan
--------------nLmWBUliSu8bWbhmESyLmdLR
Content-Type: text/plain; charset=UTF-8; name="mansearch.diff"
Content-Disposition: attachment; filename="mansearch.diff"
Content-Transfer-Encoding: base64
LS0tIHVzci5iaW4vbWFuZG9jL21hbnNlYXJjaC5jCisrKyB1c3IuYmluL21hbmRvYy9tYW5z
ZWFyY2guYwpAQCAtMjIwLDcgKzIyMCw3IEBACiAJCWlmIChjdXIgJiYgc2VhcmNoLT5maXJz
dG1hdGNoKQogCQkJYnJlYWs7CiAJfQotCWlmIChyZXMgIT0gTlVMTCkKKwlpZiAocmVzICE9
IE5VTEwgJiYgKnJlcyAhPSBOVUxMKQogCQlxc29ydCgqcmVzLCBjdXIsIHNpemVvZihzdHJ1
Y3QgbWFucGFnZSksIG1hbnBhZ2VfY29tcGFyZSk7CiAJaWYgKGNoZGlyX3N0YXR1cyAmJiBn
ZXRjd2Rfc3RhdHVzICYmIGNoZGlyKGJ1ZikgPT0gLTEpCiAJCXdhcm4oIiVzIiwgYnVmKTsK
--------------nLmWBUliSu8bWbhmESyLmdLR--
--------------SqilZx8IPkjIo3mGiQtryTRf--
--------------q5tWnARR1ND0Yep0N8BIbkod
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEo3HqZZwL7MgrcVMTR+u171r99UQFAmHdg84FAwAAAAAACgkQR+u171r99UTm
zwgAnGjlKp/YzckwmfBXchCt4K4uYbF9hOi12ldT7sQyGHdkjSNpLTkBF7j6Zl3S9Ar4x/nYkIhx
petgux+7qOsp+oHfu7WrIIcuy8rF9+8iaF4LTTnC4pHOk7QY8limuf12z66+7mcj2WdqNbJh0inG
4l65wCvHvFLc2nsz772PRE+/dibKN78LnydR8JgRwt/+BAzOw67la6jckw0AQfmuCbjLsJgSSVVy
ntTmLVT4f4aB0hVCX6Yqhioypes+PH2nlE93imob5OR9HL3fBSosINtxhZ7xFGzi2ywwxnvbxkE7
XnurIR4GOZ2pN8torsF97NJeMZoatEJMTrdQwOcd1Q==
=iGen
-----END PGP SIGNATURE-----
--------------q5tWnARR1ND0Yep0N8BIbkod--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35333abc-9d4a-4b78-586d-1e869df4f9d4>