Date: Tue, 11 Jan 2022 12:08:23 -0800 From: Mark Millard <marklmi@yahoo.com> To: Stefan Esser <se@freebsd.org> Cc: bugs@openbsd.org, freebsd-current <freebsd-current@freebsd.org>, Baptiste Daroussin <bapt@FreeBSD.org> Subject: Re: UBSAN report for main [so: 14] /usr/bin/whatis: non-zero (48) and zero offsets from null pointer in qsort.c Message-ID: <BEFB4665-F32B-4AA0-BE4A-5ABB8B973012@yahoo.com> In-Reply-To: <35333abc-9d4a-4b78-586d-1e869df4f9d4@FreeBSD.org> References: <A4577E70-AB32-450F-A3F6-A2B42B09A1B3.ref@yahoo.com> <A4577E70-AB32-450F-A3F6-A2B42B09A1B3@yahoo.com> <35333abc-9d4a-4b78-586d-1e869df4f9d4@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2022-Jan-11, at 05:19, Stefan Esser <se@freebsd.org> wrote:
> Am 11.01.22 um 08:40 schrieb Mark Millard:
>> # whatis dog
>> /usr/main-src/lib/libc/stdlib/qsort.c:114:23: runtime error: applying =
non-zero offset 48 to null pointer
>> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior =
/usr/main-src/lib/libc/stdlib/qsort.c:114:23 in=20
>> /usr/main-src/lib/libc/stdlib/qsort.c:114:44: runtime error: applying =
zero offset to null pointer
>> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior =
/usr/main-src/lib/libc/stdlib/qsort.c:114:44 in=20
>> whatis: nothing appropriate
>>=20
>> This seems to be only for the not-found case.
>>=20
>> =3D=3D=3D
>> Mark Millard
>> marklmi at yahoo.com
>=20
> The undefined behavior is caused by insufficient checking of =
parameters
> in mansearch.c.
>=20
> As part of the initializations performed at the start of mansearch(),
> the variables cur and *res are initialized to 0 resp. NULL:
>=20
> cur =3D maxres =3D 0;=09
> if (res !=3D NULL)
> *res =3D NULL;
>=20
> If no match is found, these values are unchanged at line 223, where =
res
> is checked to be non-NULL, but then *res is passed to qsort() and that
> is still NULL.
>=20
> Suggested fix (also attached to avoid white-space issues):
>=20
> --- usr.bin/mandoc/mansearch.c
> +++ usr.bin/mandoc/mansearch.c
> @@ -220,7 +220,7 @@
> if (cur && search->firstmatch)
> break;
> }
> - if (res !=3D NULL)
> + if (res !=3D NULL && *res !=3D NULL)
> qsort(*res, cur, sizeof(struct manpage), =
manpage_compare);
> if (chdir_status && getcwd_status && chdir(buf) =3D=3D -1)
> warn("%s", buf);
>=20
> (File name as in OpenBSD, it is contrib/mandoc/mansearch.c in =
FreeBSD.)
Cool. Thanks.
(But I'm not a committer so someone else
will have to deal with doing an update to
the file in git --and likely MFC'ing it.)
=3D=3D=3D
Mark Millard
marklmi at yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BEFB4665-F32B-4AA0-BE4A-5ABB8B973012>