From nobody Wed Jan 12 09:54:19 2022 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id BAA50195AFD6 for ; Wed, 12 Jan 2022 09:54:33 +0000 (UTC) (envelope-from marklmi@yahoo.com) Received: from sonic314-21.consmr.mail.gq1.yahoo.com (sonic314-21.consmr.mail.gq1.yahoo.com [98.137.69.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4JYjZw1vXjz4pFY for ; Wed, 12 Jan 2022 09:54:32 +0000 (UTC) (envelope-from marklmi@yahoo.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1641981265; bh=tlTpg4vDaUagqu8PE1ROjZGPrbauWy9COXfDWVw8f6U=; h=From:Subject:Date:To:References:From:Subject:Reply-To; b=HYOvUUHw8panw5M1xEvsILslwmSLzCxvMeBf4uRlzrwxYxtvP8Fht3ylSrxmzwdN9Yn2yt75fa9xriFQqlWSmdN9iw7lFMHNMIqVlGKnMZakz7gRhBQnfhS7UnFddOoRq+/nST9ZQreV/dbYxdKf9I3R4QZ2GCQ0Cjei7llJrXk/mIPwK5vw9gHucsWNs7FLTcu9QjkrSh/LNTsnyUDM0UBqKCvzDcJE4mCywxD67QLl6xSgUnQQZ7Mmv+T2UKIF9Yy0Ywh7RBqBy2aMNAL8gn6qdeYx2hDmz1WEKoAxAOfOWJqI6WsDZl2rtou5F0t+mJcIhVqnKo5TgmqrYeg/fA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1641981265; bh=znCjRjN6ef02+E3H8HSdMl2ips+Jp+qcGf+ubzv5T45=; h=X-Sonic-MF:From:Subject:Date:To:From:Subject; b=NkCwYxag6O1ppFd1Z12DF4OXsHj/fmhxzlx8oPDA/KqujWCPrl5u+eqDkkuv5HOe6A7rH0yWDy+S2ViYtI4x6t8KLUUD8i9S88yLNWH9+33GrwJY/T9EYxqBXMN6BTozu3n78zNbh1++I/XcUMKZcNhrDx5GhHA1ti9ze7NwZRrNaGO8q3XtsJgdwp5I1zTKEnGmVN5YgJIKs5MZh8yNjTi0cqzOAxdtw+N0f6sGST0cFoDha6Mt0lmXQ2H+Y251/tMSqQWVyBkguMJAJ+vVv0cpmQGBuxm6CEkGbyWGZnP0WDvgcUQxgB9q4xZwrrt4wW1GHhn8OQ6uV+VmDXN66w== X-YMail-OSG: ACXp_PYVM1l_4oKWLM3XhkoQ1UDUpvNQ3H_IoIe8mwLOVBMLiD2uXj8_VdMEtxX FSI7_yzobS2fzxSseLY_N3a05M_d0q4YFWgpDFyj4ny5sSP.FyIVbUksxlrpaJdOPihnopUtYU98 RaAbK5UtijY4tx_gwOq9Cs.b8kVlYewkMMcU3qrhpS8zjSZMZJtXSFWtjUnz0M4R1zY6vuKTibli juV6sqvE.3Y7rHrGgwFjV2fuOAIsEOn8gkLy8Ad_EX4qicaZnbLSAR468egCIBbiqzcculLQU8fC WHWPMBYR1Tly3Jt9zUR2mkjJ7EnDZJ3H_TdoMwVEzlw9AtfbIXifB8GiJKuhbUzyhdr7WqQx5m89 VKCW6I0XJGWzNCi5VpDyVSvJf47OEbNHyLTx.5p6LJpphg71nYKjNVhRLPEjKX.PjsBrNOoZnuf. bSUwZwMB6vML_DGaWF1k75RnH2.5FBGSc7624mNkDAzK4B2Z4EnR7U0YBv89EXkuMHKJ7PZCzcu4 6RRFZ8TsCfKht1MdmX40jvpyAMDkqJrCIF9aja7H4xG25PxqEWC1hMGsjHHf9XfpGDL4dSfbuw0o a0.VQahOy0Fy5pbaov57LW4QHHhsxFmaF1.bCXEsJa3kGDH9hDQKVqQBBQYyCd2eCfIJqjs1qigR WaAWlZExbYslMfKjeTVaj_6MvCbDXwgUMbsvpB0LaTp6pAwn2keYBpxI02bB4Rpau6ShtEdwgY_G 9Y_GUvHhlu7oaskAhzC6Ro6oYpG6yRoKpOPlUgOpiqPsYWhkytvlw_y0qLqAZhF2RzKZREWO8blK 7EfjQWVPMsTVGNq3vhq79I_0B_LvaPBtwPkBeW3gGg7Ab8XyLCOL4MCBpZU3KBgjy2nDw5n2.3rq ix6BhjJiBXpB9XP1tW5Ngc2z_fCG7Y7PKz9SPWSJsdbTrCpS9SHjftBhrcSF7I2y6jz1oE9IRYi1 dW95LjHPO.f6IpPB.A4jdB3ZvMCsWDiVfbq0.0egUrgy5eHmdaUyCvySQw_to56oUgD38S1Aqxit PjjwEakZkRVXgBObS4DdzpGLBCgf.Y88u0MVaL9RcdzfhFdEdKzU2cmmN1gLbjeryv61TAHdSdBW gSWqm6nY9STVZF45VQFRy8a907Akmfrq0KvEOQfnF7q14_LeqplrI92vRrJtML.tMFuL2BFmbg5h dIQx0.Ws4zxDncoa_QPCgK8ftHXpcSDfDA8n2lol25jKjLQfRDvb17YVM5kAx6kkhyjEUu2jffRw qgnHQiXW.X6TE6uDQcFD1v3Fgl4PShoTRnltr2AjK3j.RwDADqZI50vPEiuJiPznYd85gGKsfpJk yRPcECm82_pjBacoNqbWN_oFEq0YcUOOB_AFP3GCs4fntduDiJ23jmJsR3vQArCEkUyFTQJwUm47 1nDpSPNqexvd7KObsHfLZFOYFWGZsVLEnwRFmHXBaE_G5RjMbXr226kOACEvnjGax2pdCI1YFKWz y7bTs4S4jLmD7vBo8b9mpQN3cHYlcW0uwsPYDS7k9oTBVXThlT4.zaUlufsp0nwUV203NpaQoBlg E8KiB4J3r8qKkwYBtk34ErZOasG.3IHZ7_QE77C90fdrirojWIye6YB8u0BH4kYAmFyC.0OdlEWG USB2qevVakXMQR8smr8d7Gg_9rUyzrZYsHwHCQw87aQUjzP5W4cedMBHR.HT9opgdRqzx_2QPS3E hWpy9KSh13ZfyY.Mfstn52SmLBoqrcc8k_NqSthFRk3Gax.RpbZXoSGnZY1RqelLb2rkRmv7v9gi lqVNC7GWfilPMRw43XnmILm4KTBMF1vBW9Lo2BZH8lTQmC9FE9wrDSqKgFaQwzF3qRuQN.NyG049 f9nNzLScZ6YoC2YZj2iBsr_MS5SPx6KX9hKso7X1BZ6k50zrkR7Lsse.F8UyE.rbrJbOhHjsseyd sveF1y2HMTXq.01y.g8luAaIO978ABVfp1a4oe5NZ0eBpCWqyEjVkS_YTBxfzTV88lBhDKoBBWga LcvXB8jxSoQgIVsMf2RlKuZMUjDyyQz2eYoE8IMLV6VXR1aVMYa1DYUpHfLO1gxDYrTTsZ.t1bIV FivDa6ODiN2UeolHi7oA9EElC5HGmjXxcnc7n5OJJ16vLkPmjf6WrTjMgf.9zHe4TkGHHu_Cm4zw GJveRWgYSsE5PjgMlJNxRCsr6kw7zoc2BLyFRLDJ39ZoUEXJxWq9g_IJxnwIMCKLQQYkoTAUKu5f lhHjFN_HnyrYX4UgqfMNuGAC6 X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic314.consmr.mail.gq1.yahoo.com with HTTP; Wed, 12 Jan 2022 09:54:25 +0000 Received: by kubenode541.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID f87a5c91c0a5c4c862253e642bba6b67; Wed, 12 Jan 2022 09:54:21 +0000 (UTC) From: Mark Millard Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\)) Subject: kyua run under WITH_ASAN= built world reports a global-buffer-overflow during cpio test. Message-Id: <313A3FD8-1E8C-46C2-A400-E0A647F09464@yahoo.com> Date: Wed, 12 Jan 2022 01:54:19 -0800 To: freebsd-current X-Mailer: Apple Mail (2.3654.120.0.1.13) References: <313A3FD8-1E8C-46C2-A400-E0A647F09464.ref@yahoo.com> X-Rspamd-Queue-Id: 4JYjZw1vXjz4pFY X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yahoo.com header.s=s2048 header.b=HYOvUUHw; dmarc=pass (policy=reject) header.from=yahoo.com; spf=pass (mx1.freebsd.org: domain of marklmi@yahoo.com designates 98.137.69.84 as permitted sender) smtp.mailfrom=marklmi@yahoo.com X-Spamd-Result: default: False [-3.18 / 15.00]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[yahoo.com:s=s2048]; NEURAL_HAM_MEDIUM(-0.84)[-0.844]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[yahoo.com:dkim]; FREEMAIL_FROM(0.00)[yahoo.com]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.84)[-0.841]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[yahoo.com:+]; DMARC_POLICY_ALLOW(-0.50)[yahoo.com,reject]; RCVD_IN_DNSWL_NONE(0.00)[98.137.69.84:from]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_SPF_ALLOW(-0.20)[+ptr:yahoo.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[yahoo.com]; ASN(0.00)[asn:36647, ipnet:98.137.64.0/20, country:US]; RCVD_COUNT_TWO(0.00)[2]; MID_RHS_MATCH_FROM(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[98.137.69.84:from] X-ThisMailContainsUnwantedMimeParts: N For the below it appears that the report from UBSAN is accurate. =3D=3D85511=3D=3DERROR: AddressSanitizer: global-buffer-overflow on = address 0x0000010753ca at pc 0x000001139bda bp 0x7fffffffc2b0 sp = 0x7fffffffc2a8 READ of size 1 at 0x0000010753ca thread T0 #0 0x1139bd9 in hexdump = /usr/main-src/contrib/libarchive/test_utils/test_main.c:875:35 #1 0x113b73c in assertion_text_file_contents = /usr/main-src/contrib/libarchive/test_utils/test_main.c:1182:3 #2 0x1125d46 in basic_cpio = /usr/main-src/contrib/libarchive/cpio/test/test_basic.c:84:2 #3 0x11259dc in test_basic = /usr/main-src/contrib/libarchive/cpio/test/test_basic.c:229:2 #4 0x1144943 in test_run = /usr/main-src/contrib/libarchive/test_utils/test_main.c:3561:2 #5 0x1144943 in main = /usr/main-src/contrib/libarchive/test_utils/test_main.c:4062:9 0x0000010753ca is located 54 bytes to the left of global variable = '' defined in = '/usr/main-src/contrib/libarchive/cpio/test/test_basic.c:229:13' = (0x1075400) of size 5 '' is ascii string 'copy' 0x0000010753ca is located 22 bytes to the left of global variable = '' defined in = '/usr/main-src/contrib/libarchive/cpio/test/test_basic.c:228:38' = (0x10753e0) of size 9 '' is ascii string '1 block ' 0x0000010753ca is located 0 bytes to the right of global variable = '' defined in = '/usr/main-src/contrib/libarchive/cpio/test/test_basic.c:220:18' = (0x10753c0) of size 10 '' is ascii string '2 blocks ' SUMMARY: AddressSanitizer: global-buffer-overflow = /usr/main-src/contrib/libarchive/test_utils/test_main.c:875:35 in = hexdump Shadow bytes around the buggy address: 0x40000020ea20: f9 f9 f9 f9 02 f9 f9 f9 00 01 f9 f9 00 02 f9 f9 0x40000020ea30: 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 00 f9 f9 f9 0x40000020ea40: 00 01 f9 f9 00 00 00 00 00 00 01 f9 f9 f9 f9 f9 0x40000020ea50: 06 f9 f9 f9 07 f9 f9 f9 00 00 00 00 00 07 f9 f9 0x40000020ea60: f9 f9 f9 f9 04 f9 f9 f9 05 f9 f9 f9 00 00 00 00 =3D>0x40000020ea70: 00 05 f9 f9 f9 f9 f9 f9 00[02]f9 f9 00 01 f9 f9 0x40000020ea80: 05 f9 f9 f9 01 f9 f9 f9 00 01 f9 f9 00 05 f9 f9 0x40000020ea90: 00 02 f9 f9 00 f9 f9 f9 00 02 f9 f9 07 f9 f9 f9 0x40000020eaa0: 00 01 f9 f9 07 f9 f9 f9 00 02 f9 f9 00 02 f9 f9 0x40000020eab0: 00 03 f9 f9 00 01 f9 f9 00 04 f9 f9 00 00 00 00 0x40000020eac0: 00 00 00 03 f9 f9 f9 f9 00 00 00 f9 f9 f9 f9 f9 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07=20 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb =3D=3D85511=3D=3DABORTING Well, contrib/libarchive/cpio/test/test_basic.c:84 is doing: assertTextFileContents(se, "pack.err"); which involves, in turn: int assertion_text_file_contents(const char *filename, int line, const char = *buff, const char *fn) { . . . s =3D (int)strlen(buff); contents =3D malloc(s * 2 + 128); n =3D (int)fread(contents, 1, s * 2 + 128 - 1, f); . . . if (n > 0) { hexdump(contents, buff, n, 0); . . . Nothing about the code seems to constrain n to fit the size of the space for "pack.err" (9 bytes of "global" space). The report is for the ref[i + j] in the code: static void hexdump(const char *p, const char *ref, size_t l, size_t offset) { . . . for (j =3D 0; j < 16 && i + j < l; j++) { if (ref !=3D NULL && p[i + j] !=3D ref[i + j]) . . . where ref points to the space for "pack.err" and l was given a copy of the value of n in the previously shown code. The i + j < l constraint need not avoid the code doing ref[i + j] in a way that reaches outside the space for "pack.err" --because of the supplied value of n (a.k.a. l) not being sufficient to respect the space for "pack.err". =3D=3D=3D Mark Millard marklmi at yahoo.com