[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: UBSAN error in lib/sh/random.c:79
From: |
Chet Ramey |
Subject: |
Re: UBSAN error in lib/sh/random.c:79 |
Date: |
Tue, 10 Jan 2023 09:42:05 -0500 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 |
On 1/6/23 8:37 PM, Sam James wrote:
Hi folks,
I'm currently testing common Linux userland with UndefinedBehaviorSanitizer
(UBSAN, -fsanitize=undefined).
With Bash 5.2_p15, I get the following with this script:
```
$ cat /tmp/guess_suffix
guess_suffix() {
tmpdir="${TMPDIR}"/.ecompress$$.${RANDOM}
}
guess_suffix
```
It seems easier to trigger if I run it as an external script rather than as a
function in an interactive
shell.
```
$ export UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1"
$ bash -x /tmp/guess_suffix
+ guess_suffix
random.c:79:21: runtime error: signed integer overflow: 31789 * 127773 cannot
be represented in type 'int'
You must be extremely unlucky. I ran a script that generated 15 million
random numbers and got three integer overflows. The easiest fix is to use
the other variant algorithm in the paper and change the line in question to
l = ret % 127773;
That is equivalent mathemetically and won't overflow (the overflow isn't
actually damaging, though).
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/
Re: UBSAN error in lib/sh/random.c:79,
Chet Ramey <=