|
From: | Bruno Haible |
Subject: | Re: [bug-libunistring] Unistring 0.9.10 and Undefined Behavior sanitizer findings |
Date: | Sat, 09 Mar 2019 00:36:06 +0100 |
User-agent: | KMail/5.1.3 (Linux/4.4.0-141-generic; KDE/5.18.0; x86_64; ; ) |
Hi, Jeffrey Walton wrote in <https://lists.gnu.org/archive/html/bug-libunistring/2019-03/msg00002.html>: > I used CFLAGS="-DNDEBUG -g2 -O1 -fsanitize=undefined". I built the > library, then ran a 'make test V=1'. The output presented to the user > looks OK. However, it looks like UBsan found some undefined behavior: > > libunistring-0.9.10$ grep -IR 'runtime error' > tests/test-u8-width-linebreaks.log:unilbrk/u8-possible-linebreaks.c:49:3: > runtime error: null pointer passed as argument 1, which is declared to > never be null > tests/test-u32-to-u8.log:unistr/u8-cmp.c:38:10: runtime error: null > pointer passed as argument 2, which is declared to never be null > tests/test-numeric.log:unictype/numeric.c:52:54: runtime error: left > shift of 34927 by 16 places cannot be represented in type 'int' > tests/test-nfkc.log:unistr/u8-cmp.c:38:10: runtime error: null pointer > passed as argument 2, which is declared to never be null > tests/test-u8-tolower.log:unistr/u8-cmp.c:38:10: runtime error: null > pointer passed as argument 2, which is declared to never be null > tests/test-u16-to-u8.log:unistr/u8-cmp.c:38:10: runtime error: null > pointer passed as argument 2, which is declared to never be null > tests/test-nfkd.log:unistr/u8-cmp.c:38:10: runtime error: null pointer > passed as argument 2, which is declared to never be null > tests/test-u8-casefold.log:unistr/u8-cmp.c:38:10: runtime error: null > pointer passed as argument 2, which is declared to never be null > tests/unicase/test-ulc-casecmp2.sh.log:uniconv/u8-conv-from-enc.c:89:7: > runtime error: null pointer passed as argument 2, which is declared to > never be null > tests/unicase/test-ulc-casecoll2.sh.log:uniconv/u8-conv-from-enc.c:89:7: > runtime error: null pointer passed as argument 2, which is declared to > never be null > tests/test-nfc.log:unistr/u8-cmp.c:38:10: runtime error: null pointer > passed as argument 2, which is declared to never be null > tests/test-u8-totitle.log:unistr/u8-cmp.c:38:10: runtime error: null > pointer passed as argument 2, which is declared to never be null > tests/test-nfd.log:unistr/u8-cmp.c:38:10: runtime error: null pointer > passed as argument 2, which is declared to never be null > tests/test-u16-possible-linebreaks.log:unilbrk/u16-possible-linebreaks.c:49:3: > runtime error: null pointer passed as argument 1, which is declared to > never be null > tests/test-u16-width-linebreaks.log:unilbrk/u16-possible-linebreaks.c:49:3: > runtime error: null pointer passed as argument 1, which is declared to > never be null > tests/test-u8-toupper.log:unistr/u8-cmp.c:38:10: runtime error: null > pointer passed as argument 2, which is declared to never be null > tests/test-u8-possible-linebreaks.log:unilbrk/u8-possible-linebreaks.c:49:3: > runtime error: null pointer passed as argument 1, which is declared to > never be null Thanks for these reports. Indeed, use of CC="gcc -fsanitize=undefined" produces error messages in the 'make check' logs. 1) unictype/numeric.c:52:54: runtime error: left shift of 34927 by 16 places cannot be represented in type 'int' The code was implicitly casting an 'unsigned short' to 'int' and doing a shift of the result. It is better to case from 'unsigned short' to 'unsigned int' explicitly. 2) unistr/u8-cmp.c:38:10: runtime error: null pointer passed as argument 2, which is declared to never be null memcmp(NULL, NULL, 0) is invalid in ISO C and POSIX. ISO C11 7.24.1.(2) states: "Where an argument declared as size_t n specifies the length of the array for a function, n can have the value zero on a call to that function. Unless explicitly stated otherwise in the description of a particular function in this subclause, pointer arguments on such a call shall still have valid values, as described in 7.1.4." References: https://lists.gnu.org/archive/html/bug-gnulib/2009-05/msg00156.html https://stackoverflow.com/questions/16362925/can-i-pass-a-null-pointer-to-memcmp 3) uniconv/u8-conv-from-enc.c:89:7: runtime error: null pointer passed as argument 2, which is declared to never be null memcpy(dest, NULL, 0) is invalid in ISO C and POSIX, similarly. 4) unilbrk/u8-possible-linebreaks.c:49:3: runtime error: null pointer passed as argument 1, which is declared to never be null memset(NULL, c, 0) is invalid in ISO C and POSIX, similarly. I'm pushing the attached patches.
0001-unictype-numeric-Fix-undefined-behaviour.patch
Description: Text Data
0002-unistr-u8-cmp-Fix-undefined-behaviour.patch
Description: Text Data
0003-unistr-uniconv-Fix-undefined-behaviour.patch
Description: Text Data
0004-unilbrk-u-possible-linebreaks-Fix-undefined-behaviou.patch
Description: Text Data
[Prev in Thread] | Current Thread | [Next in Thread] |