Re: [bug-libunistring] Unistring 0.9.10 and Undefined Behavior sanitizer

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-libunistring] Unistring 0.9.10 and Undefined Behavior sanitizer

From:	Bruno Haible
Subject:	Re: [bug-libunistring] Unistring 0.9.10 and Undefined Behavior sanitizer findings
Date:	Sat, 09 Mar 2019 00:36:06 +0100
User-agent:	KMail/5.1.3 (Linux/4.4.0-141-generic; KDE/5.18.0; x86_64; ; )

Hi,

Jeffrey Walton wrote in
<https://lists.gnu.org/archive/html/bug-libunistring/2019-03/msg00002.html>:
> I used CFLAGS="-DNDEBUG -g2 -O1 -fsanitize=undefined". I built the
> library, then ran a 'make test V=1'. The output presented to the user
> looks OK. However, it looks like UBsan found some undefined behavior:
> 
> libunistring-0.9.10$ grep -IR 'runtime error'
> tests/test-u8-width-linebreaks.log:unilbrk/u8-possible-linebreaks.c:49:3:
> runtime error: null pointer passed as argument 1, which is declared to
> never be null
> tests/test-u32-to-u8.log:unistr/u8-cmp.c:38:10: runtime error: null
> pointer passed as argument 2, which is declared to never be null
> tests/test-numeric.log:unictype/numeric.c:52:54: runtime error: left
> shift of 34927 by 16 places cannot be represented in type 'int'
> tests/test-nfkc.log:unistr/u8-cmp.c:38:10: runtime error: null pointer
> passed as argument 2, which is declared to never be null
> tests/test-u8-tolower.log:unistr/u8-cmp.c:38:10: runtime error: null
> pointer passed as argument 2, which is declared to never be null
> tests/test-u16-to-u8.log:unistr/u8-cmp.c:38:10: runtime error: null
> pointer passed as argument 2, which is declared to never be null
> tests/test-nfkd.log:unistr/u8-cmp.c:38:10: runtime error: null pointer
> passed as argument 2, which is declared to never be null
> tests/test-u8-casefold.log:unistr/u8-cmp.c:38:10: runtime error: null
> pointer passed as argument 2, which is declared to never be null
> tests/unicase/test-ulc-casecmp2.sh.log:uniconv/u8-conv-from-enc.c:89:7:
> runtime error: null pointer passed as argument 2, which is declared to
> never be null
> tests/unicase/test-ulc-casecoll2.sh.log:uniconv/u8-conv-from-enc.c:89:7:
> runtime error: null pointer passed as argument 2, which is declared to
> never be null
> tests/test-nfc.log:unistr/u8-cmp.c:38:10: runtime error: null pointer
> passed as argument 2, which is declared to never be null
> tests/test-u8-totitle.log:unistr/u8-cmp.c:38:10: runtime error: null
> pointer passed as argument 2, which is declared to never be null
> tests/test-nfd.log:unistr/u8-cmp.c:38:10: runtime error: null pointer
> passed as argument 2, which is declared to never be null
> tests/test-u16-possible-linebreaks.log:unilbrk/u16-possible-linebreaks.c:49:3:
> runtime error: null pointer passed as argument 1, which is declared to
> never be null
> tests/test-u16-width-linebreaks.log:unilbrk/u16-possible-linebreaks.c:49:3:
> runtime error: null pointer passed as argument 1, which is declared to
> never be null
> tests/test-u8-toupper.log:unistr/u8-cmp.c:38:10: runtime error: null
> pointer passed as argument 2, which is declared to never be null
> tests/test-u8-possible-linebreaks.log:unilbrk/u8-possible-linebreaks.c:49:3:
> runtime error: null pointer passed as argument 1, which is declared to
> never be null

Thanks for these reports. Indeed, use of CC="gcc -fsanitize=undefined"
produces error messages in the 'make check' logs.

1) unictype/numeric.c:52:54: runtime error: left shift of 34927 by 16 places 
cannot be represented in type 'int'

The code was implicitly casting an 'unsigned short' to 'int' and doing a
shift of the result. It is better to case from 'unsigned short' to
'unsigned int' explicitly.

2) unistr/u8-cmp.c:38:10: runtime error: null pointer passed as argument 2, 
which is declared to never be null

memcmp(NULL, NULL, 0) is invalid in ISO C and POSIX. ISO C11 7.24.1.(2)
states: "Where an argument declared as size_t n specifies the length of
the array for a function, n can have the value zero on a call to that function.
Unless explicitly stated otherwise in the description of a particular function
in this subclause, pointer arguments on such a call shall still have valid
values, as described in 7.1.4."

References:
https://lists.gnu.org/archive/html/bug-gnulib/2009-05/msg00156.html
https://stackoverflow.com/questions/16362925/can-i-pass-a-null-pointer-to-memcmp

3) uniconv/u8-conv-from-enc.c:89:7: runtime error: null pointer passed as 
argument 2, which is declared to never be null

memcpy(dest, NULL, 0) is invalid in ISO C and POSIX, similarly.

4) unilbrk/u8-possible-linebreaks.c:49:3: runtime error: null pointer passed as 
argument 1, which is declared to never be null

memset(NULL, c, 0) is invalid in ISO C and POSIX, similarly.

I'm pushing the attached patches.

0001-unictype-numeric-Fix-undefined-behaviour.patch
Description: Text Data

0002-unistr-u8-cmp-Fix-undefined-behaviour.patch
Description: Text Data

0003-unistr-uniconv-Fix-undefined-behaviour.patch
Description: Text Data

0004-unilbrk-u-possible-linebreaks-Fix-undefined-behaviou.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [bug-libunistring] Unistring 0.9.10 and Undefined Behavior sanitizer findings, Bruno Haible <=
- Re: [bug-libunistring] Unistring 0.9.10 and Undefined Behavior sanitizer findings, Jeffrey Walton, 2019/03/08
  - Re: [bug-libunistring] Unistring 0.9.10 and Undefined Behavior sanitizer findings, Jim Meyering, 2019/03/09

Prev by Date: [PATCH] git-version-gen: fix --version copyright year
Next by Date: Re: [bug-libunistring] Unistring 0.9.10 and Undefined Behavior sanitizer findings
Previous by thread: [PATCH] git-version-gen: fix --version copyright year
Next by thread: Re: [bug-libunistring] Unistring 0.9.10 and Undefined Behavior sanitizer findings
Index(es):
- Date
- Thread