Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 30 Apr 2020 21:49:23 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: bug: integer overflow in memmem()

On Thu, Apr 30, 2020 at 04:31:11PM -0400, Jeffrey Walton wrote:
> On Thu, Apr 30, 2020 at 2:30 PM Alfred Agrell <alfred@...ell.info> wrote:
> >
> > To reproduce: Compile src/string/memmem.c with -fsanitize=undefined, then
> >
> > int main()
> > {
> >   char a[4] = { -1,-1,-1,-1 };
> >   memmem(a, 4, a, 3);
> >   memmem(a, 4, a, 4);
> > }
> >
> > Expected result: No output
> >
> > Actual (Ubuntu 18.04 x86_64, gcc 7.5.0, ):
> >
> > memmem.c:15:20: runtime error: left shift of 255 by 24 places cannot be
> > represented in type 'int'
> > memmem.c:16:20: runtime error: left shift of 255 by 24 places cannot be
> > represented in type 'int'
> > memmem.c:24:20: runtime error: left shift of 255 by 24 places cannot be
> > represented in type 'int'
> > memmem.c:25:20: runtime error: left shift of 255 by 24 places cannot be
> > represented in type 'int'
> >...
> >
> > I'm not aware of any compiler on any platform where it'll actually
> > break, so your choice whether this is a real bug. I didn't check if
> > similar issues exist elsewhere across musl.
> 
> Try Intel ICC. It is ruthless and removes undefined behavior every
> chance it gets. It can usually break a program with UB that GCC, Clang
> and MSVC compile OK.

Indeed, ICC can even break programs that don't have UB. :-)

Cheap shots at ICC aside, I don't think it will break this because,
assuming no LTO (and thus external calls as compiler barriers), it
would have to generate suboptimal code with explicit overflow check of
some sort to do the wrong thing here. But in any case it's desirable
to be able to build with UBSan or similar tooling that actively
catches UB, so I'm fixing it.

For the record, I found where Szabolcs Nagy reported this in 2018, and
I think others reported it as well. I really should have fixed this a
long time ago.

Rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.