Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 30 Apr 2020 21:49:23 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: bug: integer overflow in memmem()

On Thu, Apr 30, 2020 at 04:31:11PM -0400, Jeffrey Walton wrote:
> On Thu, Apr 30, 2020 at 2:30 PM Alfred Agrell <alfred@...ell.info> wrote:
> >
> > To reproduce: Compile src/string/memmem.c with -fsanitize=undefined, then
> >
> > int main()
> > {
> >   char a[4] = { -1,-1,-1,-1 };
> >   memmem(a, 4, a, 3);
> >   memmem(a, 4, a, 4);
> > }
> >
> > Expected result: No output
> >
> > Actual (Ubuntu 18.04 x86_64, gcc 7.5.0, ):
> >
> > memmem.c:15:20: runtime error: left shift of 255 by 24 places cannot be
> > represented in type 'int'
> > memmem.c:16:20: runtime error: left shift of 255 by 24 places cannot be
> > represented in type 'int'
> > memmem.c:24:20: runtime error: left shift of 255 by 24 places cannot be
> > represented in type 'int'
> > memmem.c:25:20: runtime error: left shift of 255 by 24 places cannot be
> > represented in type 'int'
> >...
> >
> > I'm not aware of any compiler on any platform where it'll actually
> > break, so your choice whether this is a real bug. I didn't check if
> > similar issues exist elsewhere across musl.
> 
> Try Intel ICC. It is ruthless and removes undefined behavior every
> chance it gets. It can usually break a program with UB that GCC, Clang
> and MSVC compile OK.

Indeed, ICC can even break programs that don't have UB. :-)

Cheap shots at ICC aside, I don't think it will break this because,
assuming no LTO (and thus external calls as compiler barriers), it
would have to generate suboptimal code with explicit overflow check of
some sort to do the wrong thing here. But in any case it's desirable
to be able to build with UBSan or similar tooling that actively
catches UB, so I'm fixing it.

For the record, I found where Szabolcs Nagy reported this in 2018, and
I think others reported it as well. I really should have fixed this a
long time ago.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.