mailing list of musl libc
 help / color / mirror / code / Atom feed
From: Rich Felker <dalias@libc.org>
To: Mike Cui <cuicui@gmail.com>
Cc: musl@lists.openwall.com
Subject: Re: [musl] Potential bug in __res_msend_rc() wrt to union initialization.
Date: Mon, 18 Mar 2024 17:34:42 -0400	[thread overview]
Message-ID: <20240318213441.GH4163@brightrain.aerifal.cx> (raw)
In-Reply-To: <CAMbjb11yqF2fzp4bR3k4_=jp_bc7cNP15vJecEvNBGHgeXL5nw@mail.gmail.com>

On Mon, Mar 18, 2024 at 12:56:41PM -0700, Mike Cui wrote:
> I recently upgraded to clang-18, and after compiling musl with it, I
> noticed that all my getaddrinfo() calls are failing. I tracked this to be
> an issue in __res_msend_rc(), where the 'sin6' member of union 'sa' is
> initialized to garbage, rather than 0. Then later bind() fails
> with EADDRNOTAVAIL.
> 
> I reported this bug on clang discourse:
> https://discourse.llvm.org/t/union-initialization-and-aliasing-clang-18-seems-to-miscompile-musl/77724,
> and the discussion seems to suggest that there is potentially a bug in musl
> as well. TL;DR:
> 
> - According to strict interpretation of the C standard, initializing a
> union with '{0}', only initializes the first member of the union to 0 (in
> this case, sin4), and "default" initializes the rest. This interpretation
> is still up for debate. The proper way to initialize the entire union is '{
> }' not '{ 0 }'.

No, { } is a constraint violation. It may be valid in C++ or C23, but
it's not in C99, which is the source language for musl. { 0 } has
always been the universal zero-initializer for C.

Moreover, the C language has no such thing as a "partially initialized
object". I guess it's possible for an implementor to interpret
zero-initialization of a union to produce something other than zero
bits in the storage that is not part of the first union member, but
it's rather hostile.

> - There is currently a bug in clang-18 that treats '{ }' to be the same as
> '{ 0 }'. The proposed fix is to just zero out the entire union for both "{
> 0 }" and "{ }". However we cannot rely on "{ 0 }" to always zero out the
> entire union in the future.
> 
> musl should be fixed to use "{ }" for initialization. And to work around
> the current buggy release of clang-18, perhaps flip the order to make sin6
> the first member of the struct? I've attached a patch that works for me.
> There may be other instances of the same bug in the musl code base.

If the clang interpretation is going to be this, we can just reorder
the union members so that the largest one is first. This should avoid
dependency on how the compiler decided to interpret the universal zero
initializer for unions.

Rich

  reply	other threads:[~2024-03-18 21:34 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-18 19:56 Mike Cui
2024-03-18 21:34 ` Rich Felker [this message]
2024-03-18 22:22   ` NRK
2024-03-18 22:39     ` [musl] Potential bug in __res_msend_rc() wrt to union initialisation Thorsten Glaser
2024-03-19  0:01     ` [musl] Potential bug in __res_msend_rc() wrt to union initialization Mike Cui
2024-03-19 13:18       ` Rich Felker
2024-03-19 15:04         ` Mike Cui
2024-03-19 15:42           ` Rich Felker
2024-03-19 15:55             ` Mike Cui
2024-03-19 16:08               ` Rich Felker
2024-03-19 16:39                 ` Jₑₙₛ Gustedt
2024-03-19 20:47                   ` Thorsten Glaser
2024-03-21 10:58                     ` Jₑₙₛ Gustedt
2024-03-21 16:41                       ` Thorsten Glaser
2024-03-19 21:04                   ` NRK
2024-03-19 21:36                     ` Rich Felker
2024-03-20 17:11                       ` NRK

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240318213441.GH4163@brightrain.aerifal.cx \
    --to=dalias@libc.org \
    --cc=cuicui@gmail.com \
    --cc=musl@lists.openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).