From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/6095 Path: news.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: New static analysis results Date: Fri, 5 Sep 2014 14:02:52 -0400 Message-ID: <20140905180252.GO23797@brightrain.aerifal.cx> References: <20140904171357.GB23797@brightrain.aerifal.cx> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1409940192 10571 80.91.229.3 (5 Sep 2014 18:03:12 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 5 Sep 2014 18:03:12 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-6108-gllmg-musl=m.gmane.org@lists.openwall.com Fri Sep 05 20:03:05 2014 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1XPxqj-00007D-Hb for gllmg-musl@plane.gmane.org; Fri, 05 Sep 2014 20:03:05 +0200 Original-Received: (qmail 16197 invoked by uid 550); 5 Sep 2014 18:03:04 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 16189 invoked from network); 5 Sep 2014 18:03:04 -0000 Content-Disposition: inline In-Reply-To: <20140904171357.GB23797@brightrain.aerifal.cx> User-Agent: Mutt/1.5.21 (2010-09-15) Original-Sender: Rich Felker Xref: news.gmane.org gmane.linux.lib.musl.general:6095 Archived-At: On Thu, Sep 04, 2014 at 01:13:58PM -0400, Rich Felker wrote: > On Thu, Sep 04, 2014 at 08:45:45PM +0400, Alexander Monakov wrote: > > Hello, > > > > I'm happy to report a few new results from running static code analysis on > > musl (from a tool developed where I work). > > > > ctime.c:5 > > localtime(t) may return NULL, but that will cause UB in asctime > > Yes, I need to look into what ctime should do in this case though... Found it: 7.27.3.2 The ctime function 2 The ctime function converts the calendar time pointed to by timer to local time in the form of a string. It is equivalent to asctime(localtime(timer)) The standard basically specifies the implementation, so it's clearly UB if localtime(t) would return a null pointer. Looks like no action is needed here; the most-desirable-behavior (crash) for UB happens automatically anyway. > > regexec.c:253 > > "return REG_NOMATCH;" in GET_NEXT_WCHAR leaks memory allocated for 'buf' > > This should be checked, but it sounds likely. nsz is looking into fixing it. > > lookup_serv.c:55 > > getnameinfo.c:99 > > pointless "if (!p) continue;" when "if (!*p) continue;" was probably > > intended > > I'd have to look at the code but it's possible the intent was leftover > from old code that was changed rather than being what you think. But I > think your proposed change is probably right for the current code. > Looks low-priority anyway (only affects parsing invalid hosts/services > files). Digging up the history was confusing so I'm just fixing them based on the current code. For lookup_serv.c, the line was a nop and is not needed. For getnameinfo.c it seems to be an actual bug that could cause reading past the end of the line buffer (but not write). > > fpathconf.c > > off-by-one error in range check (if (name >= sizeof ...)) > > Indeed. This should be fixed. Fixing. Rich