From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: (qmail 31380 invoked from network); 1 May 2020 01:49:41 -0000 Received-SPF: pass (mother.openwall.net: domain of lists.openwall.com designates 195.42.179.200 as permitted sender) receiver=inbox.vuxu.org; client-ip=195.42.179.200 envelope-from= Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 1 May 2020 01:49:41 -0000 Received: (qmail 31898 invoked by uid 550); 1 May 2020 01:49:36 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 31874 invoked from network); 1 May 2020 01:49:36 -0000 Date: Thu, 30 Apr 2020 21:49:23 -0400 From: Rich Felker To: musl@lists.openwall.com Message-ID: <20200501014923.GL21576@brightrain.aerifal.cx> References: <8756d18a-28ce-dda6-6300-24ae208351c2@agrell.info> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [musl] bug: integer overflow in memmem() On Thu, Apr 30, 2020 at 04:31:11PM -0400, Jeffrey Walton wrote: > On Thu, Apr 30, 2020 at 2:30 PM Alfred Agrell wrote: > > > > To reproduce: Compile src/string/memmem.c with -fsanitize=undefined, then > > > > int main() > > { > > char a[4] = { -1,-1,-1,-1 }; > > memmem(a, 4, a, 3); > > memmem(a, 4, a, 4); > > } > > > > Expected result: No output > > > > Actual (Ubuntu 18.04 x86_64, gcc 7.5.0, ): > > > > memmem.c:15:20: runtime error: left shift of 255 by 24 places cannot be > > represented in type 'int' > > memmem.c:16:20: runtime error: left shift of 255 by 24 places cannot be > > represented in type 'int' > > memmem.c:24:20: runtime error: left shift of 255 by 24 places cannot be > > represented in type 'int' > > memmem.c:25:20: runtime error: left shift of 255 by 24 places cannot be > > represented in type 'int' > >... > > > > I'm not aware of any compiler on any platform where it'll actually > > break, so your choice whether this is a real bug. I didn't check if > > similar issues exist elsewhere across musl. > > Try Intel ICC. It is ruthless and removes undefined behavior every > chance it gets. It can usually break a program with UB that GCC, Clang > and MSVC compile OK. Indeed, ICC can even break programs that don't have UB. :-) Cheap shots at ICC aside, I don't think it will break this because, assuming no LTO (and thus external calls as compiler barriers), it would have to generate suboptimal code with explicit overflow check of some sort to do the wrong thing here. But in any case it's desirable to be able to build with UBSan or similar tooling that actively catches UB, so I'm fixing it. For the record, I found where Szabolcs Nagy reported this in 2018, and I think others reported it as well. I really should have fixed this a long time ago. Rich