From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 11410 invoked from network); 6 Aug 2021 19:29:59 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 6 Aug 2021 19:29:59 -0000 Received: (qmail 18053 invoked by uid 550); 6 Aug 2021 19:29:57 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 18035 invoked from network); 6 Aug 2021 19:29:57 -0000 X-Virus-Scanned: amavisd-new at heinlein-support.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jensenkarlsson.se; s=MBO0001; t=1628278184; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JDqlXoSCAeOvTPpfM8Fxe2e5nuetCyfw9SZMOduYHik=; b=jFDQuvyIEaUvILof4maeQP3Je0kWS4uYVg1oVGG1wyIsqVcYJIYlU9KnGj+MKnNnQ5WeKT lYRW1lrQK28+EbQ+TZKh2IzRebJ3VZtE8ocTuc5SAfYTNO7jbJ9Q0hnfbIgazMTESV0LoQ sbBcda2owHJaHPsX+KRH+mG1GIDZEBA7J2+ej7vsPMxNGwdK2QUWkRZLGhgLt8G82Fnq5/ AVXtKB2IIlXGPhOjLQ3YgdouRIaUWZoCCAMbnXpQk0F06HAJO4lraoKKnKpo53867ZD8kV 7pHPo6key6150Nis5HfPM/JwH2IT47R+tacakm27+7kL8KS+1v4zRaPaZHxfCg== To: Rich Felker Cc: musl@lists.openwall.com References: <23e62796-4efb-3495-d7c8-1e3d85f4ea82@jensenkarlsson.se> <20210806142038.GU13220@brightrain.aerifal.cx> From: Pontus Jensen Karlsson Message-ID: <5e5c78f4-f093-278e-f93a-2a9fd8c24fe6@jensenkarlsson.se> Date: Fri, 6 Aug 2021 21:29:38 +0200 MIME-Version: 1.0 In-Reply-To: <20210806142038.GU13220@brightrain.aerifal.cx> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Content-Language: en-US X-Rspamd-Queue-Id: EC0D818B5 X-Rspamd-UID: f67aef Subject: Re: [musl] Potential bug in printf_core On 8/6/21 4:20 PM, Rich Felker wrote: > On Fri, Aug 06, 2021 at 03:14:22PM +0200, Pontus Jensen Karlsson wrote:= >> Hi, >> >> I've been trying to build audit-userspace tools for an ARMv7 SBC >> using musl 1.2.2 as libc. >> The tool auditd continously segfaults and I've traced it to a printf >> statement that >> I have isolated the issue to this piece of code (simplified for >> debugging purposes): >> >> #include >> #include >> >> int main(int argc, char **argv) >> { >> =C2=A0=C2=A0=C2=A0 struct timeval tv =3D { >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 .tv_sec =3D 1000, >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 .tv_usec =3D 4177777 >> =C2=A0=C2=A0=C2=A0 }; >> =C2=A0=C2=A0=C2=A0 char *str =3D "Hello World"; >> =C2=A0=C2=A0=C2=A0 unsigned num =3D 8062; >> >> =C2=A0=C2=A0=C2=A0 printf("%lu %03u %u %s", tv.tv_sec, (unsigned)(tv.= tv_usec), num, str); >> } >> >> This code segfaults at memchr (s =3D 0x3fbf71 > memory at address 0x3fbf71>) >> but three frames up we're at src/stdio/vfprintf.c:593. >> >> Here it attempts to read the string length from the arg.p address, >> the problem is that arg.p points >> to the int-value of (unsigned)(tv.tv_usec) and not the memory >> address of str. >> >> So, I'm confused as to why this happens? Is it something weird with >> the state-machine in printf_core, >> or am I misunderstanding something which needs to be patched into >> audit-userspace? > You're missing that %lu is not a valid format specifier for time_t. > You need to either do %jd and (intmax_t)tv.tv_sec or %lld and (long > long)tv.tv_sec. You are absolutely correct. After changing to %llu it worked flawlessly, = well I had to do it for both tv_sec and tv_usec but after that it works. I also=20 read the note on the frontpage of musl.libc.org which explained the reason why this had=20 to be done. My question now is, have most C libraries moved to long long unsigned=20 for tv_sec, i.e. is this portable? ~ PJK > > So yes, this seems to be a bug in audit-userspace. > > Rich