From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: (qmail 9813 invoked from network); 30 Apr 2020 18:30:08 -0000 Received-SPF: pass (mother.openwall.net: domain of lists.openwall.com designates 195.42.179.200 as permitted sender) receiver=inbox.vuxu.org; client-ip=195.42.179.200 envelope-from= Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 30 Apr 2020 18:30:08 -0000 Received: (qmail 22252 invoked by uid 550); 30 Apr 2020 18:29:54 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 11808 invoked from network); 30 Apr 2020 18:17:53 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=5CVAt4PDdUaiM7YDCxKaaAn7zkStv4dlXlZq+4hcVSo=; b=bHnWGgUqSOJ3ClJ0wzaFfS3RuOkhJPFz6h0NSX9hXsBUzBZaTvi5qysgLPp4K3jhsu p2iJzhk6QjtKsZETMVN/3R9Y4dEN0ftdHET1UHvM70OCC+kPn7A8FkScFN2FM0M3O2AU 5NPsg7KT9/8CZXJ22Q7pEWgG0knAHG+33dRLC65pXE/d/XnjRSlu3JNsdhGPIaALyITd FdSzRikHAgvmN2TOtIKdHYxMWaos/lWX7IqWNW1quMrBnE/zskf4FFpNRTS+wk6A3RFF PSZHengMJ42ZyVq95vkppg/PKMnq021nZtpJO/aXNoPoM0JnOsUecMcUuff6ze0Zy4p7 +1pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:to:from:subject:message-id:date :user-agent:mime-version:content-transfer-encoding:content-language; bh=5CVAt4PDdUaiM7YDCxKaaAn7zkStv4dlXlZq+4hcVSo=; b=lU649s7/puzDXcTmiSNL3RDegH8AN1EQhe7vIupVDui6DOl5LqxBgj2NOXvWiN1vUl MfK2ph6JJEelkDVj9Q1s1WcwzLfZUn3JHAk28T3oPyxIRmQ5ZhylNdpfy8syJhwCwbUd OcpsXOhqeIGh9rPg+ED6fQAyJ511LLPIxYllaPtm1LYtsUYmRgudMPNSDInYPnQs9RDW 1q8m/+Opz85iLBI+JIcoRWS95rAuSO2kNbrnZxC483EKPngc4/EejWAknjtCRQ3mGCpc 6SqXAKMaIdG0AOugz29yS5hzeEWRgYjEs+UIYZypqiHaf6AtAr0UUvkzxmD37sweQwy3 ocGw== X-Gm-Message-State: AGi0Pub0XotdGEj7+yEGSgEH+D92tsNF1tKHoqwhNRY7NzCJ0cG+y3S/ orrr0AP1QT3lAscAx+83lTx7TjfP X-Google-Smtp-Source: APiQypKXlC9KxK0ITJRjsNISq5gd9so9v4OziDVfuxboK/DZYMRi0negpQ13Aq3AM/aS+tUVjaM/GA== X-Received: by 2002:ac2:5395:: with SMTP id g21mr3065804lfh.61.1588270661369; Thu, 30 Apr 2020 11:17:41 -0700 (PDT) Sender: Alfred Agrell To: musl@lists.openwall.com From: Alfred Agrell Message-ID: <8756d18a-28ce-dda6-6300-24ae208351c2@agrell.info> Date: Thu, 30 Apr 2020 20:17:39 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Subject: [musl] bug: integer overflow in memmem() To reproduce: Compile src/string/memmem.c with -fsanitize=undefined, then int main() { char a[4] = { -1,-1,-1,-1 }; memmem(a, 4, a, 3); memmem(a, 4, a, 4); } Expected result: No output Actual (Ubuntu 18.04 x86_64, gcc 7.5.0, ): memmem.c:15:20: runtime error: left shift of 255 by 24 places cannot be represented in type 'int' memmem.c:16:20: runtime error: left shift of 255 by 24 places cannot be represented in type 'int' memmem.c:24:20: runtime error: left shift of 255 by 24 places cannot be represented in type 'int' memmem.c:25:20: runtime error: left shift of 255 by 24 places cannot be represented in type 'int' C's integer promotion rules are fairly unintuitive for <<; it promotes unsigned small LHS to signed. To fix, change the two n[0]<<24 to (uint32_t)n[0]<<24, and similar for h[0]<<24. I'm not aware of any compiler on any platform where it'll actually break, so your choice whether this is a real bug. I didn't check if similar issues exist elsewhere across musl. I'm not subscribed to the list; I'll read the archives, but if you want a timely response, please cc me. -- Alfred Agrell