From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.4 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLACK autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 1084 invoked from network); 30 Aug 2021 11:18:43 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 30 Aug 2021 11:18:43 -0000 Received: (qmail 21540 invoked by uid 550); 30 Aug 2021 11:18:40 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 5690 invoked from network); 29 Aug 2021 22:14:07 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=t2XusbZqYfnENxdfgJgHG4vYYebBuVBrrhrgi/PGwQI=; b=G5+5AEKPs2l6XimBJvrJIc5XQqZhOOl4L8DbB+dKIYTZddK2siHjwT55IhCjItZKGB qMDKjG4tB/vnrKyArWbAcdVALVBuuRV67z7+jVsUZuYK84kYd8G4jZRpz++wVmjgocHo arYSik5GnyAdA4mVJBB93B3MllLyfaIkVjk02FLwdAC5W1PWoRW2ykKmQ3/H7a6+pZ8L 4FWZrzkEv/7SBZSfaiwDyIFS29aBfdEHIYOuH53szPOkNaUfpFK7SFTQ7DTShOB6tKhZ saY6ZkCX9+DKL42Wr+WDGhXQGgmU1eD2K84LVUfZGg403olKOx4ghy0shNE4PAM13hkB 0bMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=t2XusbZqYfnENxdfgJgHG4vYYebBuVBrrhrgi/PGwQI=; b=em21Ca40k5BBf99nD0fUeeE+j98NV+n1vIzqboq41SWJ/RO56bq8jNmPexGVyZoW5i 5D9GrHoS1UMSqT7cQsTA6UoYQzSHin0/ynouBNBTlXJMUlpUwQQcvjzPP4kZuhXFwjjT 0q6O1AipQIlE1IehdvuMdRtAOp8u0cHupKBkI4wZm7P6v/ykoPbIFPgYdY9PZfQT0UyH JYLQW5xmXTONo5bpXMHgVXLR/72EqSPM0j5e62ZAPkDnLeRTYXrJ1p7YH/NKzNb7CV9R /gdNiQRTe0+CLX0SW2CwhY+VBw3on74DP1KvRyocFILecdtcFz5s3B9+aVWBZA3hNHw6 9aUQ== X-Gm-Message-State: AOAM531NT3mGBrk21qwbYhgxf1Qj0YuIxiRNEtkceRekB80hhEEs+6xy Zg+FjISeIBJhzPlMQCHOZQw0vC7d5iqJvQHfN2C3FSm6oQiR X-Google-Smtp-Source: ABdhPJzCMRLpIl0XMMKrD/alR+xmxpTpDKchT24HqVoIawby8i0yNjJY0NS+dAGAYQeOACwrjpy9suPrJyrELoB2uhM= X-Received: by 2002:aa7:d1d3:: with SMTP id g19mr20645724edp.373.1630275235509; Sun, 29 Aug 2021 15:13:55 -0700 (PDT) MIME-Version: 1.0 From: Tamir Duberstein Date: Sun, 29 Aug 2021 18:13:44 -0400 Message-ID: To: musl@lists.openwall.com Cc: Petr Hosek Content-Type: text/plain; charset="UTF-8" Subject: [musl] undefined behavior in getdelim.c Fuchsia's libc is derived from musl. We make extensive use of clang sanitizers in Fuchsia, and UBSAN has found "applying zero offset to null pointer" in getdelim.c. Any call to `fopen` followed by a call to `getdelim` will trigger this behavior. The UB happens at https://git.musl-libc.org/cgit/musl/tree/src/stdio/getdelim.c#n59. Immediately after `fopen` `f->rpos` is `NULL`; `rpos` won't be initialized until a few lines down in `getcunlocked`. Here's the stack trace from UBSAN in Fuchsia: ../../zircon/third_party/ulib/musl/src/stdio/getdelim.c:48:13: runtime error: applying zero offset to null pointer #0 0x0000432ff5bf0613 in getdelim(char** restrict, size_t* restrict, int, FILE* restrict) ../../zircon/third_party/ulib/musl/src/stdio/getdelim.c:48 +0x165613 #1.2 0x00002380af30fe37 in ubsan_GetStackTrace() compiler-rt/lib/ubsan/ubsan_diag.cpp:55 +0x3be37 #1.1 0x00002380af30fe37 in MaybePrintStackTrace() compiler-rt/lib/ubsan/ubsan_diag.cpp:53 +0x3be37 #1 0x00002380af30fe37 in ~ScopedReport() compiler-rt/lib/ubsan/ubsan_diag.cpp:389 +0x3be37 #2 0x00002380af3141fb in handlePointerOverflowImpl() compiler-rt/lib/ubsan/ubsan_handlers.cpp:809 +0x401fb #3 0x00002380af313d6d in compiler-rt/lib/ubsan/ubsan_handlers.cpp:815 +0x3fd6d #4 0x0000432ff5bf0613 in getdelim(char** restrict, size_t* restrict, int, FILE* restrict) ../../zircon/third_party/ulib/musl/src/stdio/getdelim.c:48 +0x165613 Note that Fuchsia is a years behind, but I've confirmed this UB happens even with the latest musl sources. Fixing this should be quite straightforward. I'm happy to send a patch if you agree. Please CC me on response as I am not a subscriber to this mailing list per the guidance on https://musl.libc.org/support.html. Thank you. Tamir