From nobody Fri Mar 04 19:48:18 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 1EC9E19F13C9; Fri, 4 Mar 2022 19:48:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4K9JLV40Fyz4t3p; Fri, 4 Mar 2022 19:48:18 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646423298; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rMxRFXaTBJCmVkcdIdXK3SLd6biZo/ShreerRg3qrU0=; b=K+iAvPA7b3tHd9rQFcj68Jl8cIdJBUPk+p/KP1IXaG1k2WVbl12QGPY18X+meFphrxj+dO 6K7MLMPXyR/cCI4J9yX9CHymZnbXuLM9aAV5LSz76hPUpbiYf4Fp1p9JDsQhvjygY8+jZ7 sa3NBLTN4TwoekAMcYg0Wybx8iUIfog9QSC+fI33JFfhy37JssVRsKgQZe4KQ6M2LDOI4U F+xh+qd+RLzIw2v/1AcK3i+BzRRF/1ZDdmNDHcMrDB2fMdPgLCWvpTKJWXx+C41GVxIpwf nH2d5fPuPjYM3FvBOpgE/mWz5WdSoosZI4ZAjVzOSsDwSRB1cmITUqeroqOfkA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 27A57124E4; Fri, 4 Mar 2022 19:48:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 224JmI1X069258; Fri, 4 Mar 2022 19:48:18 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 224JmIsb069257; Fri, 4 Mar 2022 19:48:18 GMT (envelope-from git) Date: Fri, 4 Mar 2022 19:48:18 GMT Message-Id: <202203041948.224JmIsb069257@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: =?utf-8?Q?Stefan E=C3=9Fer?= Subject: git: 977ed30681c3 - stable/13 - fread.c: fix undefined behavior List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: se X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 977ed30681c346a0b6be76a2e03b6651b94b58aa Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646423298; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rMxRFXaTBJCmVkcdIdXK3SLd6biZo/ShreerRg3qrU0=; b=B9K65c9N/36rxLAUmm1dcD+a2OyeHj57JPQQ967XaJoiDjj072OC8cq5+PQg/fuT9djOvQ U9SWaTuSeW8RvPauqFdqeW2uis17nscQwg9e5a20pvproZgnmkriO3HLUiDoUgzgUBNfWl +SeFeJuNLthqE2bzAUXTcz2AdZ3gnIHAGAdUDUEox6F1HBRwuJClDfCZDQNIOkGEV555xJ xrgFWhdZl4GJrALJRIgWlmdSaI9O6j1VwpK590U1XLLPSXQr5rrdc7d+zRE1OvEStze730 sTV3VPNezo6Hb3Z9VrCH/TbinuIx5pG1HE4ZzZbZXW7FsEesavWavMUNbIubpA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1646423298; a=rsa-sha256; cv=none; b=ITQD/smuNKl/lZb/N2JGN3CdZyld27ycjrgGGmSMRLA45iTfqXqVHjoSPw0kLgkH9vimCZ Di08/rxB0BsgikA+iLw6IT9UQvxeH+VdNDTE+mVHjNHvBuGLANlCFSkKvfmbAZYEpPCF2q 9cNQQ1n0Fh2k4NQ/pjS/MlLvarRKMZQxdALpgP1VnSRqOYemMqueceBvqU7/Yjk+Z7v4jW rIm+qz1/xOv4vn7Xx+QfaI7YHpZa+nmMHDWL4bhQJRSZFFbzPr9+DC3+4GHlftEUbwtnck D+6yxoFy/dXnI2BKXzJZZz04HjpPri3+omyXDNy4ogGHkb4pKyL2pReXBlm2rg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by se: URL: https://cgit.FreeBSD.org/src/commit/?id=977ed30681c346a0b6be76a2e03b6651b94b58aa commit 977ed30681c346a0b6be76a2e03b6651b94b58aa Author: Stefan Eßer AuthorDate: 2022-01-15 23:30:04 +0000 Commit: Stefan Eßer CommitDate: 2022-03-04 19:47:23 +0000 fread.c: fix undefined behavior A case of undefined behavior in __fread() has been detected by UBSAN and reported by Mark Millard: /usr/main-src/lib/libc/stdio/fread.c:133:10: runtime error: applying zero offset to null pointer SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior in /usr/main-src/lib/libc/stdio/fread.c:133:10 While being benign (the NULL pointer is later passed to memcpy() with a length argument of 0), this issue causes in the order of 600 Kyua test cases to fail on systems running a world built with WITH_UBSAN and WITH_ASAN. The undefined behavior can be prevented by skipping operations that have no effect for r == 0. Mark Millard has suggested to only skip this code segment if fp->_p == NULL, but I have verified that for the case of r == 0 no further argument checking is performed on the addresses passed to memcpy() and thus no bugs are hidden from the sanitizers due to the simpler condition chosen. (cherry picked from commit 10af8e45a89818754b80315539e167ae49599f17) --- lib/libc/stdio/fread.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/lib/libc/stdio/fread.c b/lib/libc/stdio/fread.c index 11f8d13f0caf..cafe86fe7961 100644 --- a/lib/libc/stdio/fread.c +++ b/lib/libc/stdio/fread.c @@ -129,11 +129,13 @@ __fread(void * __restrict buf, size_t size, size_t count, FILE * __restrict fp) } while (resid > (r = fp->_r)) { - (void)memcpy((void *)p, (void *)fp->_p, (size_t)r); - fp->_p += r; - /* fp->_r = 0 ... done in __srefill */ - p += r; - resid -= r; + if (r != 0) { + (void)memcpy((void *)p, (void *)fp->_p, (size_t)r); + fp->_p += r; + /* fp->_r = 0 ... done in __srefill */ + p += r; + resid -= r; + } if (__srefill(fp)) { /* no more input: return partial result */ return ((total - resid) / size);