From nobody Tue Jan 11 13:19:09 2022 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 9A69F194A94E for ; Tue, 11 Jan 2022 13:19:12 +0000 (UTC) (envelope-from se@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JYB9X3nd5z3wDN; Tue, 11 Jan 2022 13:19:12 +0000 (UTC) (envelope-from se@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1641907152; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=qo9li16gZabBwsMDAgkgNsy1aXVVJNjLP4S4LM/gm7A=; b=HXzub8uZQF8BN5F12WSYBFVyQSn0gqheA5+b+sI4VeYG+n+5Muq6XNWxnUMA08u59iaWR4 3OWJy9BNqxfu+MlzWHGpDibAbEVJADPcFi6awiX4xptIVts5X8YYEQ4PQ5mIv5MZKYKZeK Aqi4KHr7VUsmtBwY7xuBuLCFoWKiNxp/EOoBBI8GOnkF5rNcdC7EcEt6hpuVsBrIE7z8Lx rRsCpJeEM+eP+6PnD0vyvAUpg1UMqMByns2MpZOoPOpMiHFKKYLZ8x9wvETh7OmnfgoOca P+VOsdjHsu4vZ0tJ8G9jpeEFlBUErPcpV7SgpnZ4S3lx7xk19nLSzPwyzkM6hQ== Received: from [IPV6:2003:cd:5f26:900:c492:67dd:8868:a80d] (p200300cd5f260900c49267dd8868a80d.dip0.t-ipconnect.de [IPv6:2003:cd:5f26:900:c492:67dd:8868:a80d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: se/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id BA2F44EB3; Tue, 11 Jan 2022 13:19:11 +0000 (UTC) (envelope-from se@FreeBSD.org) Message-ID: <35333abc-9d4a-4b78-586d-1e869df4f9d4@FreeBSD.org> Date: Tue, 11 Jan 2022 14:19:09 +0100 List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.4.1 Subject: Re: UBSAN report for main [so: 14] /usr/bin/whatis: non-zero (48) and zero offsets from null pointer in qsort.c Content-Language: en-US To: bugs@openbsd.org References: From: Stefan Esser Cc: freebsd-current , Mark Millard , Baptiste Daroussin In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------q5tWnARR1ND0Yep0N8BIbkod" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1641907152; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=qo9li16gZabBwsMDAgkgNsy1aXVVJNjLP4S4LM/gm7A=; b=Ly024t5Jjkst/yXlRlsCM7+Z5bjCJjOfHkxBTAHHqcaa/JZog0u87Ml0xfL2+IGCMmtuuJ HrWKzK0Ww2Wc3R2Xj6+BRaNV1DXTVZaI8y42tu2JE/VtWfizbZq5QJCLRXzhyXPzY57EtP Enx+JJTowO+5IiDoE1ZqBS87elsjsDn0GOlKb8gyJGm3CEi6x8dNBlFs8Dn8B4kTIV1v3K TUryTckHFaLFILTyZFc6j3oPm1tzj8pup4CO8NRcZYCqpqIAyVm6PhxgXGifxLO/qABf0j dPiXX9JTarA/SRy01skq1qEP5dmwd4c8WCIS7/A0Rmv68qAyMVVS19as+LCghg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1641907152; a=rsa-sha256; cv=none; b=xBvftAsobP+omiGgC6fxRkUTSQ3EQcS+D2iMCIrCHi/bLo5xxzZdEYD2hVHQqHC08UYBoi 23yd3HXh28kztYn9rRQe29NkxNmhJZubEegH8zxTM4nHJeWx38dm6f2KSLtKgCLSbVpDmT NA+s5rB8/2oMJR/xaqxSOyYRlNR9hNKuywX4OHp67DHgoojGxFORk/eWzlN0qxZv20HEGc auqRj8y2U7LM8Mbwk/RFKzqGdWb11bf5cRIyg+fIlPGBJLRRSCR/uBxuXznBlCKrPgSQUi R5Cge2G17d+u6CRafyUVmbfjfDnwq/SXjd50CdIIL64oGwXTpVOd2o+yTGAxQQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------q5tWnARR1ND0Yep0N8BIbkod Content-Type: multipart/mixed; boundary="------------SqilZx8IPkjIo3mGiQtryTRf"; protected-headers="v1" From: Stefan Esser To: bugs@openbsd.org Cc: freebsd-current , Mark Millard , Baptiste Daroussin Message-ID: <35333abc-9d4a-4b78-586d-1e869df4f9d4@FreeBSD.org> Subject: Re: UBSAN report for main [so: 14] /usr/bin/whatis: non-zero (48) and zero offsets from null pointer in qsort.c References: In-Reply-To: --------------SqilZx8IPkjIo3mGiQtryTRf Content-Type: multipart/mixed; boundary="------------nLmWBUliSu8bWbhmESyLmdLR" --------------nLmWBUliSu8bWbhmESyLmdLR Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Am 11.01.22 um 08:40 schrieb Mark Millard: > # whatis dog > /usr/main-src/lib/libc/stdlib/qsort.c:114:23: runtime error: applying n= on-zero offset 48 to null pointer > SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/main-src/l= ib/libc/stdlib/qsort.c:114:23 in=20 > /usr/main-src/lib/libc/stdlib/qsort.c:114:44: runtime error: applying z= ero offset to null pointer > SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/main-src/l= ib/libc/stdlib/qsort.c:114:44 in=20 > whatis: nothing appropriate >=20 > This seems to be only for the not-found case. >=20 > =3D=3D=3D > Mark Millard > marklmi at yahoo.com The undefined behavior is caused by insufficient checking of parameters in mansearch.c. As part of the initializations performed at the start of mansearch(), the variables cur and *res are initialized to 0 resp. NULL: cur =3D maxres =3D 0;=09 if (res !=3D NULL) *res =3D NULL; If no match is found, these values are unchanged at line 223, where res is checked to be non-NULL, but then *res is passed to qsort() and that is still NULL. Suggested fix (also attached to avoid white-space issues): --- usr.bin/mandoc/mansearch.c +++ usr.bin/mandoc/mansearch.c @@ -220,7 +220,7 @@ if (cur && search->firstmatch) break; } - if (res !=3D NULL) + if (res !=3D NULL && *res !=3D NULL) qsort(*res, cur, sizeof(struct manpage), manpage_compare); if (chdir_status && getcwd_status && chdir(buf) =3D=3D -1) warn("%s", buf); (File name as in OpenBSD, it is contrib/mandoc/mansearch.c in FreeBSD.) Regards, STefan --------------nLmWBUliSu8bWbhmESyLmdLR Content-Type: text/plain; charset=UTF-8; name="mansearch.diff" Content-Disposition: attachment; filename="mansearch.diff" Content-Transfer-Encoding: base64 LS0tIHVzci5iaW4vbWFuZG9jL21hbnNlYXJjaC5jCisrKyB1c3IuYmluL21hbmRvYy9tYW5z ZWFyY2guYwpAQCAtMjIwLDcgKzIyMCw3IEBACiAJCWlmIChjdXIgJiYgc2VhcmNoLT5maXJz dG1hdGNoKQogCQkJYnJlYWs7CiAJfQotCWlmIChyZXMgIT0gTlVMTCkKKwlpZiAocmVzICE9 IE5VTEwgJiYgKnJlcyAhPSBOVUxMKQogCQlxc29ydCgqcmVzLCBjdXIsIHNpemVvZihzdHJ1 Y3QgbWFucGFnZSksIG1hbnBhZ2VfY29tcGFyZSk7CiAJaWYgKGNoZGlyX3N0YXR1cyAmJiBn ZXRjd2Rfc3RhdHVzICYmIGNoZGlyKGJ1ZikgPT0gLTEpCiAJCXdhcm4oIiVzIiwgYnVmKTsK --------------nLmWBUliSu8bWbhmESyLmdLR-- --------------SqilZx8IPkjIo3mGiQtryTRf-- --------------q5tWnARR1ND0Yep0N8BIbkod Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEo3HqZZwL7MgrcVMTR+u171r99UQFAmHdg84FAwAAAAAACgkQR+u171r99UTm zwgAnGjlKp/YzckwmfBXchCt4K4uYbF9hOi12ldT7sQyGHdkjSNpLTkBF7j6Zl3S9Ar4x/nYkIhx petgux+7qOsp+oHfu7WrIIcuy8rF9+8iaF4LTTnC4pHOk7QY8limuf12z66+7mcj2WdqNbJh0inG 4l65wCvHvFLc2nsz772PRE+/dibKN78LnydR8JgRwt/+BAzOw67la6jckw0AQfmuCbjLsJgSSVVy ntTmLVT4f4aB0hVCX6Yqhioypes+PH2nlE93imob5OR9HL3fBSosINtxhZ7xFGzi2ywwxnvbxkE7 XnurIR4GOZ2pN8torsF97NJeMZoatEJMTrdQwOcd1Q== =iGen -----END PGP SIGNATURE----- --------------q5tWnARR1ND0Yep0N8BIbkod--