From nobody Wed Jan 12 07:50:19 2022
X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 818BB195B9B6
	for <freebsd-current@mlmmj.nyi.freebsd.org>; Wed, 12 Jan 2022 07:50:23 +0000 (UTC)
	(envelope-from jan.kokemueller@gmail.com)
Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JYfqg2v05z4SrQ;
	Wed, 12 Jan 2022 07:50:23 +0000 (UTC)
	(envelope-from jan.kokemueller@gmail.com)
Received: by mail-lf1-x12b.google.com with SMTP id x22so5062334lfd.10;
        Tue, 11 Jan 2022 23:50:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=message-id:date:mime-version:user-agent:subject:content-language:to
         :cc:references:from:in-reply-to:content-transfer-encoding;
        bh=LncRzejS7Nq5niwS38Hs7Jka4BxnJe8bQ7LLOMPC+VU=;
        b=KZ/cNx71ZK8pZZDrt+RGq+dtQAyUiLtLgH5sE3rraAob17QVCLSOsqwGM0TV1waNvD
         SrFFA9VDKaRs5brc4phKlEWkVvniUz8xtke7FWKPZO3Lu56XDLH07S63RnG74/ALqnL2
         bMNkhqtrhAqEjhFKYtiO/IBIb5C/PqvsUDNC5rVOumZDtVIzyfzZxUDOajTrTrsSsNns
         T6rwpaIl4HFMcuLC31lud3Ck4dePLNWSk6EvDtkhpyzetzxMdHV/YasJavbQVKmfRB6X
         IykpCwhpNwkOKE6d2m9bqUm8AEUdqvqBh7BS+/suvrQNOjPATi1VZCFc0hkWqjL4F8P4
         SWow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
         :content-language:to:cc:references:from:in-reply-to
         :content-transfer-encoding;
        bh=LncRzejS7Nq5niwS38Hs7Jka4BxnJe8bQ7LLOMPC+VU=;
        b=iRKw+nNyigFKPc/XYrcjMHdS+LrIEaNBc1coxJFqpocIyYc7TZ3LIGKNGI1i0ShA8i
         5f8YVbxr1hNuZO85w1hri4ynYSadXlhAtAXRkl9XOhwZ3VokHSgKvBXTak67ymeeq1Sx
         Z4mDCjNA580gPmUelgiRp38HuadeKPHi9F5tH9rllLVChmPb0JQJTFajN7IQ/S8p+nAM
         i+Nz2E0JfIaPLP4QK9UIn1CCaz16IPNlR7VFVcOFszOyK0ZAl7dsH2fRr/K54fJegqiD
         sAFEWNMGPq4yXBpOh+pHefszmAqUm3HJCLdSxx9qn3q8KOxlEmXKvNYsxm4dBx1cIxhb
         UFBQ==
X-Gm-Message-State: AOAM531jX1PcSdDmb++009ltpXud8b93aA8ipl12FArDchiI1rTAuB19
	SsL1Ll68d5aFSHIgxoFfs2dObWaVixut+Q==
X-Google-Smtp-Source: ABdhPJybTG2UVhePXgwED1h82z+WeoexYmfzkH9Tch+Oz5zC40vlCnutn+L4YB316W2PyM2SdR8FyQ==
X-Received: by 2002:a05:6512:39cc:: with SMTP id k12mr6120773lfu.372.1641973822160;
        Tue, 11 Jan 2022 23:50:22 -0800 (PST)
Received: from ?IPV6:2003:d2:1f18:8600::1d74? (p200300d21f1886000000000000001d74.dip0.t-ipconnect.de. [2003:d2:1f18:8600::1d74])
        by smtp.googlemail.com with ESMTPSA id f18sm1563066lfj.56.2022.01.11.23.50.20
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 11 Jan 2022 23:50:21 -0800 (PST)
Message-ID: <80e1f514-c0b3-cf79-ea6f-8c62cb1db386@gmail.com>
Date: Wed, 12 Jan 2022 08:50:19 +0100
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.4.1
Subject: Re: UBSAN report for main [so: 14] /usr/bin/whatis: non-zero (48) and
 zero offsets from null pointer in qsort.c
Content-Language: en-US
To: Stefan Esser <se@FreeBSD.org>, Mark Millard <marklmi@yahoo.com>
Cc: bugs@openbsd.org, freebsd-current <freebsd-current@freebsd.org>,
 Baptiste Daroussin <bapt@FreeBSD.org>
References: <A4577E70-AB32-450F-A3F6-A2B42B09A1B3.ref@yahoo.com>
 <A4577E70-AB32-450F-A3F6-A2B42B09A1B3@yahoo.com>
 <35333abc-9d4a-4b78-586d-1e869df4f9d4@FreeBSD.org>
 <BEFB4665-F32B-4AA0-BE4A-5ABB8B973012@yahoo.com>
 <7babd754-6dab-223a-7bfd-ff06f10c71e2@FreeBSD.org>
From: =?UTF-8?Q?Jan_Kokem=c3=bcller?= <jan.kokemueller@gmail.com>
In-Reply-To: <7babd754-6dab-223a-7bfd-ff06f10c71e2@FreeBSD.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4JYfqg2v05z4SrQ
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-4.00 / 15.00];
	 REPLY(-4.00)[];
	 TAGGED_FROM(0.00)[]
X-ThisMailContainsUnwantedMimeParts: N

On 11.01.22 22:08, Stefan Esser wrote:
> diff --git a/lib/libc/stdlib/qsort.c b/lib/libc/stdlib/qsort.c
> index 5016fff7895f..51c41e802330 100644
> --- a/lib/libc/stdlib/qsort.c
> +++ b/lib/libc/stdlib/qsort.c
> @@ -108,6 +108,8 @@ local_qsort(void *a, size_t n, size_t es, cmp_t *cmp, void
> *thunk)
>  	int cmp_result;
>  	int swap_cnt;
> 
> +	if (__predict_false(a == NULL))
> +		return;
>  loop:
>  	swap_cnt = 0;
>  	if (n < 7) {
> 
> This would also work to prevent the NULL pointer arithmetik for
> ports that might also path a == NULL and n == 0 in certain cases.

The UB happens in this line, when "a == NULL" and "n == 0", right?

    for (pm = (char *)a + es; pm < (char *)a + n * es; pm += es)

This is arithmetic on a pointer (the NULL pointer) which is not part of an
array, which is UB.

Then, wouldn't "if (__predict_false(n == 0))" be more appropriate than checking
for "a == NULL" here? Testing for "a == NULL" might suppress UBSAN warnings of
valid bugs, i.e. when "qsort" is called with "a == NULL" and "n != 0". In that
case UBSAN _should_ trigger.

UBSAN should not trigger when n == 0, though. At least, when "a" does point to
a valid array. But what about the case of "a == NULL && n == 0"? Is that deemed
UB? It looks like at least FreeBSD's "qsort_s" implementation says it's legal.

a != NULL (pointing to valid array), n != 0  ->  "normal" case, no UB
a != NULL (pointing to valid array), n == 0  ->  should not trigger UB, and
                                                 doesn't in the current
                                                 implementation
a == NULL, n == 0                            ->  should not trigger UB?
                                                 (debatable)

So if "a == NULL && n == 0" was deemed legal, then there would be no bug in
"mansearch.c", right?

-Jan