|
2023-05-02
| ||
| 18:22 | • Ticket [ab123cfd3d] ValidateFormat(): signed integer overflow status still Closed with 5 other changes artifact: a5f47b7fc8 user: chrstphrchvz | |
| 17:59 | • Closed ticket [ab123cfd3d]. artifact: 5c4f1bcc7b user: apnadkarni | |
| 16:48 | Merge 8.6 - [ab123cfd3d] and [784befb0ba] check-in: 4039ba5278 user: apnadkarni tags: core-8-branch | |
| 16:33 | Fix [ab123cfd3d] - scan ubsan. Tx chrstphrchvz for patch check-in: e8c53546b7 user: apnadkarni tags: core-8-6-branch | |
| 11:04 | • Ticket [ab123cfd3d] ValidateFormat(): signed integer overflow status still Open with 3 other changes artifact: e7daa0499a user: apnadkarni | |
| 11:02 | • Ticket [ab123cfd3d]: 3 changes artifact: 7a70a5c4ff user: apnadkarni | |
| 10:39 | • Open ticket [ab123cfd3d]. artifact: 11dc381be8 user: chrstphrchvz | |
| 10:37 | • Add attachment ab123cfd3d02-8.6.diff to ticket [ab123cfd3d] artifact: 208eca8968 user: chrstphrchvz | |
|
2023-05-01
| ||
| 10:39 | • Closed ticket [ab123cfd3d]: ValidateFormat(): signed integer overflow plus 6 other changes artifact: 619b3e737d user: apnadkarni | |
| 10:38 | Fix [ab123cfd3d] - ubsan warning in ValidateFormat check-in: 3da8d2069c user: apnadkarni tags: trunk, main | |
| 06:52 | • Ticket [ab123cfd3d] ValidateFormat(): signed integer overflow status still Open with 3 other changes artifact: 1053bc9742 user: apnadkarni | |
| 06:51 | Fix [ab123cfd3d] - ubsan scan warning. Closed-Leaf check-in: 787712b4c7 user: apnadkarni tags: bug-ab123cfd3d | |
|
2023-04-29
| ||
| 19:21 | • Ticket [ab123cfd3d] ValidateFormat(): signed integer overflow status still Open with 3 other changes artifact: 8943499afd user: chrstphrchvz | |
|
2023-04-27
| ||
| 14:29 | • Ticket [ab123cfd3d]: 3 changes artifact: 7cbc61e3de user: apnadkarni | |
| 07:20 | • Ticket [ab123cfd3d]: 3 changes artifact: dbebd4825d user: chrstphrchvz | |
| 07:16 | • Ticket [ab123cfd3d]: 4 changes artifact: 2adb0fc3d3 user: chrstphrchvz | |
| 04:12 | • New ticket [ab123cfd3d]. artifact: 663475dd46 user: chrstphrchvz | |
| Ticket UUID: | ab123cfd3d02fb1198f18261c9705e09b4797b99 | |||
| Title: | ValidateFormat(): signed integer overflow | |||
| Type: | Bug | Version: | core-8-6-branch | |
| Submitter: | chrstphrchvz | Created on: | 2023-04-27 04:12:21 | |
| Subsystem: | 18. Commands M-Z | Assigned To: | nobody | |
| Priority: | 5 Medium | Severity: | Minor | |
| Status: | Closed | Last Modified: | 2023-05-02 18:22:18 | |
| Resolution: | Fixed | Closed By: | chrstphrchvz | |
| Closed on: | 2023-05-02 18:22:18 | |||
| Description: |
Triggered by scan-13.9 on 9.0. -fsanitize=signed-integer-overflow error for 32-bit long: generic/tclScan.c:321:15: runtime error: signed integer overflow: -2147483648 - 1 cannot be represented in type 'long int' | |||
| User Comments: |
chrstphrchvz added on 2023-05-02 18:22:18:
Be aware that UBSan says to avoid -lubsan; using gcc or clang as the linker with -fsanitize=undefned should be enough. apnadkarni added on 2023-05-02 17:59:22: Fixed in all three branches. Serendipity that one of the other bugs I was looking at affected 8.6 as well. Tested with `../configure CFLAGS="-m32 -fsanitize=signed-integer-overflow" LDFLAGS="-lubsan"` (and patched dltest Makefile) but please test and re-open if issue persists. Thanks for the patch. apnadkarni added on 2023-05-02 11:04:46: (Not saying it's unimportant but my focus is on other areas for the moment) apnadkarni added on 2023-05-02 11:02:56: Fixed the commit message. As for 8.6, 8.7, that would have to wait I'm afraid just as a matter of priority. chrstphrchvz added on 2023-05-02 10:39:56: Reopening because I would still like for this to be fixed in 8.6 and 8.7. See attached patch for core-8-6-branch. (For core-8-branch, [3da8d2069c69] can be applied directly along with copying over scan-13.9. But for 8.6, I am not sure anyone would want to bring back compat/strtoull.c, which was removed in 2007.) I agree that storing the result of strtoul() in a signed int caused several issues, including large arguments being erroneously accepted due to truncation from 64-bit to 32-bit, the comment about value/longval being “guaranteed to be > 0” not being true, and the signed integer overflow and the scan-13.9 crash. To clarify, the overflow is detected by UBSan (UndefinedBehaviorSanitizer) rather than ASan (AddressSanitizer); consider revising the check-in message for [787712b4c733] and [3da8d2069c69]. ASan, like Valgrind, is really only useful with PURIFY defined. I usually configure with both UBSan and ASan enabled, using CFLAGS='-DPURIFY -fsanitize=address -fsanitize=undefined' LDFLAGS='-fsanitize=address' ./configure --enable-symbols … ; I haven’t had to specify -fsanitize=undefined in LDFLAGS so far. I also apply a workaround for [ac874937c5]. I then usually run with ASAN_OPTIONS=allocator_may_return_null=1:detect_leaks=0:malloc_context_size=99. apnadkarni added on 2023-05-01 10:39:11: Fixed in [3da8d2069c]. Verified on Ubuntu 20. apnadkarni added on 2023-05-01 06:52:35: Proposed fix in [bug-ab123cfd3d]. chrstphrchvz added on 2023-04-29 19:21:22: That error sounds like -fsanitize=undefined might need to be added to LDFLAGS. apnadkarni added on 2023-04-27 14:29:12: Fix seems simple but I'd like to reproduce the issue first so I can verify. Could you let me know the configure command for the build? I get a "undefined reference to __ubsan_handle_add_overflow" link error. Sorry, not familiar with address sanitizer. chrstphrchvz added on 2023-04-27 07:16:01: This issue as well as [d4ede611a7a7] are present on 8.6 and 8.7, as revealed by running the contents of scan-13.9 (scan abc {%2147483648$s}): | |||
Attachments:
- ab123cfd3d02-8.6.diff [download] added by chrstphrchvz on 2023-05-02 10:37:50. [details]