coreutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: -fsanitize=undefined errors

From: Jim Meyering
Subject: Re: -fsanitize=undefined errors
Date: Wed, 3 Dec 2014 13:40:24 -0800 
On Wed, Dec 3, 2014 at 1:20 PM, Pádraig Brady <address@hidden> wrote:
> On 03/12/14 18:18, Eric Blake wrote:
>> [adding the public list]
>>
>> On 12/03/2014 10:49 AM, Dingbao Xie wrote:
>>> Dear coreutils maintainer,
>>> I'm a visiting phd student at UC davis and currently works
>>> on a project aiming to detect undefined behaviors.
>>> clang has a sanitizer called ubsan which can identify certain
>>> undefined behaviors at runtime. I tried to do experiment on coreutils
>>> and found a shift out of bounds in a c file.
>>> Below is the detail information:
>>>
>>> xdb@xie:$ ./arch _<<<\x00
>>> ../../lib/quotearg.c:554:45: runtime error: left shift of 1 by 31 places
>>> cannot be represented in type 'int'
>>> ./arch: extra operand `_'
>>> Try `./arch --help' for more information
>>>
>>>
>>> Could you please confirm that whether it is a serious problem or not?
>>> BTW, I built coreutil-6.11 with clang (-fsanitize=undefined).
>>
>> Thanks for the report.  This issue has already been fixed upstream;
>> http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=831b84, and is
>> already in newer versions of coreutils.  You would be much better off
>> doing your testing on the latest coreutils.git instead of old versions.
>
> On a related note I just noticed a false positive -fsanitize=undefined
> failure with gcc 4.9.2 which the attached should avoid.
> An alternative to the attached approach might be to avoid unaligned
> accesses altogether by getting readisaac() to memcpy only unaligned slop?

Thanks for addressing that.
Regarding the patch,

+/* If we can make unaligned accesses then don't have
+   -fsanitize=undefined warn about it.  */
+#undef ATTRIBUTE_NO_WARN_SANITIZE_UNDEFINED
+#if !_STRING_ARCH_unaligned ||__GNUC__ < 4 \
+    ||(__GNUC__ == 4 && __GNUC_MINOR__ < 9)
+# define ATTRIBUTE_NO_WARN_SANITIZE_UNDEFINED /* empty */
+#else
+# define ATTRIBUTE_NO_WARN_SANITIZE_UNDEFINED __attribute__ \
+  ((__no_sanitize_undefined__))
+#endif

Please put a space after each "||" operator.
Also, it's more readable to put the __attribute__ keyword on the
same line as it's ((...)) arguments:

  # define ATTRIBUTE_NO_WARN_SANITIZE_UNDEFINED \
    __attribute__ ((__no_sanitize_undefined__))
reply via email to
[Prev in Thread] Current Thread [Next in Thread]