[Bug libbacktrace/103167] New: UBSAN error since g:05f40bc4c116ba48843728201bc7290a5e518598

[Bug libbacktrace/103167] New: UBSAN error since g:05f40bc4c116ba48843728201bc7290a5e518598

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103167

            Bug ID: 103167
           Summary: UBSAN error since
                    g:05f40bc4c116ba48843728201bc7290a5e518598
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libbacktrace
          Assignee: unassigned at gcc dot gnu.org
          Reporter: marxin at gcc dot gnu.org
                CC: ian at gcc dot gnu.org
            Blocks: 63426
  Target Milestone: ---

Originally reported here:
https://sourceware.org/bugzilla/show_bug.cgi?id=28569

```
UBSAN error: /home/mliska/Programming/binutils-gdb/libbacktrace/elf.c:3835:29: 
The following fails when I build binutils with:
configure --build=x86_64-linux --disable-gdb --disable-gdbserver
--enable-obsolete --target=aarch64-elf CFLAGS="-g -O2
-fsanitize=address,undefined -Wno-error" CXXLAGS="-g -O2
-fsanitize=address,undefined -Wno-error" LDFLAGS="-ldl"
Target: aarch64-elf
FAIL: symver symver14
Executing on host: sh -c {../as-new  
/home/mliska/Programming/binutils-gdb/gas/testsuite/gas/symver/symver15.s 2>&1}
 /dev/null dump.out (timeout = 300)
/home/mliska/Programming/binutils-gdb/libbacktrace/elf.c:3835:29: runtime
error: left shift of 251 by 24 places cannot be represented in type 'int'

```


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63426
[Bug 63426] [meta-bug] Issues found with -fsanitize=undefined

[Bug libbacktrace/103167] UBSAN error since g:05f40bc4c116ba48843728201bc7290a5e518598

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103167

Martin Liška <marxin at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2021-11-10
             Status|UNCONFIRMED                 |NEW

--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
And one more related ASAN error related to the same revision:

UBSAN error:
/home/mliska/Programming/binutils-gdb/libbacktrace/xztest.c:175:13: 
The following fails when I build binutils with:
configure --build=x86_64-linux --disable-gdb --disable-gdbserver
--enable-obsolete --target=aarch64-elf CFLAGS="-g -O2
-fsanitize=address,undefined -Wno-error" CXXLAGS="-g -O2
-fsanitize=address,undefined -Wno-error" LDFLAGS="-ldl"
Target: aarch64-elf
FAIL: symver symver14
Executing on host: sh -c {../as-new  
/home/mliska/Programming/binutils-gdb/gas/testsuite/gas/symver/symver15.s 2>&1}
 /dev/null dump.out (timeout = 300)
/home/mliska/Programming/binutils-gdb/libbacktrace/xztest.c:175:13: runtime
error: null pointer passed as argument 2, which is declared to never be null

[Bug libbacktrace/103167] UBSAN error since g:05f40bc4c116ba48843728201bc7290a5e518598

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103167

--- Comment #2 from Martin Liška <marxin at gcc dot gnu.org> ---
> And one more related ASAN error related to the same revision:

This one is also UBSAN error.

[Bug libbacktrace/103167] UBSAN error since g:05f40bc4c116ba48843728201bc7290a5e518598

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103167

--- Comment #3 from Martin Liška <marxin at gcc dot gnu.org> ---
And the last one I see:

UBSAN error: /home/mliska/Programming/binutils-gdb/libbacktrace/elf.c:3178:26: 
The following fails when I build binutils with:
configure --build=x86_64-linux --disable-gdb --disable-gdbserver
--enable-obsolete --target=aarch64-elf CFLAGS="-g -O2
-fsanitize=address,undefined -Wno-error" CXXLAGS="-g -O2
-fsanitize=address,undefined -Wno-error" LDFLAGS="-ldl"
Target: aarch64-elf
FAIL: symver symver14
Executing on host: sh -c {../as-new  
/home/mliska/Programming/binutils-gdb/gas/testsuite/gas/symver/symver15.s 2>&1}
 /dev/null dump.out (timeout = 300)
/home/mliska/Programming/binutils-gdb/libbacktrace/elf.c:3178:26: runtime
error: left shift of 163 by 24 places cannot be represented in type 'int'

[Bug libbacktrace/103167] UBSAN error since g:05f40bc4c116ba48843728201bc7290a5e518598

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103167

--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Martin Liška from comment #3)
> /home/mliska/Programming/binutils-gdb/libbacktrace/elf.c:3178:26: runtime
> error: left shift of 163 by 24 places cannot be represented in type 'int'

diff --git a/libbacktrace/elf.c b/libbacktrace/elf.c
index 79d56146fc6..2cb25883975 100644
--- a/libbacktrace/elf.c
+++ b/libbacktrace/elf.c
@@ -3175,7 +3175,7 @@ elf_uncompress_lzma_block (const unsigned char
*compressed,
   stream_crc = (compressed[off]
                | (compressed[off + 1] << 8)
                | (compressed[off + 2] << 16)
-               | (compressed[off + 3] << 24));
+               | (((unsigned)compressed[off + 3]) << 24));
   if (unlikely (computed_crc != stream_crc))
     {
       elf_uncompress_failed ();


There is a few more in that file which are similar and needs the same.

[Bug libbacktrace/103167] UBSAN error since g:05f40bc4c116ba48843728201bc7290a5e518598

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103167

--- Comment #5 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Martin Liška from comment #1)
> /home/mliska/Programming/binutils-gdb/libbacktrace/xztest.c:175:13: runtime
> error: null pointer passed as argument 2, which is declared to never be null

diff --git a/libbacktrace/xztest.c b/libbacktrace/xztest.c
index b2533cb1804..a42bc59efd8 100644
--- a/libbacktrace/xztest.c
+++ b/libbacktrace/xztest.c
@@ -172,7 +172,7 @@ test_samples (struct backtrace_state *state)
                       tests[i].name, uncompressed_len, v);
              ++failures;
            }
-         else if (memcmp (tests[i].uncompressed, uncompressed, v) != 0)
+         else if (v && memcmp (tests[i].uncompressed, uncompressed, v) != 0)
            {
              size_t j;

[Bug libbacktrace/103167] UBSAN error since g:05f40bc4c116ba48843728201bc7290a5e518598

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103167

--- Comment #6 from Martin Liška <marxin at gcc dot gnu.org> ---
Andrew, are you planning sending a patch candidate for this, please?

[Bug libbacktrace/103167] UBSAN error since g:05f40bc4c116ba48843728201bc7290a5e518598

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103167

--- Comment #7 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Martin Liška from comment #6)
> Andrew, are you planning sending a patch candidate for this, please?

I doubt it, I have so many other things on my plate right now.

[Bug libbacktrace/103167] UBSAN error since g:05f40bc4c116ba48843728201bc7290a5e518598

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103167

Martin Liška <marxin at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
           Assignee|unassigned at gcc dot gnu.org      |marxin at gcc dot gnu.org

--- Comment #8 from Martin Liška <marxin at gcc dot gnu.org> ---
(In reply to Andrew Pinski from comment #7)
> (In reply to Martin Liška from comment #6)
> > Andrew, are you planning sending a patch candidate for this, please?
> 
> I doubt it, I have so many other things on my plate right now.

All right, lemme finish the patch.

[Bug libbacktrace/103167] UBSAN error since g:05f40bc4c116ba48843728201bc7290a5e518598

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103167

Martin Liška <marxin at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |12.0

[Bug libbacktrace/103167] UBSAN error since g:05f40bc4c116ba48843728201bc7290a5e518598

[cvs-commit at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103167

--- Comment #9 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Martin Liska <marxin@gcc.gnu.org>:

https://gcc.gnu.org/g:83310a08a2bc52b6e8c3a3e3216b4e723e58c961

commit r12-5197-g83310a08a2bc52b6e8c3a3e3216b4e723e58c961
Author: Martin Liska <mliska@suse.cz>
Date:   Fri Nov 12 14:50:57 2021 +0100

    libbacktrace: fix UBSAN issues

    Fix issues mentioned in the PR.

            PR libbacktrace/103167

    libbacktrace/ChangeLog:

            * elf.c (elf_uncompress_lzma_block): Cast to unsigned int.
            (elf_uncompress_lzma): Likewise.
            * xztest.c (test_samples): memcpy only if v > 0.

[Bug libbacktrace/103167] UBSAN error since g:05f40bc4c116ba48843728201bc7290a5e518598

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103167

Martin Liška <marxin at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #10 from Martin Liška <marxin at gcc dot gnu.org> ---
Fixed.