[PATCH] libbacktrace: fix UBSAN issues

[PATCH] libbacktrace: fix UBSAN issues

[Martin Liška]

Patch can bootstrap on x86_64-linux-gnu and survives regression tests.

Ready to be installed?
Thanks,
Martin

Fix issues mentioned in the PR.

	PR libbacktrace/103167

libbacktrace/ChangeLog:

	* elf.c (elf_uncompress_lzma_block): Cast to unsigned int.
	(elf_uncompress_lzma): Likewise.
	* xztest.c (test_samples): memcpy only if v > 0.

Co-Authored-By: Andrew Pinski <apinski@marvell.com>
---
  libbacktrace/elf.c    | 8 ++++----
  libbacktrace/xztest.c | 2 +-
  2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/libbacktrace/elf.c b/libbacktrace/elf.c
index 79d56146fc6..e69ac41c88b 100644
--- a/libbacktrace/elf.c
+++ b/libbacktrace/elf.c
@@ -3175,7 +3175,7 @@ elf_uncompress_lzma_block (const unsigned char *compressed,
    stream_crc = (compressed[off]
  		| (compressed[off + 1] << 8)
  		| (compressed[off + 2] << 16)
-		| (compressed[off + 3] << 24));
+		| ((unsigned)(compressed[off + 3]) << 24));
    if (unlikely (computed_crc != stream_crc))
      {
        elf_uncompress_failed ();
@@ -3788,7 +3788,7 @@ elf_uncompress_lzma (struct backtrace_state *state,
    stream_crc = (compressed[8]
  		| (compressed[9] << 8)
  		| (compressed[10] << 16)
-		| (compressed[11] << 24));
+		| ((unsigned)(compressed[11]) << 24));
    if (unlikely (computed_crc != stream_crc))
      {
        elf_uncompress_failed ();
@@ -3832,7 +3832,7 @@ elf_uncompress_lzma (struct backtrace_state *state,
    stream_crc = (compressed[offset - 4]
  		| (compressed[offset - 3] << 8)
  		| (compressed[offset - 2] << 16)
-		| (compressed[offset - 1] << 24));
+		| ((unsigned)(compressed[offset - 1]) << 24));
    if (unlikely (computed_crc != stream_crc))
      {
        elf_uncompress_failed ();
@@ -3891,7 +3891,7 @@ elf_uncompress_lzma (struct backtrace_state *state,
    stream_crc = (compressed[offset]
  		| (compressed[offset + 1] << 8)
  		| (compressed[offset + 2] << 16)
-		| (compressed[offset + 3] << 24));
+		| ((unsigned)(compressed[offset + 3]) << 24));
    if (unlikely (computed_crc != stream_crc))
      {
        elf_uncompress_failed ();
diff --git a/libbacktrace/xztest.c b/libbacktrace/xztest.c
index b2533cb1804..6c60ff50159 100644
--- a/libbacktrace/xztest.c
+++ b/libbacktrace/xztest.c
@@ -172,7 +172,7 @@ test_samples (struct backtrace_state *state)
  		       tests[i].name, uncompressed_len, v);
  	      ++failures;
  	    }
-	  else if (memcmp (tests[i].uncompressed, uncompressed, v) != 0)
+	  else if (v > 0 && memcmp (tests[i].uncompressed, uncompressed, v) != 0)
  	    {
  	      size_t j;
  
-- 
2.33.1

Re: [PATCH] libbacktrace: fix UBSAN issues

[Ian Lance Taylor]

On Thu, Nov 11, 2021 at 7:39 AM Martin Liška <mliska@suse.cz> wrote:
>
> Patch can bootstrap on x86_64-linux-gnu and survives regression tests.
>
> Ready to be installed?
> Thanks,
> Martin
>
> Fix issues mentioned in the PR.
>
>         PR libbacktrace/103167
>
> libbacktrace/ChangeLog:
>
>         * elf.c (elf_uncompress_lzma_block): Cast to unsigned int.
>         (elf_uncompress_lzma): Likewise.
>         * xztest.c (test_samples): memcpy only if v > 0.
>
> Co-Authored-By: Andrew Pinski <apinski@marvell.com>
> ---
>   libbacktrace/elf.c    | 8 ++++----
>   libbacktrace/xztest.c | 2 +-
>   2 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/libbacktrace/elf.c b/libbacktrace/elf.c
> index 79d56146fc6..e69ac41c88b 100644
> --- a/libbacktrace/elf.c
> +++ b/libbacktrace/elf.c
> @@ -3175,7 +3175,7 @@ elf_uncompress_lzma_block (const unsigned char *compressed,
>     stream_crc = (compressed[off]
>                 | (compressed[off + 1] << 8)
>                 | (compressed[off + 2] << 16)
> -               | (compressed[off + 3] << 24));
> +               | ((unsigned)(compressed[off + 3]) << 24));

Thanks, but this kind of thing looks strange and is therefore likely
to break again in the future.  I suggest instead

  stream_crc = ((uint32_t) compressed[off]
                         | ((uint32_t) compressed[off + 1] << 8)
                         | ((uint32_t) compressed[off + 2] << 16)
                         | ((uint32_t) compressed[off + 3] << 24));

Same for the similar cases elsewhere.

Ian

Re: [PATCH] libbacktrace: fix UBSAN issues

[Martin Liška]

On 11/11/21 20:21, Ian Lance Taylor wrote:
> On Thu, Nov 11, 2021 at 7:39 AM Martin Liška <mliska@suse.cz> wrote:
>>
>> Patch can bootstrap on x86_64-linux-gnu and survives regression tests.
>>
>> Ready to be installed?
>> Thanks,
>> Martin
>>
>> Fix issues mentioned in the PR.
>>
>>          PR libbacktrace/103167
>>
>> libbacktrace/ChangeLog:
>>
>>          * elf.c (elf_uncompress_lzma_block): Cast to unsigned int.
>>          (elf_uncompress_lzma): Likewise.
>>          * xztest.c (test_samples): memcpy only if v > 0.
>>
>> Co-Authored-By: Andrew Pinski <apinski@marvell.com>
>> ---
>>    libbacktrace/elf.c    | 8 ++++----
>>    libbacktrace/xztest.c | 2 +-
>>    2 files changed, 5 insertions(+), 5 deletions(-)
>>
>> diff --git a/libbacktrace/elf.c b/libbacktrace/elf.c
>> index 79d56146fc6..e69ac41c88b 100644
>> --- a/libbacktrace/elf.c
>> +++ b/libbacktrace/elf.c
>> @@ -3175,7 +3175,7 @@ elf_uncompress_lzma_block (const unsigned char *compressed,
>>      stream_crc = (compressed[off]
>>                  | (compressed[off + 1] << 8)
>>                  | (compressed[off + 2] << 16)
>> -               | (compressed[off + 3] << 24));
>> +               | ((unsigned)(compressed[off + 3]) << 24));
> 
> Thanks, but this kind of thing looks strange and is therefore likely
> to break again in the future.  I suggest instead
> 
>    stream_crc = ((uint32_t) compressed[off]
>                           | ((uint32_t) compressed[off + 1] << 8)
>                           | ((uint32_t) compressed[off + 2] << 16)
>                           | ((uint32_t) compressed[off + 3] << 24));
> 
> Same for the similar cases elsewhere.

Sure, done and pushed as g:83310a08a2bc52b6e8c3a3e3216b4e723e58c961.

Thanks,
Martin

> 
> Ian
>