[pcre-dev] [Bug 2380] New: PCRE 8.43 and Undefined Behavior …

Top Page
Delete this message
Author: admin
Date:  
To: pcre-dev
New-Topics: [pcre-dev] [Bug 2380] PCRE 8.43 and Undefined Behavior sanitizer findings, [pcre-dev] [Bug 2380] PCRE 8.43 and Undefined Behavior sanitizer findings
Subject: [pcre-dev] [Bug 2380] New: PCRE 8.43 and Undefined Behavior sanitizer findings
https://bugs.exim.org/show_bug.cgi?id=2380

            Bug ID: 2380
           Summary: PCRE 8.43 and Undefined Behavior sanitizer findings
           Product: PCRE
           Version: 8.43
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Code
          Assignee: ph10@???
          Reporter: noloader@???
                CC: pcre-dev@???


I used CFLAGS="-DNDEBUG -g2 -O1 -fsanitize=undefined". I built the library,
then ran a 'make test V=1'. The output presented to the user looks OK. However,
it looks like UBsan found some undefined behavior:


pcre-8.43$ grep -IR 'runtime error'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcre_jit_compile.c:8510:96: runtime error: left shift of negative
value -1
RunTest.log:pcre_jit_compile.c:3941:15: runtime error: left shift of 197 by 24
places cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcre_compile.c:8683:48: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcre_compile.c:8070:45: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcre_compile.c:8683:48: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcre_compile.c:8070:45: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:4448:17: runtime error: null pointer passed as argument
1, which is declared to never be null
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcre_jit_compile.c:8510:96: runtime error: left shift of negative
value -2
RunTest.log:pcre_compile.c:8683:48: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcre_compile.c:8070:45: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcre_jit_compile.c:3941:15: runtime error: left shift of 255 by 24
places cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcre_jit_compile.c:3941:15: runtime error: left shift of 201 by 24
places cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
pcretest.c:/* Textual explanations for runtime error codes */
pcre_jit_test.log:........................pcre_jit_compile.c:3941:15: runtime
error: left shift of 255 by 24 places cannot be represented in type 'int'
pcre_jit_test.log:...................................................pcre_jit_compile.c:8510:96:
runtime error: left shift of negative value -1


"left shift of 1 by 31" is a common finding. It can usually be cleared with '1U
<< 31'. Some of the others, like pcre_jit_compile.c:3941, will need to be
analyzed. Often it is a matter of switching to unsigned types.

Be careful of these in the long run. The compiler is free to drop the code. My
personal experience is, little findings like these are the cause of obscure
failures, like self test failures on 32-bit MIPS with GCC 4.5-4.7 (other
platforms will be OK).

--
You are receiving this mail because:
You are on the CC list for the bug.