--- Begin Message ---
Subject: |
build fails on make-prime-list when asan is enabled |
Date: |
Thu, 05 Feb 2015 18:21:06 +0300 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 |
Hello!
We tried to build coreutils with address sanitizer enabled and
encountered an error:
GEN src/primes.h
==12657== ERROR: AddressSanitizer: heap-buffer-overflow
This can be reproduced on git master using gcc-4.8 or gcc-4.9 by
git clone
export CFLAGS="-fsanitize=address"
./bootstrap
./configure
make
and is caused by line
src/make-prime-list.c:214: while (i < size && sieve[++i] == 0)
When 'i' reaches 'size-1' it gets incremented and then
(unallocated)memory is accessed.
I attached patch that can fix this issue.
--
BR,
Yury Usishchev
asan_prime_fix.diff
Description: Text Data
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#19784: build fails on make-prime-list when asan is enabled |
Date: |
Thu, 05 Feb 2015 18:06:34 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 |
On 05/02/15 15:21, Yury Usishchev wrote:
> Hello!
>
> We tried to build coreutils with address sanitizer enabled and
> encountered an error:
>
> GEN src/primes.h
> ==12657== ERROR: AddressSanitizer: heap-buffer-overflow
>
> This can be reproduced on git master using gcc-4.8 or gcc-4.9 by
> git clone
> export CFLAGS="-fsanitize=address"
> ./bootstrap
> ./configure
> make
>
> and is caused by line
> src/make-prime-list.c:214: while (i < size && sieve[++i] == 0)
>
> When 'i' reaches 'size-1' it gets incremented and then
> (unallocated)memory is accessed.
>
> I attached patch that can fix this issue.
Oh nice one. That was not rerun when I ran my checks.
The released tools (still) pass with -fsanitize=address.
How about this fix instead? I'll push in your name if
you're ok with it.
diff --git a/src/make-prime-list.c b/src/make-prime-list.c
index 68c972a..69b91e8 100644
--- a/src/make-prime-list.c
+++ b/src/make-prime-list.c
@@ -211,7 +211,7 @@ main (int argc, char **argv)
for (j = (p*p - 3)/2; j < size; j+= p)
sieve[j] = 0;
- while (i < size && sieve[++i] == 0)
+ while (++i < size && sieve[i] == 0)
;
}
--- End Message ---