[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] ASAN/UBSAN issues
From: |
Thomas Dickey |
Subject: |
Re: [Lynx-dev] ASAN/UBSAN issues |
Date: |
Mon, 15 Jan 2024 14:15:56 -0500 |
On Mon, Jan 15, 2024 at 12:25:33PM +0100, Gisle Vanem via Lynx-dev wrote:
> I found some ASAN+UBSAN issues after building the
> latest GitHub snapshot [1] of Lynx on Windows.
>
> I used 'clang-cl -fsanitize=address -fsanitize-recover=address
> -fsanitize=undefined'
>
> First the ASAN issue:
> src/GridText.c:915:12: runtime error: applying zero offset to null pointer
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
> src/GridText.c:915:12
>
> Fixed by:
> --- a/src/GridText.c 2023-02-18 11:10:31
> +++ b/src/GridText.c 2023-06-30 10:08:49
> @@ -912,6 +912,7 @@
> result = a->lites.hl_info[count - 1].hl_text;
> else
> result = a->lites.hl_base.hl_text;
> + if (result)
> result += LYAdjHiTextPos(a, count);
> return result;
>
> then this UBSAN ("Undefined Behavior Sanitizer") issue:
>
> src/LYMainLoop.c:6809:27: runtime error: index -1 out of bounds for type
> 'LinkInfo[1024]'
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
> src/LYMainLoop.c:6809:27 in
> =================================================================
> ==12236==ERROR: AddressSanitizer: global-buffer-overflow on address
> 0x7ff774780160 at
> pc 0x7ffc6cc271bb bp 0x005d7ab3d200 sp 0x005d7ab3c990
> READ of size 96 at 0x7ff774780160 thread T0
> #0 0x7ffc6cc271ba in __asan_memcpy
> D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\lib\asan\asan_interceptors_memintrinsics.cpp:22
> #1 0x7ff77371e477 in mainloop
> F:\MinGW32\src\inet\Web\Lynx\src\LYMainLoop.c:6809
> #2 0x7ff77370d88c in main F:\MinGW32\src\inet\Web\Lynx\src\LYMain.c:2276
> #3 0x7ff773e23c67 in invoke_main
> D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:78
> #4 0x7ff773e23c67 in __scrt_common_main_seh
> D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
> #5 0x7ffcd7fe7613 (C:\Windows\System32\KERNEL32.DLL+0x180017613)
> #6 0x7ffcd88026f0 (C:\Windows\SYSTEM32\ntdll.dll+0x1800526f0)
>
> Fixed by:
> --- a/src/LYMainLoop.c 2023-02-18 11:10:31
> +++ b/src/LYMainLoop.c 2023-06-30 10:14:17
> @@ -6774,7 +6774,7 @@
> * If help is not on the screen, then put a message on the screen to
> * tell the user other misc info.
> */
> - if (!show_help) {
> + if (!show_help && curdoc.link >= 0) {
> show_main_statusline(links[curdoc.link],
> ((curlink_is_editable &&
> textinput_activated)
> ----------------
>
> (the line-numbers count be off since I've made other
> unrelated patches locally).
>
> I was sure I've posted this before somewhere. Apparently not.
I seem to recall something mentioning clang on Windows,
but don't see it offhand in the mail archive.
The last I see from you with a patch was in dev.11
(these fixes look ok, and I happen to be working on Lynx this week).
> So I was thinking of creating an issue for this on Github, but
> there's no 'issue page' there! Why not Tom?
Bug reports have "always" gone to the mailing list.
When I'm working on Lynx, I use that information.
Few bug reports provide patches,
whether or not a bug-reporting system is used.
> [1] https://github.com/ThomasDickey/lynx-snapshots.git
https://invisible-island.net/lynx/lynx-develop.html
https://invisible-island.net/personal/git-exports.html
--
Thomas E. Dickey <dickey@invisible-island.net>
https://invisible-island.net
signature.asc
Description: PGP signature