clang UBSan fixes #2692
clang UBSan fixes #2692
Conversation
Use memcpy to copy correctly even for unaligned memory. This was already done for some functions here, but not all. Also took the oppurtunity to remove a bunch of seemingly obsolete/commented code.
Just made sure to use unsigned, so that a bit does not get shifted into a sign bit.
|
@WardF @DennisHeimbigner friendly ping... |
|
Taking a look, thanks @seanm ! |
|
@WardF great, thanks. Once these simple fixes are in, I'll create Issues for the remaining tests that fail under UBSan. |
|
Absent the Visual Studio failure, how does it look to you @DennisHeimbigner ? |
|
Where do you see the VS failure? It says "All checks have passed. 98 successful checks" for me... |
|
@seanm Not all of the Visual Studio testing has been automated (unfortunately) at this point; I'm seeing it on my local Windows dev machine. |
Any pointer arithmetic with NULL pointers is technically UB, even if you don't end up dereferencing the pointer.
libdispatch/utf8proc.c
Outdated
There was a problem hiding this comment.
This would probably be better to check for dst being NULL and throwing an error.
libsrc/nc3internal.c
Outdated
There was a problem hiding this comment.
Same comment. It is better to explicitly check for NULL and either throw error
or avoid doing the subsequent code with NULL, which will eventually fail.
There was a problem hiding this comment.
I just want to be sure you understand what this change, and the similar ones, is doing...
int
NC_calcsize(const NC3_INFO *ncp, off_t *calcsizep)
{
NC_var **vpp = (NC_var **)ncp->vars.value;- NC_var *const *const end = &vpp[ncp->vars.nelems];
+ NC_var *const *const end = vpp ? &vpp[ncp->vars.nelems] : NULL;First, all these things were not found by static analysis, but by dynamic analysis. That is to say, all the new checks for NULL are because NULL actually occurs (via an existing test case). So there's no hypotheticals here.
In the above case, vpp can be null. I saw it happen. When it is, end is set to NULL + some small offset. In other words, end is pointing to garbage. Now, this is not soooo bad because the code was already careful to not dereference end when vpp is null. So in some sense there was no bug here!
But UBSan is very pedantic. There mere act of creating a pointer to garbage, even if you don't dereference it, is undefined behaviour. So these changes just avoid making such a pointer, and using NULL instead. As before, the pointer that was garbage (and is now NULL) is still not dereferenced.
libsrc/ncx.m4
Outdated
There was a problem hiding this comment.
What makes you think the data is not aligned?
There was a problem hiding this comment.
I observed it at runtime. (UBSan is dynamic analysis.)
|
I made a few comments then stopped because they are repetitive. |
|
BTW you have identified some potential bugs; thank you for that. |
I am certainly open to better solutions. I don't know the NetCDF codebase. I only use it via other libraries in fact. I am trying to get all my unit tests passing under UBSan, and the only issues left are all in 3rd party open source libraries. So concretely, sticking with |
I think this is the right expression
Change null dst handling
Handle buffer == NULL
Handle null app case
Handle null case
catch error case
throw error
catch error
catch error
catch error
|
@DennisHeimbigner friendly ping... can I help move this along? |
|
Rerunning checks and refreshing myself on this so that I can help move it along. |
|
@WardF @DennisHeimbigner friendly re-ping... It seems you didn't like my solution, started adding other commits here, but not sure where we are now... (I'd really love to see these solved, they are blocking my work fixing UBSan issues in other projects that use NetCDF, because so much of what remains in them is due to these.) |
|
I modified some of the proposed fixed to be consistent with our coding style. It is just that there are a lot of them to fix. |
|
Fixed conflict, waiting for tests to finish before approving & merging. |
|
@WardF I've tried to review your changes, but it's confusing with my commits still there, then commits changing something, then more commits changing the same lines. Are you going to squash and rebase? I think that would make review easier... |
|
@WardF it's been 5 months now, is there anything I can do to help move this along? Maybe I could split this into smaller PRs and try to follow your preferred style more closely? |
|
Thanks for the ping; pushed an empty commit to re-run the tests. |
This fixes almost all UBSan warnings emitted when running NetCDF's own unit tests, and all such warnings running VTK's unit tests.