Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flexible-array hack: Out of bounds issues in hb-open-type.hh #2953

Closed
qarmin opened this issue Apr 16, 2021 · 9 comments
Closed

Flexible-array hack: Out of bounds issues in hb-open-type.hh #2953

qarmin opened this issue Apr 16, 2021 · 9 comments

Comments

@qarmin
Copy link

qarmin commented Apr 16, 2021

When compiling Godot with ubsan sanitizer, then I got this errors

thirdparty/harfbuzz/src/hb-open-type.hh:584:18: runtime error: index 13 out of bounds for type 'TableRecord [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:584:18: runtime error: index 13 out of bounds for type 'TableRecord [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'Record [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'Record [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'Record [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'Record [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:722:29: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:722:29: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'MarkRecord [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'MarkRecord [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:427:28: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:584:18: runtime error: index 2 out of bounds for type 'RangeRecord [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:584:18: runtime error: index 2 out of bounds for type 'RangeRecord [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'Record [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'Record [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'EntryExitRecord [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'EntryExitRecord [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:427:28: runtime error: index 2 out of bounds for type 'IntType [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:584:18: runtime error: index 2 out of bounds for type 'Record [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:584:18: runtime error: index 2 out of bounds for type 'Record [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:584:18: runtime error: index 3 out of bounds for type 'Record [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:584:18: runtime error: index 3 out of bounds for type 'Record [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:584:18: runtime error: index 2 out of bounds for type 'Index [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:584:18: runtime error: index 2 out of bounds for type 'Index [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:584:18: runtime error: index 9 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:584:18: runtime error: index 9 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:584:18: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:584:18: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'
thirdparty/harfbuzz/src/hb-open-type.hh:672:11: runtime error: index 2 out of bounds for type 'OffsetTo [1]'

This errors points at this lines(Godot use 1 month old library lines are not exactly same)

harfbuzz/src/hb-open-type.hh

Line 595 in a4fb5da

return arrayZ[i];

@behdad
Copy link
Member

behdad commented Apr 16, 2021

The short answer is that C++ does not have a way to specify flexible arrays. GCC / clang allow T array[] and MSVC does as well, but trying to use them I have faced spurious compiler errors.

I've been tracking it in #2067
Unfortunately the Mozilla bug that refers to is currently closed to the public. I've asked it to be opened.

We might be able to fix this for common compilers soon. I need to sit down and finish it.

@behdad
Copy link
Member

behdad commented Apr 16, 2021

We do run ubsan in our CI, but I don't see how we are disabling this particular check.

@behdad
Copy link
Member

behdad commented Apr 16, 2021

Actually #2067 is different issue, that I'm fixing now.

I'll retitle this issue.

@behdad behdad changed the title Out of bounds issues in hb-open-type.hh Flexible-array hack: Out of bounds issues in hb-open-type.hh Apr 16, 2021
@behdad
Copy link
Member

behdad commented Apr 16, 2021
edited

I just filed clang and gcc issues that prevents us from using the flexible-array extension:

https://bugs.llvm.org/show_bug.cgi?id=50005
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100124

@behdad
Copy link
Member

behdad commented Apr 16, 2021

You can experiment by changing the definition of HB_VAR_ARRAY from its current value (1), to 0, and to empty ``. The empty one is desired, but both gcc and clang have problems with the way we want to use. Using 0 gcc gives me warnings, but otherwise both gcc and clang seem to compile and tests pass fine.

I remember MSVC had another issue. We can submit a PR to test that.

@behdad
Copy link
Member

behdad commented Apr 18, 2021

Based on feedback from the g++ bug, it's unlikely that we can use flexible-arrays.

I agree with suggestions there that the Struct Hack (ie T array[1] or T array[0]) at end of struct be recognized.

@behdad
Copy link
Member

behdad commented Apr 20, 2021

Is this ubsan run with clang or gcc?

@qarmin
Copy link
Author

qarmin commented Apr 20, 2021

Gcc

gcc (Ubuntu 10.2.0-5ubuntu1~20.04) 10.2.0

I added almost all available flags to it

-fsanitize=shift,shift-exponent,integer-divide-by-zero,unreachable,vla-bound,null,return,signed-integer-overflow,bounds,float-divide-by-zero,float-cast-overflow,nonnull-attribute,returns-nonnull-attribute,bool,enum,vptr

@behdad
Copy link
Member

behdad commented Jun 24, 2022

I don't think there's anything we can do here.

@behdad behdad closed this as completed Jun 24, 2022
@qarmin qarmin mentioned this issue Oct 31, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@behdad @qarmin