Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running jqtest triggers UBSAN errors #2968

Closed
emanuele6 opened this issue Dec 9, 2023 · 1 comment
Closed

Running jqtest triggers UBSAN errors #2968

emanuele6 opened this issue Dec 9, 2023 · 1 comment
Labels
bug ieee754
Milestone
1.7.1 release

Comments

@emanuele6
Copy link
Member

I was running jqtest while I had an UBSAN build, and I noticed this:

  1. Build jq with UBSAN; e.g. 
    $ make clean
$ ./configure --enable-maintainer-mode --enable-ubsan --enable-asan
$ make -j
  2. Run jqtest (disable valgrind to make it run quicker, and make it work with ASAN): 
    $ NO_VALGRIND=1 tests/jqtest
[...]
Test #116: '1 / 1e-17' at line number 555
Test #117: '9E999999999, 9999999999E999999990, 1E-999999999, 0.000000001E-999999990' at line number 559
Test #118: '5E500000000 > 5E-5000000000, 10000E500000000 > 10000E-5000000000' at line number 566
Test #119: '(1e999999999, 10e999999999) > (1e-1147483646, 0.1e-1147483646)' at line number 572
src/decNumber/decNumber.c:6257:28: runtime error: signed integer overflow: 2147483645 + 3 can not be represented in type 'int'
src/decNumber/decNumber.c:6257:28: runtime error: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Test #120: '25 % 7' at line number 579
Test #121: '49732 % 472' at line number 583
[...]
@emanuele6 emanuele6 added this to the 1.8 release milestone Dec 11, 2023
@emanuele6
Copy link
Member Author

I bisected the bug.
It was introduced by 680baef (#2804)

@emanuele6 emanuele6 modified the milestones: 1.8 release, 1.7.1 release Dec 13, 2023
emanuele6 added a commit that referenced this issue Dec 13, 2023
@emanuele6
Merge pull request from GHSA-7hmr-442f-qc8j
c9a5156 
The unit allocated for decNumberCompare was accidentally removed by
commit 680baef (PR #2804)

This caused a stack overflow when comparing a nan with a payload of 1000
or more.

This bug was found by OSS-fuzz.
Ref: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64771
Fixes GHSA-7hmr-442f-qc8j

It also fixes 1e999999999 > 1e-1147483646   triggering UBSAN errors
Fixes #2968
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug ieee754
Projects
None yet
Milestone
1.7.1 release
Development

No branches or pull requests
1 participant
@emanuele6