UBsan unsigned overflow reports [informational] #139
Comments
|
The configure options to produce this (note that optimizations must be OFF and these options cause the program to keep running after overflow is detected): CFLAGS="-g -fno-omit-frame-pointer -fsanitize=integer" LDFLAGS="-fsanitize=integer" CC=clang configure --disable-shared --enable-static "make check" is unlike to detect all instances because it does not test wide PNG images (for reasons of time). |
|
Here's the list by file and line (i.e. not including the actual values): ontrib/libtests/pngunknown.c:481:19 |
|
These were all easy to fix except for the ones in pngvalid.c; something Glenn On Fri, Sep 30, 2016 at 5:56 PM, John Bowler notifications@github.com
|
|
Eh, they are all really to fix. I've got a pull request pending but John On Fri, Sep 30, 2016 at 6:49 PM, Glenn Randers-Pehrson <
John Bowler john.cunningham.bowler@gmail.com |
|
Conflict is on pngtrans.c because I added some macros on the assumption John On Fri, Sep 30, 2016 at 6:55 PM, John Bowler <
John Bowler john.cunningham.bowler@gmail.com |
|
Incidentally, I should be able to run libpng tests on Windows PDQ; this I've been having bad bad nightmarish experiences with an older HP John On Fri, Sep 30, 2016 at 6:57 PM, John Bowler <
John Bowler john.cunningham.bowler@gmail.com |
|
Yowza; ich bin updating... If you don't hear back from me in a few minutes
surface pro 4 tablets are a PoS.
John
|
|
Unfortunately if fails to build with clang++
More investigation required.
My ISP is only giving me 1 minute in every 4, so this may take some time.
John
|
|
Looks like the problems are other pieces of undefined behavior, they
look genuine; callbacks with the incorrect prototype. It may be C++
specific.
John
|
clang 3.8.1 with -fsanitize=unsigned-integer-overflow identifies the following 21 cases where overflow happens with libpng 1.6.26beta02. This includes 10 cases in libpng itself which could be serious bugs if ISO-C did not define the behavior of unsigned overflow. This is informational: ISO-C defines unsigned overflow completely and in the libpng cases there are two reasons:
while (i-- > 0)
Where 'i' is unsigned is illegal in a language where unsigned overflow (underflow in this case) is not permitted. There are six cases of things like this.
Modular arithmetic: only one instance is detected by 'make check', but it probably happens in other cases as well.
As well as the list below the 107 separate reports are in a fill I will attach.
contrib/libtests/pngunknown.c:481:19: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'png_uint_32' (aka 'unsigned int')
contrib/libtests/pngvalid.c:11275:20: runtime error: unsigned integer overflow: 1008250423 * 8 cannot be represented in type 'unsigned int'
contrib/libtests/pngvalid.c:11276:20: runtime error: unsigned integer overflow: 1008250423 * 8 cannot be represented in type 'unsigned int'
contrib/libtests/pngvalid.c:11277:20: runtime error: unsigned integer overflow: 1008250423 * 8 cannot be represented in type 'unsigned int'
contrib/libtests/pngvalid.c:11278:20: runtime error: unsigned integer overflow: 1143599688 * 4 cannot be represented in type 'unsigned int'
contrib/libtests/pngvalid.c:11279:20: runtime error: unsigned integer overflow: 1143599688 * 4 cannot be represented in type 'unsigned int'
contrib/libtests/pngvalid.c:11294:20: runtime error: unsigned integer overflow: 1008250423 * 8 cannot be represented in type 'unsigned int'
contrib/libtests/pngvalid.c:11295:20: runtime error: unsigned integer overflow: 1008250423 * 8 cannot be represented in type 'unsigned int'
contrib/libtests/pngvalid.c:11296:20: runtime error: unsigned integer overflow: 1143599688 * 4 cannot be represented in type 'unsigned int'
contrib/libtests/pngvalid.c:11297:20: runtime error: unsigned integer overflow: 1143599688 * 4 cannot be represented in type 'unsigned int'
contrib/libtests/pngvalid.c:1245:18: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'png_uint_32' (aka 'unsigned int')
pngread.c:3234:18: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'png_uint_32' (aka 'unsigned int')
pngread.c:4067:18: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'png_uint_32' (aka 'unsigned int')
pngtrans.c:696:45: runtime error: unsigned integer overflow: 4294967288 * 128 cannot be represented in type 'unsigned int'
pngtrans.c:696:45: runtime error: unsigned integer overflow: 4294967288 * 256 cannot be represented in type 'unsigned int'
pngtrans.c:696:45: runtime error: unsigned integer overflow: 4294967288 * 2 cannot be represented in type 'unsigned int'
pngtrans.c:696:45: runtime error: unsigned integer overflow: 4294967288 * 32 cannot be represented in type 'unsigned int'
pngwrite.c:1557:12: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'png_uint_32' (aka 'unsigned int')
pngwrite.c:1708:15: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'png_uint_32' (aka 'unsigned int')
pngwrite.c:1749:15: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'png_uint_32' (aka 'unsigned int')
pngwrite.c:2139:15: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'png_uint_32' (aka 'unsigned int')
The text was updated successfully, but these errors were encountered: