-
Notifications
You must be signed in to change notification settings - Fork 599
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UBsan unsigned overflow reports [informational] #139
Comments
The configure options to produce this (note that optimizations must be OFF and these options cause the program to keep running after overflow is detected): CFLAGS="-g -fno-omit-frame-pointer -fsanitize=integer" LDFLAGS="-fsanitize=integer" CC=clang configure --disable-shared --enable-static "make check" is unlike to detect all instances because it does not test wide PNG images (for reasons of time). |
Here's the list by file and line (i.e. not including the actual values): ontrib/libtests/pngunknown.c:481:19 |
These were all easy to fix except for the ones in pngvalid.c; something Glenn On Fri, Sep 30, 2016 at 5:56 PM, John Bowler notifications@github.com
|
Eh, they are all really to fix. I've got a pull request pending but John On Fri, Sep 30, 2016 at 6:49 PM, Glenn Randers-Pehrson <
John Bowler john.cunningham.bowler@gmail.com |
Conflict is on pngtrans.c because I added some macros on the assumption John On Fri, Sep 30, 2016 at 6:55 PM, John Bowler <
John Bowler john.cunningham.bowler@gmail.com |
Incidentally, I should be able to run libpng tests on Windows PDQ; this I've been having bad bad nightmarish experiences with an older HP John On Fri, Sep 30, 2016 at 6:57 PM, John Bowler <
John Bowler john.cunningham.bowler@gmail.com |
Yowza; ich bin updating... If you don't hear back from me in a few minutes
surface pro 4 tablets are a PoS.
John
|
Unfortunately if fails to build with clang++
More investigation required.
My ISP is only giving me 1 minute in every 4, so this may take some time.
John
|
Looks like the problems are other pieces of undefined behavior, they
look genuine; callbacks with the incorrect prototype. It may be C++
specific.
John
|
clang 3.8.1 with -fsanitize=unsigned-integer-overflow identifies the following 21 cases where overflow happens with libpng 1.6.26beta02. This includes 10 cases in libpng itself which could be serious bugs if ISO-C did not define the behavior of unsigned overflow. This is informational: ISO-C defines unsigned overflow completely and in the libpng cases there are two reasons:
while (i-- > 0)
Where 'i' is unsigned is illegal in a language where unsigned overflow (underflow in this case) is not permitted. There are six cases of things like this.
Modular arithmetic: only one instance is detected by 'make check', but it probably happens in other cases as well.
As well as the list below the 107 separate reports are in a fill I will attach.
contrib/libtests/pngunknown.c:481:19: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'png_uint_32' (aka 'unsigned int')
contrib/libtests/pngvalid.c:11275:20: runtime error: unsigned integer overflow: 1008250423 * 8 cannot be represented in type 'unsigned int'
contrib/libtests/pngvalid.c:11276:20: runtime error: unsigned integer overflow: 1008250423 * 8 cannot be represented in type 'unsigned int'
contrib/libtests/pngvalid.c:11277:20: runtime error: unsigned integer overflow: 1008250423 * 8 cannot be represented in type 'unsigned int'
contrib/libtests/pngvalid.c:11278:20: runtime error: unsigned integer overflow: 1143599688 * 4 cannot be represented in type 'unsigned int'
contrib/libtests/pngvalid.c:11279:20: runtime error: unsigned integer overflow: 1143599688 * 4 cannot be represented in type 'unsigned int'
contrib/libtests/pngvalid.c:11294:20: runtime error: unsigned integer overflow: 1008250423 * 8 cannot be represented in type 'unsigned int'
contrib/libtests/pngvalid.c:11295:20: runtime error: unsigned integer overflow: 1008250423 * 8 cannot be represented in type 'unsigned int'
contrib/libtests/pngvalid.c:11296:20: runtime error: unsigned integer overflow: 1143599688 * 4 cannot be represented in type 'unsigned int'
contrib/libtests/pngvalid.c:11297:20: runtime error: unsigned integer overflow: 1143599688 * 4 cannot be represented in type 'unsigned int'
contrib/libtests/pngvalid.c:1245:18: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'png_uint_32' (aka 'unsigned int')
pngread.c:3234:18: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'png_uint_32' (aka 'unsigned int')
pngread.c:4067:18: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'png_uint_32' (aka 'unsigned int')
pngtrans.c:696:45: runtime error: unsigned integer overflow: 4294967288 * 128 cannot be represented in type 'unsigned int'
pngtrans.c:696:45: runtime error: unsigned integer overflow: 4294967288 * 256 cannot be represented in type 'unsigned int'
pngtrans.c:696:45: runtime error: unsigned integer overflow: 4294967288 * 2 cannot be represented in type 'unsigned int'
pngtrans.c:696:45: runtime error: unsigned integer overflow: 4294967288 * 32 cannot be represented in type 'unsigned int'
pngwrite.c:1557:12: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'png_uint_32' (aka 'unsigned int')
pngwrite.c:1708:15: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'png_uint_32' (aka 'unsigned int')
pngwrite.c:1749:15: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'png_uint_32' (aka 'unsigned int')
pngwrite.c:2139:15: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'png_uint_32' (aka 'unsigned int')
The text was updated successfully, but these errors were encountered: