Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UBSan seems to be complaining about a signed integer overflow in barrier.h #10332

Closed
evverx opened this issue Oct 9, 2018 · 1 comment
Closed

UBSan seems to be complaining about a signed integer overflow in barrier.h #10332

evverx opened this issue Oct 9, 2018 · 1 comment
Labels
not-our-bug util-lib
Milestone
v240

Comments

@evverx
Copy link
Member

evverx commented Oct 9, 2018

Below is a backtrace from a machine where libubsan has just been upgraded to 8.1.1:

<unknown>: runtime error: signed integer overflow: 1 - -9223372036854775807 cannot be represented in type 'long int'
    #0 0x7fa98e179aaa in barrier_is_aborted ../src/basic/barrier.h:67
    #1 0x7fa98e17bf0b in barrier_sync ../src/basic/barrier.c:393
    #2 0x5611d298c4d6 in barrier_place_and_sync ../src/basic/barrier.h:73
    #3 0x5611d29967b1 in setup_pam ../src/core/execute.c:1300
    #4 0x5611d29b65ea in exec_child ../src/core/execute.c:3168
    #5 0x5611d29c2ac4 in exec_spawn ../src/core/execute.c:3627
    #6 0x5611d2aba9ab in service_spawn ../src/core/service.c:1538
    #7 0x5611d2ac10f5 in service_enter_start ../src/core/service.c:2038
    #8 0x5611d2ac1ca5 in service_enter_start_pre ../src/core/service.c:2104
    #9 0x5611d2ac64cf in service_start ../src/core/service.c:2350
    #10 0x5611d2b6fa15 in unit_start ../src/core/unit.c:1850
    #11 0x5611d29e9799 in job_perform_on_unit ../src/core/job.c:532
    #12 0x5611d29ea600 in job_run_and_invalidate ../src/core/job.c:596
    #13 0x5611d2a55801 in manager_dispatch_run_queue ../src/core/manager.c:2090
    #14 0x7fa98e4c6516 in source_dispatch ../src/libsystemd/sd-event/sd-event.c:3052
    #15 0x7fa98e4cc1a3 in sd_event_dispatch ../src/libsystemd/sd-event/sd-event.c:3435
    #16 0x7fa98e4cd0e8 in sd_event_run ../src/libsystemd/sd-event/sd-event.c:3492
    #17 0x5611d2a5fbb3 in manager_loop ../src/core/manager.c:2849
    #18 0x5611d2943064 in invoke_main_loop ../src/core/main.c:1665
    #19 0x5611d2949f22 in main ../src/core/main.c:2455
    #20 0x7fa98b7ae11a in __libc_start_main (/lib64/libc.so.6+0x2311a)
    #21 0x5611d2931549 in _start (/usr/lib/systemd/systemd+0x4b7549)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
<unknown>: runtime error: signed integer overflow: 1 - -9223372036854775807 cannot be represented in type 'long int'
    #0 0x7fa98e1799e2 in barrier_they_aborted ../src/basic/barrier.h:59
    #1 0x7fa98e17af71 in barrier_read ../src/basic/barrier.c:213
    #2 0x7fa98e17bf27 in barrier_sync ../src/basic/barrier.c:396
    #3 0x5611d298c4d6 in barrier_place_and_sync ../src/basic/barrier.h:73
    #4 0x5611d29967b1 in setup_pam ../src/core/execute.c:1300
    #5 0x5611d29b65ea in exec_child ../src/core/execute.c:3168
    #6 0x5611d29c2ac4 in exec_spawn ../src/core/execute.c:3627
    #7 0x5611d2aba9ab in service_spawn ../src/core/service.c:1538
    #8 0x5611d2ac10f5 in service_enter_start ../src/core/service.c:2038
    #9 0x5611d2ac1ca5 in service_enter_start_pre ../src/core/service.c:2104
    #10 0x5611d2ac64cf in service_start ../src/core/service.c:2350
    #11 0x5611d2b6fa15 in unit_start ../src/core/unit.c:1850
    #12 0x5611d29e9799 in job_perform_on_unit ../src/core/job.c:532
    #13 0x5611d29ea600 in job_run_and_invalidate ../src/core/job.c:596
    #14 0x5611d2a55801 in manager_dispatch_run_queue ../src/core/manager.c:2090
    #15 0x7fa98e4c6516 in source_dispatch ../src/libsystemd/sd-event/sd-event.c:3052
    #16 0x7fa98e4cc1a3 in sd_event_dispatch ../src/libsystemd/sd-event/sd-event.c:3435
    #17 0x7fa98e4cd0e8 in sd_event_run ../src/libsystemd/sd-event/sd-event.c:3492
    #18 0x5611d2a5fbb3 in manager_loop ../src/core/manager.c:2849
    #19 0x5611d2943064 in invoke_main_loop ../src/core/main.c:1665
    #20 0x5611d2949f22 in main ../src/core/main.c:2455
    #21 0x7fa98b7ae11a in __libc_start_main (/lib64/libc.so.6+0x2311a)
    #22 0x5611d2931549 in _start (/usr/lib/systemd/systemd+0x4b7549)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
@evverx evverx added bug 🐛 Programming errors, that need preferential fixing util-lib labels Oct 9, 2018
@poettering poettering added this to the v240 milestone Oct 10, 2018
poettering added a commit to poettering/systemd that referenced this issue Oct 11, 2018
@poettering
macro: rework IN_SET a bit
8e2b687 
This makes use of assert_cc() to guard against missing CASE macros,
instead of a manual implementation that might result in a static
variable to be allocated.

More importantly though this changes the base type for the array used to
determine the number of arguments for the compile time check from "int"
to "long double". This is done in order to avoid warnings from "ubsan"
that possibly large constants are assigned to small types. "long double"
hopefully isn't vulnerable to that.

Fixes: systemd#10332
@poettering poettering mentioned this issue Oct 11, 2018
Merged
@poettering
Copy link
Member

I think #10366 should fix this. PTAL

@evverx evverx added not-our-bug and removed bug 🐛 Programming errors, that need preferential fixing labels Oct 12, 2018
@evverx evverx closed this as completed Oct 12, 2018
@evverx evverx mentioned this issue Oct 12, 2018
Closed
evverx added a commit to evverx/systemd that referenced this issue Jan 30, 2019
@evverx
tests: crash PID1 if UBSan is unhappy
a19f909 
Now that systemd#10332 is unlikely to happen
it should be totally fine to try to crash PID1 :-)
mightysai1997 pushed a commit to mightysai1997/systemd that referenced this issue Apr 19, 2024
@evverx
barrier: replace IN_SET with ||
7c34f02 
Fixes systemd/systemd#10332.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
not-our-bug util-lib
Milestone
v240
Development

No branches or pull requests
2 participants
@poettering @evverx