-
-
Notifications
You must be signed in to change notification settings - Fork 248
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix UB in inffast.c when not using window #1037
Conversation
When not using window, `window + wsize` applies a zero offset to a null pointer, which is undefined behavior.
I don't see anything undefined in using null pointer in pointer arithmetics... As long as the variable size is well-defined (non-void pointer), the generated assembly will be correct, basically it either assembles to load + addition, or load effective address (LEA). The real issue comes if the pointer is later dereferenced. |
IANALL (I am not a language lawyer, but..) this was discussed in https://reviews.llvm.org/D67122 and the consensus was that any arithmetic on null pointers is undefined in C, even if you add zero. UBSan flags it. |
@atdt Pointer arithmetics in C are a lot easier than with C++... As zlib and zlib-ng are both C, the code has no UB. Compiler doesn't know at compile-time that the pointer is NULL constant or has 0 offset, so it can't optimize away offset. |
@mtl1979 According to the discussion I linked to above, this is only UB in C, and not in C++, where it would be well-defined. I think the change improves readability, and it helps us adopt zlib-ng because otherwise we have to carry a patch that adds a |
@atdt Well... I tested with two of the most common compilers and both return same predictable answer... I didn't try with Visual C++ as it is C++ compiler and not C compiler. |
@mtl1979 That means nothing. UB is dangerous because some future compiler will likely start using it for optimization and your "working" code suddenly crashes or misbehaves. |
@turol Future compilers can't optimize the code differently unless they know for sure that both variables are zero. There is no chance for that to happen as it would already trigger a compiler warning when all warnings are enabled. |
@mtl1979 I'm confused. Are you opposed to this change? Upstream LLVM very definitely thinks this is UB. There is an explicit check for this in UBSan which flags this code in zlib-ng. Why quibble? |
@atdt I'm saying it's false positive as there is no constant NULL or nullptr. |
It's undefined behavior because the C language specification does not define how the compiler ought to behave when you apply a zero offset to a null pointer. What current compilers can or cannot do with this code is not a very good argument. |
@atdt Offsets have nothing to do with C, so it's expected that C standard doesn't define it... C standard only covers arrays which have defined element size. C standard also says that undefined element size is assumed to equal to 1 byte, which would also apply to explicit NULL pointers, but not other pointers that point to address 0. |
Codecov Report
@@ Coverage Diff @@
## develop #1037 +/- ##
===========================================
- Coverage 78.32% 76.26% -2.07%
===========================================
Files 85 85
Lines 8730 8725 -5
Branches 1392 1392
===========================================
- Hits 6838 6654 -184
- Misses 1357 1528 +171
- Partials 535 543 +8
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
- Fix hangs on macOS #1031 - Fix minideflate write buffers being overwritten #1060 - Fix build problems when building outside of source dir #1049 - Fix build problems on arm2-7 #1030 - Fixed some compile warnings #1020 #1036 #1037 #1048 - Improved posix memalign support #888 - Improvements to testing #637 #1026 #1035 #1051 #1056 #1063 #1067 - Improvements for integration into other projects #1022 #1042 - Code style fixes #637 #1040 #1050
- Fix hangs on macOS #1031 - Fix minideflate write buffers being overwritten #1060 - Fix deflateBound and compressBound returning too small size estimates #1071 - Fix build problems when building outside of source dir #1049 - Fix build problems on arm2-7 #1030 - Fixed some compile warnings #1020 #1036 #1037 #1048 - Improved posix memalign support #888 - Improvements to testing #637 #1026 #1032 #1035 #1051 #1056 #1063 #1067 - Improvements for integration into other projects #1022 #1042 - Code style fixes #637 #1040 #1050 #1075
- Fix hangs on macOS #1031 - Fix minideflate write buffers being overwritten #1060 - Fix deflateBound and compressBound returning too small size estimates #1071 - Fix build problems when building outside of source dir #1049 - Fix build problems on arm2-7 #1030 - Fixed some compile warnings #1020 #1036 #1037 #1048 - Improved posix memalign support #888 - Improvements to testing #637 #1026 #1032 #1035 #1051 #1056 #1063 #1067 - Improvements for integration into other projects #1022 #1042 - Code style fixes #637 #1040 #1050 #1075
- Fix hangs on macOS #1031 - Fix minideflate write buffers being overwritten #1060 - Fix deflateBound and compressBound returning too small size estimates #1071 - Fix build problems when building outside of source dir #1049 - Fix build problems on arm2-7 #1030 - Fixed some compile warnings #1020 #1036 #1037 #1048 - Improved posix memalign support #888 - Improvements to testing #637 #1026 #1032 #1035 #1051 #1056 #1063 #1067 - Improvements for integration into other projects #1022 #1042 - Code style fixes #637 #1040 #1050 #1075
- Fix hangs on macOS #1031 - Fix minideflate write buffers being overwritten #1060 - Fix deflateBound and compressBound returning too small size estimates #1049 #1071 - Fix incorrect function declaration warning #1080 - Fix build problems when building outside of source dir #1049 - Fix build problems on arm2-7 #1030 - Fixed some compile warnings #1020 #1036 #1037 #1048 - Improved posix memalign support #888 - Improvements to testing #637 #1026 #1032 #1035 #1049 #1051 #1056 #1063 #1067 - Improvements for integration into other projects #1022 #1042 - Code style fixes #637 #1040 #1050 #1075
- Fix hangs on macOS #1031 - Fix minideflate write buffers being overwritten #1060 - Fix deflateBound and compressBound returning too small size estimates #1049 #1071 - Fix incorrect function declaration warning #1080 - Fix build problems when building outside of source dir #1049 - Fix build problems on arm2-7 #1030 - Fixed some compile warnings #1020 #1036 #1037 #1048 - Improved posix memalign support #888 - Improvements to testing #637 #1026 #1032 #1035 #1049 #1051 #1056 #1063 #1067 #1079 - Improvements for integration into other projects #1022 #1042 - Code style fixes #637 #1040 #1050 #1075
- Fix hangs on macOS #1031 - Fix minideflate write buffers being overwritten #1060 - Fix deflateBound and compressBound returning too small size estimates #1049 #1071 - Fix incorrect function declaration warning #1080 - Fix build problems when building outside of source dir #1049 - Fix build problems on arm2-7 #1030 - Fixed some compile warnings #1020 #1036 #1037 #1048 - Improved posix memalign support #888 - Improvements to testing #637 #1026 #1032 #1035 #1049 #1051 #1056 #1063 #1067 #1079 - Improvements for integration into other projects #1022 #1042 - Code style fixes #637 #1040 #1050 #1075
When not using window,
window + wsize
applies a zero offset to a null pointer, which is undefined behavior.