There is an interface in grep: dfa.c with functions to test bit, set bit,
clear bit etc. They operate over the INT-wide mask (INTBITS). Use unsigned
shift in these interfaces to prevent UB.
Detected with MKSANITIZER with the undefined behavior sanitizer option.
Sponsored by <The NetBSD Foundation>
Assert that -9223372036854775808 % -1 and -9223372036854775808 / -1 return
message about overflow / underflow detected.
These tests pass correctly.
Sponsored by <The NetBSD Foundation>
The current implementation of operations - + * / % could cause Undefined
Behavior and in narrow cases (INT64_MIN / -1 and INT64_MIN % -1) SIGFPE
and crash duping core.
Detected with MKSANITIZER enabled for the Undefined Behavior variation:
# eval expr '4611686018427387904 + 4611686018427387904'
/public/src.git/bin/expr/expr.y:315:12: runtime error: signed integer overflow: 4611686018427387904 + 4611686018427387904 cannot be represented in type 'long'
All bin/t_expr ATF tests pass now in a sanitized userland.
Sponsored by <The NetBSD Foundation>
UBSan can detect that during switching a login to root there is unportable
left shift operation:
$ su -
Password:
/public/src.git/bin/ksh/eval.c:598:13: runtime error: left shift of 1073741824 by 1 places cannot be represented in type 'int'
#
Sponsored by <The NetBSD Foundation>
$ awk '{w=$1}' < /dev/null
/public/src.git/external/historical/nawk/bin/../dist/lex.c:476:16: runtime error: index -1 out of bounds for type 'const Keyword [46]'
There used to be documented a bug in the code that index ouf of bounds
can in theory fault (by daniel barrett).
Before assigning the pointer, first check for the index whether it's not
not -1. This was a suggested solution in the comment in the code.
The sanitizer is overcautious as this pointer wasn't dereferenced, but
fix is nonetheless.
Sponsored by <The NetBSD Foundation>
Unportable left shift reported with MKSANITIZER=yes USE_SANITIZER=undefined:
# progress -zf ./games.tgz tar -xp -C "./" -f -
/public/src.git/usr.bin/gzip/gzip.c:2126:33: runtime error: left shift of 251 by 24 places cannot be represented in type 'int'
100% |****************************************************************************************************************| 44500 KiB 119.69 MiB/s 00:00 ETA
Refactor the following code into something that is more clear
and fix signed integer shift, by casting all buf[] elements to
(unsigned int):
unsigned char buf[8];
uint32_t usize;
[...]
else {
usize = buf[4] | buf[5] << 8 |
buf[6] << 16 | buf[7] << 24;
[...]
New version:
usize = buf[4];
usize |= (unsigned int)buf[5] << 8;
usize |= (unsigned int)buf[6] << 16;
usize |= (unsigned int)buf[7] << 24;
Only the "<< 24" part needs explicit cast, but for consistency make the
integer promotion explicit and clear to a code reader.
Sponsored by <The NetBSD Foundation>
"random" msk failures
the crucial fix is that the start/end adresses are computed and
written to hw registers in number of octets (i.e. size /
sizeof(u_int64_t)), as that is actually what the hardware expects
fixes PR kern/36454 (which had fix which highlighted the trouble),
and seems likely to also fix kern/35711 and port-i386/42514
Unportable left shift reported with MKSANITIZER=yes USE_SANITIZER=undefined:
# nm /usr/lib/libc.so|grep sanit
/public/src.git/lib/libc/citrus/modules/citrus_mapper_std.c:173:8: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Sponsored by <The NetBSD Foundation>
Unportable left shift reported with MKSANITIZER=yes USE_SANITIZER=undefined:
# ifconfig
alc0: flags=0x8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ec_capabilities=3<VLAN_MTU,VLAN_HWTAGGING>
ec_enabled=0
address: xx:xx:xx:xx:xx:xx
/public/src.git/sbin/ifconfig/af_inet.c:102:34: runtime error: left shift of 16777215 by 8 places cannot be represented in type 'int'
inet 192.168.0.38/24 broadcast 192.168.0.255 flags 0x0
inet6 xxxx::xxxx:xxxx:xxxx:xxx%alc0/64 flags 0x0 scopeid 0x1
lo0: flags=0x8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33624
inet 127.0.0.1/8 flags 0x0
inet6 ::1/128 flags 0x20<NODAD>
inet6 fe80::1%lo0/64 flags 0x0 scopeid 0x2
Change shifting left 1 to shifting 1U. This corrects the issue.
if (cidr < 32) { /* more than 1 bit in mask */
/* check for non-contig netmask */
if ((mask ^ (((1 << cidr) - 1) << (32 - cidr))) != 0) // <- here
return -1; /* noncontig, no pfxlen */
}
Solution suggested by <uwe>
Sponsored by <The NetBSD Foundation>
undefined reference to `typeinfo for __cxxabiv1::__class_type_info'
undefined reference to `typeinfo for __cxxabiv1::__si_class_type_info'
undefined reference to `typeinfo for __cxxabiv1::__vmi_class_type_info'
undefined reference to `typeinfo for std::type_info'
undefined reference to `__dynamic_cast'
- Add IXGBE_DEV_ID_82599_LS(0x154f) support.
- Increase timeout for newer than ixgbe_mac_X550 (i.e. Xeon-D and Denverton)
in ixgbe_acquire_swfw_sync_X540().
- Add some unused macros (IXGBE_FW_LESM_*).
experimental PMAP_DIRECT if available; the direct code paths now survive
longer than the pmap_enter() variant, but still triggers panic during
build.sh tools run; remove some obsolete sysctls
add some XXXs to mark places which need attention to make this more stable
Note: the loan case is now actually significantly slower than the
non-loan case on MP systems, due to synchronous IPIs triggered by
marking the page read-only by uvm_loan(); this is being discussed
in the email thread
https://mail-index.netbsd.org/tech-kern/2018/05/21/msg023441.html
that is basically the same issue due to which loaning was disabled
for sosend()
Allow to disable building groff. This is a build tool written in C++.
This option is useful with an external toolchain configured for building the
distribution rather than building tools (e.g. C++ lookup paths may differ).
Looks ok by <christos>
Sponsored by <The NetBSD Foundation>
