On 3/12/25 13:29, Collin Funk wrote:
Yao Shuangjie<sjyao2...@outlook.com> writes:
We are cybersecurity researchers from the Hong Kong University of
Science and Technology. We found several security violations of
undefined behaviors in GNU bison 3.8.2 using our novel symbolic
execution technique several months ago. The details are shown below.
../lib/obstack.c:138:35: runtime error: applying non-zero offset
107820858999056 to null pointer
#0 0x6a3c9c in
_obstack_begin_worker/root/projects/bison-3.8.2/obj-san/../lib/obstack.c:138:35
#1 0x6a3a6d in
_obstack_begin/root/projects/bison-3.8.2/obj-san/../lib/obstack.c:157:10
#2 0x54988c in
muscle_init/root/projects/bison-3.8.2/obj-san/../src/muscle-tab.c:126:3
#3 0x548e2f in main/root/projects/bison-3.8.2/obj-san/../src/main.c:97:3
#4 0x7f14c84cdd8f in __libc_start_call_main
csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#5 0x7f14c84cde3f in __libc_start_main csu/../csu/libc-start.c:392:3
#6 0x420664 in _start
(/root/projects/bison-3.8.2/obj-san/src/bison+0x420664)
This is reported in Gnulib here [1].
The Gnulib issue is adding 0 to a null pointer, a behavior that is
undefined in strict C23 but which is likely to be well-defined in the
next version of C and which works on all Gnulib porting targets so it's
OK with Gnulib.
However, the above-quoted message, like [1], says the code is "applying
non-zero offset 107820858999056" to the null pointer. That is a
different thing. Is Clang mis-reporting what's happenning?