+ CC upstream
On Fri, Jan 14, 2022 at 05:37:20AM -0800, Mark Millard wrote:
> # env ASAN_OPTIONS=detect_container_overflow=0 lldb view
> (lldb) target create "view"
> Current executable set to 'view' (x86_64).
> (lldb) run /usr/main-src/contrib/nvi/common/log.c
> Process 96507 launched: '/usr/bin/view' (x86_64)
> Process 96507 stopped
> * thread #1, name = 'view', stop reason = Nullptr with nonzero offset
> frame #0: 0x00000000012c8ef0 view`::__ubsan_on_report() at
> ubsan_monitor.cpp:39
> 36 }
> 37
> 38 SANITIZER_WEAK_DEFAULT_IMPL
> -> 39 void __ubsan::__ubsan_on_report(void) {}
> 40
> 41 void __ubsan::__ubsan_get_current_report_data(const char
> **OutIssueKind,
> 42 const char
> **OutMessage,
> (lldb) bt
> * thread #1, name = 'view', stop reason = Nullptr with nonzero offset
> * frame #0: 0x00000000012c8ef0 view`::__ubsan_on_report() at
> ubsan_monitor.cpp:39
> frame #1: 0x00000000012c36b1
> view`__ubsan::Diag::~Diag(this=0x00007fffffffb9b0) at ubsan_diag.cpp:354:29
> frame #2: 0x00000000012c85e4
> view`handlePointerOverflowImpl(Data=<unavailable>, Base=<unavailable>,
> Result=<unavailable>, Opts=(FromUnrecoverableHandler = false, pc = 21543807,
> bp = 140737488337936)) at ubsan_diag.h:0:21
> frame #3: 0x00000000012c811a
> view`::__ubsan_handle_pointer_overflow(Data=<unavailable>,
> Base=<unavailable>, Result=<unavailable>) at ubsan_handlers.cpp:815:3
> frame #4: 0x000000000148bb7f view`vs_crel(sp=0x00007fffffffbd20,
> count=<unavailable>) at v_z.c:138:14
> frame #5: 0x0000000001420d78 view`v_optchange(sp=<unavailable>,
> offset=<unavailable>, str=<unavailable>, valp=<unavailable>) at
> v_init.c:117:11 [artificial]
> frame #6: 0x000000000132d079 view`opts_set(sp=0x000061e000000080,
> argv=0x00007fffffffbf00, usage=<unavailable>) at options.c:684:8
> frame #7: 0x0000000001328db4 view`opts_init(sp=<unavailable>,
> oargs=<unavailable>) at options.c:412:2
> frame #8: 0x00000000013184d3 view`editor(gp=0x0000621000000100,
> argc=<unavailable>, argv=0x00007fffffffdb10) at main.c:240:6
> frame #9: 0x00000000012d21dd view`main(argc=<unavailable>,
> argv=<unavailable>) at cl_main.c:115:9
> frame #10: 0x0000000001246c7d view`_start(ap=<unavailable>,
> cleanup=<unavailable>) at crt1_c.c:73:7
> (lldb) up 4
> frame #4: 0x000000000148bb7f view`vs_crel(sp=0x00007fffffffbd20,
> count=<unavailable>) at v_z.c:138:14
> 135 sp->t_minrows = sp->t_rows = count;
> 136 if (sp->t_rows > sp->rows - 1)
> 137 sp->t_minrows = sp->t_rows = sp->rows - 1;
> -> 138 TMAP = HMAP + (sp->t_rows - 1);
> 139 F_SET(sp, SC_SCR_REDRAW);
> 140 return (0);
> 141 }
> (lldb) thread info -s
> thread #1: tid = 125915, 0x00000000012c8ef0 view`::__ubsan_on_report() at
> ubsan_monitor.cpp:39, name = 'view', stop reason = Nullptr with nonzero offset
>
> {
> "col": 14,
> "description": "nullptr-with-nonzero-offset",
> "filename": "/usr/main-src/contrib/nvi/vi/v_z.c",
> "instrumentation_class": "UndefinedBehaviorSanitizer",
> "line": 138,
> "memory_address": 0,
> "summary": "Applying non-zero offset 1056 to null pointer",
> "tid": 125915,
> "trace": []
> }
>
> . . . Later: . . .
>
> Process 96507 stopped
> * thread #1, name = 'view', stop reason = Null pointer use
> frame #0: 0x00000000012c8ef0 view`::__ubsan_on_report() at
> ubsan_monitor.cpp:39
> 36 }
> 37
> 38 SANITIZER_WEAK_DEFAULT_IMPL
> -> 39 void __ubsan::__ubsan_on_report(void) {}
> 40
> 41 void __ubsan::__ubsan_get_current_report_data(const char
> **OutIssueKind,
> 42 const char
> **OutMessage,
> (lldb) bt
> * thread #1, name = 'view', stop reason = Null pointer use
> * frame #0: 0x00000000012c8ef0 view`::__ubsan_on_report() at
> ubsan_monitor.cpp:39
> frame #1: 0x00000000012c36b1
> view`__ubsan::Diag::~Diag(this=0x00007fffffffc3c0) at ubsan_diag.cpp:354:29
> frame #2: 0x00000000012c4aef
> view`handleTypeMismatchImpl(Data=<unavailable>, Pointer=<unavailable>,
> Opts=(FromUnrecoverableHandler = false, pc = 19992923, bp = 140737488340592))
> at ubsan_handlers.cpp:117:5
> frame #3: 0x00000000012c47aa
> view`::__ubsan_handle_type_mismatch_v1(Data=<unavailable>,
> Pointer=<unavailable>) at ubsan_handlers.cpp:142:3
> frame #4: 0x000000000131115b view`log_line(sp=<unavailable>,
> lno=<unavailable>, action=<unavailable>) at log.c:261:2
> frame #5: 0x000000000130cd55 view`db_append(sp=<unavailable>,
> update=<unavailable>, lno=<unavailable>, p=<unavailable>, len=<unavailable>)
> at line.c:295:2
> frame #6: 0x000000000141b582 view`v_ecl_log(sp=<unavailable>,
> tp=<unavailable>) at v_ex.c:605:10
> frame #7: 0x0000000001419af2 view`v_ex(sp=<unavailable>,
> vp=<unavailable>) at v_ex.c:372:38
> frame #8: 0x000000000148da62 view`vi(spp=<unavailable>) at vi.c:226:18
> frame #9: 0x0000000001319704 view`editor(gp=0x0000621000000100,
> argc=<unavailable>, argv=<unavailable>) at main.c:402:38
> frame #10: 0x00000000012d21dd view`main(argc=<unavailable>,
> argv=<unavailable>) at cl_main.c:115:9
> frame #11: 0x0000000001246c7d view`_start(ap=<unavailable>,
> cleanup=<unavailable>) at crt1_c.c:73:7
> (lldb) up 4
> frame #4: 0x000000000131115b view`log_line(sp=<unavailable>,
> lno=<unavailable>, action=<unavailable>) at log.c:261:2
> 258 } else
> 259 if (db_get(sp, lno, DBG_FATAL, &lp, &len))
> 260 return (1);
> -> 261 BINC_RETC(sp,
> 262 ep->l_lp, ep->l_len,
> 263 len * sizeof(CHAR_T) + CHAR_T_OFFSET);
> 264 ep->l_lp[0] = action;
> (lldb) thread info -s
> thread #1: tid = 208533, 0x00000000012c8ef0 view`::__ubsan_on_report() at
> ubsan_monitor.cpp:39, name = 'view', stop reason = Null pointer use
>
> {
> "col": 2,
> "description": "null-pointer-use",
> "filename": "/usr/main-src/contrib/nvi/common/log.c",
> "instrumentation_class": "UndefinedBehaviorSanitizer",
> "line": 261,
> "memory_address": 0,
> "summary": "Member access within null pointer of type 'log_t'",
> "tid": 208533,
> "trace": []
> }
> (lldb) c
> Process 96507 resuming
> /usr/main-src/contrib/nvi/common/log.c:261:2: runtime error: member access
> within null pointer of type 'log_t'
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
> /usr/main-src/contrib/nvi/common/log.c:261:2 in
> Process 96507 stopped
> * thread #1, name = 'view', stop reason = Null pointer use
> frame #0: 0x00000000012c8ef0 view`::__ubsan_on_report() at
> ubsan_monitor.cpp:39
> 36 }
> 37
> 38 SANITIZER_WEAK_DEFAULT_IMPL
> -> 39 void __ubsan::__ubsan_on_report(void) {}
> 40
> 41 void __ubsan::__ubsan_get_current_report_data(const char
> **OutIssueKind,
> 42 const char
> **OutMessage,
> (lldb) bt
> * thread #1, name = 'view', stop reason = Null pointer use
> * frame #0: 0x00000000012c8ef0 view`::__ubsan_on_report() at
> ubsan_monitor.cpp:39
> frame #1: 0x00000000012c36b1
> view`__ubsan::Diag::~Diag(this=0x00007fffffffc3c0) at ubsan_diag.cpp:354:29
> frame #2: 0x00000000012c4aef
> view`handleTypeMismatchImpl(Data=<unavailable>, Pointer=<unavailable>,
> Opts=(FromUnrecoverableHandler = false, pc = 19993513, bp = 140737488340592))
> at ubsan_handlers.cpp:117:5
> frame #3: 0x00000000012c47aa
> view`::__ubsan_handle_type_mismatch_v1(Data=<unavailable>,
> Pointer=<unavailable>) at ubsan_handlers.cpp:142:3
> frame #4: 0x00000000013113a9 view`log_line(sp=<unavailable>,
> lno=<unavailable>, action=<unavailable>) at log.c:266:21
> frame #5: 0x000000000130cd55 view`db_append(sp=<unavailable>,
> update=<unavailable>, lno=<unavailable>, p=<unavailable>, len=<unavailable>)
> at line.c:295:2
> frame #6: 0x000000000141b582 view`v_ecl_log(sp=<unavailable>,
> tp=<unavailable>) at v_ex.c:605:10
> frame #7: 0x0000000001419af2 view`v_ex(sp=<unavailable>,
> vp=<unavailable>) at v_ex.c:372:38
> frame #8: 0x000000000148da62 view`vi(spp=<unavailable>) at vi.c:226:18
> frame #9: 0x0000000001319704 view`editor(gp=0x0000621000000100,
> argc=<unavailable>, argv=<unavailable>) at main.c:402:38
> frame #10: 0x00000000012d21dd view`main(argc=<unavailable>,
> argv=<unavailable>) at cl_main.c:115:9
> frame #11: 0x0000000001246c7d view`_start(ap=<unavailable>,
> cleanup=<unavailable>) at crt1_c.c:73:7
> (lldb) up 4
> frame #4: 0x00000000013113a9 view`log_line(sp=<unavailable>,
> lno=<unavailable>, action=<unavailable>) at log.c:266:21
> 263 len * sizeof(CHAR_T) + CHAR_T_OFFSET);
> 264 ep->l_lp[0] = action;
> 265 memmove(ep->l_lp + sizeof(u_char), &lno,
> sizeof(recno_t));
> -> 266 memmove(ep->l_lp + CHAR_T_OFFSET, lp, len *
> sizeof(CHAR_T));
> 267
> 268 lcur = ep->l_cur;
> 269 key.data = &lcur;
> (lldb) thread info -s
> thread #1: tid = 208533, 0x00000000012c8ef0 view`::__ubsan_on_report() at
> ubsan_monitor.cpp:39, name = 'view', stop reason = Null pointer use
>
> {
> "col": 21,
> "description": "null-pointer-use",
> "filename": "/usr/main-src/contrib/nvi/common/log.c",
> "instrumentation_class": "UndefinedBehaviorSanitizer",
> "line": 266,
> "memory_address": 0,
> "summary": "Member access within null pointer of type 'log_t'",
> "tid": 208533,
> "trace": []
> }
> (lldb) c
> Process 96507 resuming
> /usr/main-src/contrib/nvi/common/log.c:266:21: runtime error: member access
> within null pointer of type 'log_t'
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
> /usr/main-src/contrib/nvi/common/log.c:266:21 in
> Process 96507 stopped
> * thread #1, name = 'view', stop reason = Null pointer use
> frame #0: 0x00000000012c8ef0 view`::__ubsan_on_report() at
> ubsan_monitor.cpp:39
> 36 }
> 37
> 38 SANITIZER_WEAK_DEFAULT_IMPL
> -> 39 void __ubsan::__ubsan_on_report(void) {}
> 40
> 41 void __ubsan::__ubsan_get_current_report_data(const char
> **OutIssueKind,
> 42 const char
> **OutMessage,
> (lldb) bt
> * thread #1, name = 'view', stop reason = Null pointer use
> * frame #0: 0x00000000012c8ef0 view`::__ubsan_on_report() at
> ubsan_monitor.cpp:39
> frame #1: 0x00000000012c36b1
> view`__ubsan::Diag::~Diag(this=0x00007fffffffc3c0) at ubsan_diag.cpp:354:29
> frame #2: 0x00000000012c4aef
> view`handleTypeMismatchImpl(Data=<unavailable>, Pointer=<unavailable>,
> Opts=(FromUnrecoverableHandler = false, pc = 19993957, bp = 140737488340592))
> at ubsan_handlers.cpp:117:5
> frame #3: 0x00000000012c47aa
> view`::__ubsan_handle_type_mismatch_v1(Data=<unavailable>,
> Pointer=<unavailable>) at ubsan_handlers.cpp:142:3
> frame #4: 0x0000000001311565 view`log_line(sp=<unavailable>,
> lno=<unavailable>, action=<unavailable>) at log.c:272:37
> frame #5: 0x000000000130cd55 view`db_append(sp=<unavailable>,
> update=<unavailable>, lno=<unavailable>, p=<unavailable>, len=<unavailable>)
> at line.c:295:2
> frame #6: 0x000000000141b582 view`v_ecl_log(sp=<unavailable>,
> tp=<unavailable>) at v_ex.c:605:10
> frame #7: 0x0000000001419af2 view`v_ex(sp=<unavailable>,
> vp=<unavailable>) at v_ex.c:372:38
> frame #8: 0x000000000148da62 view`vi(spp=<unavailable>) at vi.c:226:18
> frame #9: 0x0000000001319704 view`editor(gp=0x0000621000000100,
> argc=<unavailable>, argv=<unavailable>) at main.c:402:38
> frame #10: 0x00000000012d21dd view`main(argc=<unavailable>,
> argv=<unavailable>) at cl_main.c:115:9
> frame #11: 0x0000000001246c7d view`_start(ap=<unavailable>,
> cleanup=<unavailable>) at crt1_c.c:73:7
> (lldb) up 4
> frame #4: 0x0000000001311565 view`log_line(sp=<unavailable>,
> lno=<unavailable>, action=<unavailable>) at log.c:272:37
> 269 key.data = &lcur;
> 270 key.size = sizeof(recno_t);
> 271 data.data = ep->l_lp;
> -> 272 data.size = len * sizeof(CHAR_T) + CHAR_T_OFFSET;
> 273 if (ep->log->put(ep->log, &key, &data, 0) == -1)
> 274 LOG_ERR;
> 275
> (lldb) thread info -s
> thread #1: tid = 208533, 0x00000000012c8ef0 view`::__ubsan_on_report() at
> ubsan_monitor.cpp:39, name = 'view', stop reason = Null pointer use
>
> {
> "col": 37,
> "description": "null-pointer-use",
> "filename": "/usr/main-src/contrib/nvi/common/log.c",
> "instrumentation_class": "UndefinedBehaviorSanitizer",
> "line": 272,
> "memory_address": 0,
> "summary": "Member access within null pointer of type 'log_t'",
> "tid": 208533,
> "trace": []
> }
>
>
> ===
> Mark Millard
> marklmi at yahoo.com
>
>
