https://bugs.exim.org/show_bug.cgi?id=2380
Bug ID: 2380
Summary: PCRE 8.43 and Undefined Behavior sanitizer findings
Product: PCRE
Version: 8.43
Hardware: x86-64
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Code
Assignee: p...@hermes.cam.ac.uk
Reporter: noloa...@gmail.com
CC: pcre-dev@exim.org
I used CFLAGS="-DNDEBUG -g2 -O1 -fsanitize=undefined". I built the library,
then ran a 'make test V=1'. The output presented to the user looks OK. However,
it looks like UBsan found some undefined behavior:
pcre-8.43$ grep -IR 'runtime error'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcre_jit_compile.c:8510:96: runtime error: left shift of negative
value -1
RunTest.log:pcre_jit_compile.c:3941:15: runtime error: left shift of 197 by 24
places cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcre_compile.c:8683:48: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcre_compile.c:8070:45: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcre_compile.c:8683:48: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcre_compile.c:8070:45: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:4448:17: runtime error: null pointer passed as argument
1, which is declared to never be null
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcre_jit_compile.c:8510:96: runtime error: left shift of negative
value -2
RunTest.log:pcre_compile.c:8683:48: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcre_compile.c:8070:45: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcre_jit_compile.c:3941:15: runtime error: left shift of 255 by 24
places cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcre_jit_compile.c:3941:15: runtime error: left shift of 201 by 24
places cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5338:33: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
RunTest.log:pcretest.c:5403:32: runtime error: left shift of 1 by 31 places
cannot be represented in type 'int'
pcretest.c:/* Textual explanations for runtime error codes */
pcre_jit_test.log:........................pcre_jit_compile.c:3941:15: runtime
error: left shift of 255 by 24 places cannot be represented in type 'int'
pcre_jit_test.log:...................................................pcre_jit_compile.c:8510:96:
runtime error: left shift of negative value -1
"left shift of 1 by 31" is a common finding. It can usually be cleared with '1U
<< 31'. Some of the others, like pcre_jit_compile.c:3941, will need to be
analyzed. Often it is a matter of switching to unsigned types.
Be careful of these in the long run. The compiler is free to drop the code. My
personal experience is, little findings like these are the cause of obscure
failures, like self test failures on 32-bit MIPS with GCC 4.5-4.7 (other
platforms will be OK).
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
