Re: UBSan: Undefined Behavior in lf_advlock

To: Tech-kern <tech-kern%netbsd.org@localhost>
Subject: Re: UBSan: Undefined Behavior in lf_advlock
From: Jaromír Doleček <jaromir.dolecek%gmail.com@localhost>
Date: Sat, 6 Jun 2020 00:25:06 +0200

Le ven. 5 juin 2020 à 21:49, syzbot
<syzbot+897abbbe59467cbf6e98%syzkaller.appspotmail.com@localhost> a écrit :
> [  44.1699615] panic: UBSan: Undefined Behavior in /syzkaller/managers/netbsd-kubsan/kernel/sys/kern/vfs_lockf.c:843:16, signed integer overflow: 131072 + 9223372036854771712 cannot be represented in type 'long int'
>
> [  44.1931600] cpu0: Begin traceback...
> [  44.1999503] vpanic() at netbsd:vpanic+0x287 sys/kern/subr_prf.c:290
> [  44.2299515] isAlreadyReported() at netbsd:isAlreadyReported
> [  44.2599494] HandleOverflow() at netbsd:HandleOverflow+0x1c9 sys/../common/lib/libc/misc/ubsan.c:375
> [  44.2899499] lf_advlock() at netbsd:lf_advlock+0x2124 sys/kern/vfs_lockf.c:843

This happens in:
                if (fl->l_len > 0)
                        end = start + fl->l_len - 1;
                else {

when call to fcntl() is arranged so that 'start' ends up 0x20000 and
fl->l_len 0x7ffffffffffff000, overflowing the off_t.

I wonder, Is it important to fix cases like that?

Jaromir

Follow-Ups:
- Re: UBSan: Undefined Behavior in lf_advlock
  - From: Kamil Rytarowski

Prev by Date: Re: UEFI boot and PCI interrupt routing (amd64)
Next by Date: Re: UBSan: Undefined Behavior in lf_advlock
Previous by Thread: UEFI boot and PCI interrupt routing (amd64)
Next by Thread: Re: UBSan: Undefined Behavior in lf_advlock
Indexes:

Home | Main Index | Thread Index | Old Index