Re: lib/58453: endptr can be unitialized if an invalid base is passed to strto*(3)

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,christos%astron.com@localhost
Subject: Re: lib/58453: endptr can be unitialized if an invalid base is passed to strto*(3)
From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
Date: Tue, 23 Jul 2024 00:05:01 +0000 (UTC)

The following reply was made to PR lib/58453; it has been noted by GNATS.

From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
To: Robert Elz <kre%munnari.OZ.AU@localhost>
Cc: Christos Zoulas <christos%zoulas.com@localhost>, gnats-bugs%NetBSD.org@localhost,
	Christos Zoulas <christos%astron.com@localhost>, netbsd-bugs%NetBSD.org@localhost
Subject: Re: lib/58453: endptr can be unitialized if an invalid base is passed to strto*(3)
Date: Tue, 23 Jul 2024 00:03:48 +0000

 > Date: Tue, 23 Jul 2024 05:55:33 +0700
 > From: Robert Elz <kre%munnari.OZ.AU@localhost>
 >=20
 > I remain confused.   What test is that?   Or tests that would be used on
 > linux?
 >=20
 > If this is about some ATF test (the PR doesn't even suggest that though)
 > then it would depend upon the test, some of them are explicitly testing
 > NetBSD behaviour, to ensure it isn't accidentally altered (breaking backw=
 ards
 > compat) and others test required behaviour, to make sure our implementati=
 on
 > doesn't have design/impl bugs.
 >=20
 > Ideally the former kind would skip if the test isn't being run on NetBSD,
 > but I doubt that many of them do.
 
 I asked christos@ to file this PR and commit an ATF test to explain
 the otherwise baffling commit
 
 https://mail-index.netbsd.org/source-changes/2024/07/21/msg152491.html
 
 in order to verify we have actually fixed anything, or to prevent us
 from regressing later, and to track pullups in case it's needed.
 
 I still haven't looked into the code because I'm busy dealing with
 other things right now, but my understanding from what christos@ told
 me was:
 
 1. strtoimax and strtoumax may leave *endptr uninitialized on some
    platforms.
 
    (a) NetBSD's strtoimax and strtoumax always initialize *endptr.
 
    (b) glibc's(?) strtoimax and strtoumax sometimes leave *endptr
        uninitialized.
 
 2. Our strtoi is defined in terms of strtoimax and strtoumax, and the
    current implementation -- before christos@'s commit -- rely on
    strtoimax and strtoumax to always initialize *endptr.
 
 3. christos@'s commit lifts this assumption so that the strtoi code we
    use works in terms of either NetBSD's or glibc's
    strtoimax/strtoumax.
 
 I asked christos@ to commit an ATF test for strtoi that exercises a
 path that, _under glibc's implementation_ of strtoimax/strtoumax,
 would use uninitialized memory.  That way, we have a chance -- e.g.,
 via ubsan, or just by initializing it to some garbage pointer into
 unmapped oblivion -- of detecting the nonportable assumption in strtoi
 in case we ever change our strtoimax/strtoumax implementation.

Prev by Date: Re: lib/58453: endptr can be unitialized if an invalid base is passed to strto*(3)
Next by Date: Re: lib/58453: endptr can be unitialized if an invalid base is passed to strto*(3)
Previous by Thread: Re: lib/58453: endptr can be unitialized if an invalid base is passed to strto*(3)
Next by Thread: Re: lib/58453: endptr can be unitialized if an invalid base is passed to strto*(3)
Indexes:

Home | Main Index | Thread Index | Old Index