On 06.06.2020 00:25, Jaromír Doleček wrote: > Le ven. 5 juin 2020 à 21:49, syzbot > <syzbot+897abbbe59467cbf6e98%syzkaller.appspotmail.com@localhost> a écrit : >> [ 44.1699615] panic: UBSan: Undefined Behavior in /syzkaller/managers/netbsd-kubsan/kernel/sys/kern/vfs_lockf.c:843:16, signed integer overflow: 131072 + 9223372036854771712 cannot be represented in type 'long int' >> >> [ 44.1931600] cpu0: Begin traceback... >> [ 44.1999503] vpanic() at netbsd:vpanic+0x287 sys/kern/subr_prf.c:290 >> [ 44.2299515] isAlreadyReported() at netbsd:isAlreadyReported >> [ 44.2599494] HandleOverflow() at netbsd:HandleOverflow+0x1c9 sys/../common/lib/libc/misc/ubsan.c:375 >> [ 44.2899499] lf_advlock() at netbsd:lf_advlock+0x2124 sys/kern/vfs_lockf.c:843 > > This happens in: > if (fl->l_len > 0) > end = start + fl->l_len - 1; > else { > > when call to fcntl() is arranged so that 'start' ends up 0x20000 and > fl->l_len 0x7ffffffffffff000, overflowing the off_t. > > I wonder, Is it important to fix cases like that? > > Jaromir > Generally we want to mute noise so signal is high on serious issues. Overflowing off_t shall not happen as it is a signed integer. A compiler is free to impose assumptions that the result is not overflowed and miscompile. In this case it is probably safe, but better to silent it.
Attachment:
signature.asc
Description: OpenPGP digital signature