From: stephen@isc.org MIME-Version: 1.0 Date: Tue, 05 Dec 2017 17:59:12 +0000 To: bind9-public@isc.org Subject: Issues found building BIND with -fsanitize=undefined Message-ID: Content-Transfer-Encoding: binary Content-Type: text/plain; charset="utf-8" X-RT-Interface: Web X-Mailer: MIME-tools 5.508 (Entity 5.508) Content-Disposition: inline X-RT-Original-Encoding: utf-8 Content-Length: 1516 The following errors/warnings in BIND code were produced when running the tests with the code on "master" compiled with gcc using the -fsanitize=undefined option: * rdata/generic/opt_41.c:195:2: runtime error: null pointer passed as argument 2, which is declared to never be null * name.c:2053:3: runtime error: null pointer passed as argument 2, which is declared to never be null * name.c:2545:2: runtime error: null pointer passed as argument 2, which is declared to never be null * message.c:4404:4: runtime error: null pointer passed as argument 2, which is declared to never be null All these of these seem to be related to memmove (the last via the macro ISC__BUFFER_PUTMEM); it is likely that although the second argument is null, the third argument is 0, which means that no action is taken. However, a similar construct back in 2014 caused problems on a new version of gcc because the compiler noted that a pointer was passed as a "not null" argument to a glib function and subsequently optimised away a check protecting the pointer being dereferenced if it was null. (#35968) * random.c:143:45: runtime error: left shift of 1748803827 by 12 places cannot be represented in type 'int' * inet_aton.c:177:20: runtime error: left shift of 192 by 24 places cannot be represented in type 'int' Both these messages appeared a number of times (with different numbers). * random_test.c:204:20: runtime error: shift exponent 32 is too large for 32-bit type 'unsigned int' I've only seen this message once.