janet icon indicating copy to clipboard operation
janet copied to clipboard

Published 20 hours ago verified publisher icon janet-lang

UndefinedBehaviorSanitizer doesn't like several bugs (including "applying zero offset to null pointer")

Open Techcable opened this issue 1 year ago • 3 comments

UndefinedBehaviorSanitizer is unhappy about "applying zero offset to null pointer".

Presumably this comes up when empty strings are involved.

This seems to be an issue in two files: parse.c:1197 in parser_state_delimiters and utils.c:119 in check_str_const

Janet 1.25.0-dev-8102eb2d macos/aarch64 - '(doc)' for help
src/core/parse.c:1197:31: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/core/parse.c:1197:31 in 
src/core/util.c:119:30: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/core/util.c:119:30 in

I found this trying to debug my own code.

Techcable avatar Aug 30 '22 01:08 Techcable

Caught this in a couple other places running the test suite:

src/core/specials.c:207:88: runtime error: left shift of negative value -5
src/core/pp.c:639:63: runtime error: applying zero offset to null pointer
src/core/inttypes.c:491:1: runtime error: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long long'
src/core/parse.c:1208:27: runtime error: applying zero offset to null pointer
src/core/parse.c:1212:18: runtime error: applying zero offset to null pointer
src/core/util.c:119:30: runtime error: applying zero offset to null pointer

Techcable avatar Aug 30 '22 01:08 Techcable

I don't believe the "applying zero offset to null pointer" bug is very serious.

The one that does look interesting (besides integer overflow) is:

src/core/specials.c:207:88: runtime error: left shift of negative value -5

The code is here.

According to Python, -5 << 8 is -1280 (same answer as -5 * 256)

Not sure why this would give you an issue except that you're using |= between a uint32_t and a int32_t (so it's probably just being pedantic)

Techcable avatar Aug 30 '22 01:08 Techcable

I don't believe the "applying zero offset to null pointer" bug is very serious.

Usually, nothing serious happens on these alone. But it can interact poorly with optimizations in the compilers and other undefined behaviors

GrayJack avatar Aug 30 '22 03:08 GrayJack