[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 03/10] tools/insn-fuzz: Don't use memcpy() for zero-length reads

On 27/03/17 12:02, George Dunlap wrote:
> On 27/03/17 10:56, Andrew Cooper wrote:
>> For control-flow changes, the emulator needs to perform a zero-length
>> instruction fetch at the target offset.  It also passes NULL for the
>> destination buffer, as there is no instruction stream to collect.
>>
>> This trips up UBSAN, even with a size of 0.  Exclude zero-length reads from
>> using memcpy(), rather than excluding NULL destination pointers, to still
>> catch unintentional uses of NULL.
> So memcpy() will actually try to write to dst even if bytes == 0?
>
> That seems a bit strange, but OK:
>
> Acked-by: George Dunlap <george.dunlap@xxxxxxxxxx>

This is the undefined behaviour sanitiser, which actually objects to
passing NULL to a function annotated with
__attribute__((notnull(...))).  The check is performed before making the
call, and doesn't account for nothing happening if size is 0.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.