[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 03/10] tools/insn-fuzz: Don't use memcpy() for zero-length reads



>>> On 27.03.17 at 13:05, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 27/03/17 12:02, George Dunlap wrote:
>> On 27/03/17 10:56, Andrew Cooper wrote:
>>> For control-flow changes, the emulator needs to perform a zero-length
>>> instruction fetch at the target offset.  It also passes NULL for the
>>> destination buffer, as there is no instruction stream to collect.
>>>
>>> This trips up UBSAN, even with a size of 0.  Exclude zero-length reads from
>>> using memcpy(), rather than excluding NULL destination pointers, to still
>>> catch unintentional uses of NULL.
>> So memcpy() will actually try to write to dst even if bytes == 0?
>>
>> That seems a bit strange, but OK:
>>
>> Acked-by: George Dunlap <george.dunlap@xxxxxxxxxx>
> 
> This is the undefined behaviour sanitiser, which actually objects to
> passing NULL to a function annotated with
> __attribute__((notnull(...))).  The check is performed before making the
> call, and doesn't account for nothing happening if size is 0.

But then why is the function annotated "nonnull"? Iirc there's
nothing in the standard disallowing NULL to be passed here so
long as length is also zero, or even only calling this undefined
behavior.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.