GNU bug report logs - #64316
ASAN failures in dir.c

Previous Next

Package: diffutils;

Reported by: Gisle Vanem <gvanem <at> yahoo.no>

Date: Tue, 27 Jun 2023 13:06:02 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#64316: closed (ASAN failures in dir.c)
Date: Tue, 27 Jun 2023 16:41:01 +0000

[Message part 1 (text/plain, inline)]
Your message dated Tue, 27 Jun 2023 09:40:06 -0700
with message-id <df912544-f16b-cf8b-b85c-92ea1bf50571 <at> cs.ucla.edu>
and subject line Re: [bug-diffutils] bug#64316: ASAN failures in dir.c
has caused the debbugs.gnu.org bug report #64316,
regarding ASAN failures in dir.c
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
64316: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=64316
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Gisle Vanem <gvanem <at> yahoo.no>
To: bug-diffutils <at> gnu.org
Subject: ASAN failures in dir.c
Date: Tue, 27 Jun 2023 15:04:48 +0200

Hello list.

Since some time ago, building diff.exe with ASAN (on Windows-10),
causes it to trigger on illegal use of memcpy().
For example:

==3752==ERROR: AddressSanitizer: heap-use-after-free on address 0x121647e20772 at
pc 0x7ffc6e93727e bp 0x00d589efdba0 sp 0x00d589efd330
WRITE of size 17 at 0x121647e20772 thread T0
    #0 0x7ffc6e93727d in __asan_memcpy 
D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\li\asan\asan_interceptors_memintrinsics.cpp:22
    #1 0x7ff604834af1 in dir_read F:\MinGW32\src\gnu\GNU-diff\src\dir.c:101
    #2 0x7ff604832ec7 in diff_dirs F:\MinGW32\src\gnu\GNU-diff\src\dir.c:214
    #3 0x7ff60482dc37 in compare_files F:\MinGW32\src\gnu\GNU-diff\src\diff.c:1369
    #4 0x7ff604833b1b in diff_dirs F:\MinGW32\src\gnu\GNU-diff\src\dir.c:289
    #5 0x7ff60482dc37 in compare_files F:\MinGW32\src\gnu\GNU-diff\src\diff.c:1369
    #6 0x7ff60483270e in main F:\MinGW32\src\gnu\GNU-diff\src\diff.c:862
    ...

-----------------------

This causes Heap Corruption all over the place.

I'm not sure this is an issue with Gnulib or diff. But reverting this
patch:


diff --git a/src/dir.c b/src/dir.c
index ba9403b..773afeb 100644
--- a/src/dir.c
+++ b/src/dir.c
@@ -95,13 +95,9 @@ dir_read (struct file_data const *dir, struct dirdata *dirdata)
           if (excluded_file_name (excluded, d_name))
             continue;

-          while (data_alloc - data_used < d_size)
-            {
-              if (IDX_MAX / 2 <= data_alloc)
-                xalloc_die ();
-              dirdata->data = data = xirealloc (data, data_alloc *= 2);
-            }
-
+          if (data_alloc - data_used < d_size)
+	    dirdata->data = xpalloc (dirdata->data, &data_alloc,
+				     d_size - (data_alloc - data_used), -1, 1);
           memcpy (data + data_used, d_name, d_size);
           data_used += d_size;
           nnames++;

--------

it work with ASAN too (although much slower).

-- 
--gv



[Message part 3 (message/rfc822, inline)]
From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Gisle Vanem <gvanem <at> yahoo.no>
Cc: 64316-done <at> debbugs.gnu.org
Subject: Re: [bug-diffutils] bug#64316: ASAN failures in dir.c
Date: Tue, 27 Jun 2023 09:40:06 -0700

[Message part 4 (text/plain, inline)]
Thanks for reporting that bug, which I recently introduced. I installed 
the attached to fix it.
[0001-diff-fix-xpalloc-typo.patch (text/x-patch, attachment)]
This bug report was last modified 1 year and 331 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.