From unknown Sat Jun 14 19:29:22 2025 X-Loop: help-debbugs@gnu.org Subject: bug#75606: undefined behaviour in sort.c Resent-From: Bruno Haible Original-Sender: "Debbugs-submit" Resent-CC: bug-coreutils@gnu.org Resent-Date: Thu, 16 Jan 2025 16:20:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 75606 X-GNU-PR-Package: coreutils X-GNU-PR-Keywords: To: 75606@debbugs.gnu.org X-Debbugs-Original-To: bug-coreutils@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.173704437220465 (code B ref -1); Thu, 16 Jan 2025 16:20:02 +0000 Received: (at submit) by debbugs.gnu.org; 16 Jan 2025 16:19:32 +0000 Received: from localhost ([127.0.0.1]:34391 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tYSah-0005K0-Sy for submit@debbugs.gnu.org; Thu, 16 Jan 2025 11:19:32 -0500 Received: from lists.gnu.org ([2001:470:142::17]:40022) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tYSaf-0005Ji-Fp for submit@debbugs.gnu.org; Thu, 16 Jan 2025 11:19:30 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tYSaB-0008VX-Pq for bug-coreutils@gnu.org; Thu, 16 Jan 2025 11:19:05 -0500 Received: from mo4-p00-ob.smtp.rzone.de ([85.215.255.25]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tYSa9-0006XK-7f for bug-coreutils@gnu.org; Thu, 16 Jan 2025 11:18:59 -0500 ARC-Seal: i=1; a=rsa-sha256; t=1737044333; cv=none; d=strato.com; s=strato-dkim-0002; b=d1+l5fhlQxKpqwJN9IFzGdnYVSBFJnJC3PerSRAV5m2VsCVwT9ttCRToio9orVYmwY otEp1bI3NnhZ9PHL1cLybbSwGhh+MzrVT/zoaCZWJHJe5EM+gMO40TQVWuJKW4C4jciI +t3dFU99gGiKuY2CHjmoXxXsd/MLa8HqzewiNnHAibA2AYfDsLbAnaMLfXjdWzzXBcfG q0zI+hGzhOhmBqSqJwfh/xoQOiXwd4euxc+ZvLeXkjf6XhcAve3likK7o/+V4mBlHNrb 4OzMRhu7pUkuEbPDWHFnGLAzI+ZtYgCVaxdEK49oXg5kLT2k9kqznxYmrIu23xDc4Yfj v8XQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; t=1737044333; s=strato-dkim-0002; d=strato.com; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=a/LLntzfuEPyCke1zpVrTCYPT8yeHSzXNy9BgB4eVXI=; b=sv+73PS43jN+yeD3mqe5KNZdWXtNWnTxuDc8QKbdsKauZfhUKbo8L6LyIAgiLRfmU5 82BoMAe5hJJvfzbZ501Bg64LzxnZgrmX5fAfE2MUWCeUtGgsXSP7tXVwHxPUeHQ2siCw eXJnIOnuAkdfOuaqruldFWSTJh/h/EKw3nw/Bg0UUDtZcsiEkay6NUD/6HNXjlgqfMCJ NcNCoijEKS5ScR0mTbaMWLk04kmgLJk5OgxugkR3f4VtFwHfXiPLjN/bEpndBZQ9w16j j4DkTtviI9lcbJII2mwrX6mObalAPbHjaIUA1DNO+0P+v5/e1CyvvtHYCel0pqOqa5+k pCGw== ARC-Authentication-Results: i=1; strato.com; arc=none; dkim=none X-RZG-CLASS-ID: mo00 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1737044333; s=strato-dkim-0002; d=clisp.org; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=a/LLntzfuEPyCke1zpVrTCYPT8yeHSzXNy9BgB4eVXI=; b=oXImJxBLLmP+LjkxzYa2jUYqeHGTKDZxrN+YgYJgCA6g1+pK9bF8ETGiofyX7gPdMk eX+qvTbvCi3TwZQBjn7QxiiL11V4xG13ldpq6z4B4+TCEhnrCjlV/z3RAcAByOVo75Ay /OIw3Ek988zpBhNfkkUcCQkcs2kNIlI+SlayV8OhQDy+SJdtiq+EKf4Bh0sEicqm24vU SYPB/dyZpFpkVUv0RplRpUDBG/kPrk+gIYwLVLkOVprDp4iATpz5iN6hHPgAcuCUKlIy xB6iWejJ5ehPfd7Pr0zJFMRC2FKDSz0gz/CT6iGOuGU99n86ssdaa9hhJdIV+S2/dh/H ektw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; t=1737044333; s=strato-dkim-0003; d=clisp.org; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=a/LLntzfuEPyCke1zpVrTCYPT8yeHSzXNy9BgB4eVXI=; b=hZuvA4k2Uyrmhk4LNQ9O0koYPrdp4Hn3N6Xs+DikIL+S1gOeFm0s4fb72/Qgy+I9sd Rhwi17wUvtmbb30KlbAg== X-RZG-AUTH: ":Ln4Re0+Ic/6oZXR1YgKryK8brlshOcZlLnY4jECd2hdUURIbZgL8PX2QiTuZ3cdB8X/nqm+ZFDrj427esj3ggT1Yh0+bzw7B" Received: from nimes.localnet by smtp.strato.de (RZmta 51.2.17 AUTH) with ESMTPSA id N6df4210GGIr2pQ (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Thu, 16 Jan 2025 17:18:53 +0100 (CET) From: Bruno Haible Date: Thu, 16 Jan 2025 17:18:53 +0100 Message-ID: <5399074.FjVNtL66Cm@nimes> Organization: GNU MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Received-SPF: none client-ip=85.215.255.25; envelope-from=bruno@clisp.org; helo=mo4-p00-ob.smtp.rzone.de X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Testing the current coreutils with the current gnulib, there is an undefined behaviour in sort.c, in or around the functions debug_line debug_key debug_width ------------------------------------------------------------------------------ Found by building on Ubuntu 24.04, with clang 19, CC="clang -fsanitize=address,undefined,signed-integer-overflow,shift,integer-divide-by-zero -fno-sanitize-recover=undefined" and running the test suite. The log shows this: + printf 'A\tchr10\nB\tchr1\n' + sort -s -k2.4b,2.3n --debug sort: text ordering performed using simple byte comparison sort: leading blanks are significant in key 1; consider also specifying 'b' sort: note numbers use '.' as a decimal point in this locale ../lib/mbswidth.c:60:26: runtime error: addition of unsigned offset to 0x76f80b601805 overflowed to 0x76f80b601804 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../lib/mbswidth.c:60:26 ../tests/sort/sort-debug-keys.sh: line 292: 345166 Done printf 'A\tchr10\nB\tchr1\n' 345167 Aborted | sort -s -k2.4b,2.3n --debug ------------------------------------------------------------------------------ How to reproduce without clang and UBSAN: $ printf 'A\tchr10\nB\tchr1\n' > in $ gdb src/sort (gdb) break mbsnwidth (gdb) run -s -k2.4b,2.3n --debug < in The first time the mbsnwidth function is invoked: Breakpoint 1, mbsnwidth (string=0x51d000000a80 "A\tchr10", nbytes=5, flags=0) at ../lib/mbswidth.c:59 The second time the mbsnwidth function is invoked: Breakpoint 1, mbsnwidth (string=0x51d000000a85 "10", nbytes=18446744073709551615, flags=0) at ../lib/mbswidth.c:59 The nbytes value is obviously bogus. The documentation of mbsnwidth() says: /* Returns the number of screen columns needed for the NBYTES bytes starting at BUF. */ extern int mbsnwidth (const char *buf, size_t nbytes, int flags); Stack trace at the second invocation: (gdb) where #0 mbsnwidth (string=0x51d000000a85 "10", nbytes=18446744073709551615, flags=0) at ../lib/mbswidth.c:59 #1 0x00005555556bff9e in debug_width (text=0x51d000000a85 "10", lim=0x51d000000a84 "r10") at ../src/sort.c:2326 #2 0x00005555556bfee6 in debug_key (line=0x51d000001280, key=0x5070000001e0) at ../src/sort.c:2415 #3 0x00005555556beabc in debug_line (line=0x51d000001280) at ../src/sort.c:2427 #4 0x00005555556b487f in write_line (line=0x51d000001280, fp=0x7ffff78045c0 <_IO_2_1_stdout_>, output_file=0x0) at ../src/sort.c:2942 #5 0x00005555556cc3be in write_unique (line=0x51d000001280, tfp=0x7ffff78045c0 <_IO_2_1_stdout_>, temp_output=0x0) at ../src/sort.c:3577 #6 0x00005555556d15c8 in mergelines_node (node=0x51d000001500, total_lines=2, tfp=0x7ffff78045c0 <_IO_2_1_stdout_>, temp_output=0x0) at ../src/sort.c:3624 #7 0x00005555556cf27f in merge_loop (queue=0x7ffff59096c0, total_lines=2, tfp=0x7ffff78045c0 <_IO_2_1_stdout_>, temp_output=0x0) at ../src/sort.c:3708 #8 0x00005555556cbff7 in sortlines (lines=0x51d0000012a0, nthreads=8, total_lines=2, node=0x51d000001500, queue=0x7ffff59096c0, tfp=0x7ffff78045c0 <_IO_2_1_stdout_>, temp_output=0x0) at ../src/sort.c:3825 #9 0x00005555556ae58f in sort (files=0x502000000418, nfiles=0, output_file=0x0, nthreads=8) at ../src/sort.c:4124 #10 0x00005555556a2d20 in main (argc=4, argv=0x7fffffffd0c8) at ../src/sort.c:4900 Bruno From unknown Sat Jun 14 19:29:22 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Bruno Haible Subject: bug#75606: closed (Re: bug#75606: undefined behaviour in sort.c) Message-ID: References: <5399074.FjVNtL66Cm@nimes> X-Gnu-PR-Message: they-closed 75606 X-Gnu-PR-Package: coreutils Reply-To: 75606@debbugs.gnu.org Date: Thu, 16 Jan 2025 17:25:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1737048302-31898-1" This is a multi-part message in MIME format... ------------=_1737048302-31898-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #75606: undefined behaviour in sort.c which was filed against the coreutils package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 75606@debbugs.gnu.org. --=20 75606: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D75606 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1737048302-31898-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 75606-done) by debbugs.gnu.org; 16 Jan 2025 17:24:38 +0000 Received: from localhost ([127.0.0.1]:34499 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tYTbi-0008Hi-9O for submit@debbugs.gnu.org; Thu, 16 Jan 2025 12:24:38 -0500 Received: from mail.cs.ucla.edu ([131.179.128.66]:36202) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tYTbg-0008HM-00 for 75606-done@debbugs.gnu.org; Thu, 16 Jan 2025 12:24:36 -0500 Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id AB8DF3C082EAA; Thu, 16 Jan 2025 09:24:29 -0800 (PST) Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10032) with ESMTP id v5pTATC4EVjz; Thu, 16 Jan 2025 09:24:29 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id 5A2753C082EB0; Thu, 16 Jan 2025 09:24:29 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu 5A2753C082EB0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu; s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1737048269; bh=5Ebj92rXsa0aWKOkQ++rsibomn8r5yYvqJ1Ft65+2X0=; h=Message-ID:Date:MIME-Version:To:From; b=iVfGujtFRqeyS0uCgMKdrcd2tfM4tGuyFQse4TnXnMktxY6tWrBag73zpBWUXHprM oar2c7VL31XDamKTXzszVl7tqFNaJMVAqxWSU8j8SR2WG6VbzntwiA0NXplbzzwhm8 UobkmUycxRZ3oUYET87FqUx3DeuChR4zmKXln2PEZsR4X9pDiaLkHbG/MLwqFilVad zTFWX9y+vR3FPTsqHdqNCOUwY24pYhUaCQGaJuKjlRmVxSjbhbB2eiX69+Pr+X7Ra9 Luxh/0PRuTVvv9JDZz4yxD2acz+Q2yt5W/KMSdws7MhTl9APAFImWrBYeh41PDFRif nDyKP3mrrbEVg== X-Virus-Scanned: amavis at mail.cs.ucla.edu Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10026) with ESMTP id cPln-gaJXxRW; Thu, 16 Jan 2025 09:24:29 -0800 (PST) Received: from [192.168.254.12] (unknown [47.154.28.214]) by mail.cs.ucla.edu (Postfix) with ESMTPSA id 3D5653C082EAA; Thu, 16 Jan 2025 09:24:29 -0800 (PST) Content-Type: multipart/mixed; boundary="------------TMBElAH5JauMJgXqtP6Zyo3A" Message-ID: Date: Thu, 16 Jan 2025 09:24:29 -0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: bug#75606: undefined behaviour in sort.c To: Bruno Haible References: <5399074.FjVNtL66Cm@nimes> Content-Language: en-US From: Paul Eggert Organization: UCLA Computer Science Department In-Reply-To: <5399074.FjVNtL66Cm@nimes> X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 75606-done Cc: 75606-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This is a multi-part message in MIME format. --------------TMBElAH5JauMJgXqtP6Zyo3A Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Thanks for reporting that. I installed the attached to fix it. --------------TMBElAH5JauMJgXqtP6Zyo3A Content-Type: text/x-patch; charset=UTF-8; name="0001-sort-fix-debug-buffer-overrun.patch" Content-Disposition: attachment; filename="0001-sort-fix-debug-buffer-overrun.patch" Content-Transfer-Encoding: base64 RnJvbSBlMDcxNjFkNGFmODlkYmY4MjMxMWNhMzk2YWMwOTE2YWE5MGI3MzAxIE1vbiBTZXAg MTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQYXVsIEVnZ2VydCA8ZWdnZXJ0QGNzLnVjbGEuZWR1 PgpEYXRlOiBUaHUsIDE2IEphbiAyMDI1IDA5OjIwOjQ1IC0wODAwClN1YmplY3Q6IFtQQVRD SF0gc29ydDogZml4IC0tZGVidWcgYnVmZmVyIG92ZXJydW4KCiogc3JjL3NvcnQuYyAoZGVi dWdfa2V5KTogRml4IHVuZGVmaW5lZCBiZWhhdmlvciB3aGVuIGEga2V5IGVuZHMKYmVmb3Jl IGl0IHN0YXJ0cy4gIFByb2JsZW0gcmVwb3J0ZWQgYnkgQnJ1bm8gSGFpYmxlCjxodHRwczov L2J1Z3MuZ251Lm9yZy83NTYwNj4uCi0tLQogc3JjL3NvcnQuYyB8IDYgKysrKystCiAxIGZp bGUgY2hhbmdlZCwgNSBpbnNlcnRpb25zKCspLCAxIGRlbGV0aW9uKC0pCgpkaWZmIC0tZ2l0 IGEvc3JjL3NvcnQuYyBiL3NyYy9zb3J0LmMKaW5kZXggOTk3NTY2MjQwLi4wOTI4ZmQ1N2Mg MTAwNjQ0Ci0tLSBhL3NyYy9zb3J0LmMKKysrIGIvc3JjL3NvcnQuYwpAQCAtMjM3Myw3ICsy MzczLDExIEBAIGRlYnVnX2tleSAoc3RydWN0IGxpbmUgY29uc3QgKmxpbmUsIHN0cnVjdCBr ZXlmaWVsZCBjb25zdCAqa2V5KQogICAgICAgaWYgKGtleS0+c3dvcmQgIT0gU0laRV9NQVgp CiAgICAgICAgIGJlZyA9IGJlZ2ZpZWxkIChsaW5lLCBrZXkpOwogICAgICAgaWYgKGtleS0+ ZXdvcmQgIT0gU0laRV9NQVgpCi0gICAgICAgIGxpbSA9IGxpbWZpZWxkIChsaW5lLCBrZXkp OworICAgICAgICB7CisgICAgICAgICAgbGltID0gbGltZmllbGQgKGxpbmUsIGtleSk7Cisg ICAgICAgICAgLyogVHJlYXQgZmllbGQgZW5kcyBiZWZvcmUgZmllbGQgc3RhcnRzIGFzIGVt cHR5IGZpZWxkcy4gICovCisgICAgICAgICAgbGltID0gTUFYIChiZWcsIGxpbSk7CisgICAg ICAgIH0KIAogICAgICAgaWYgKChrZXktPnNraXBzYmxhbmtzICYmIGtleS0+c3dvcmQgPT0g U0laRV9NQVgpCiAgICAgICAgICAgfHwga2V5LT5tb250aCB8fCBrZXlfbnVtZXJpYyAoa2V5 KSkKLS0gCjIuNDUuMgoK --------------TMBElAH5JauMJgXqtP6Zyo3A-- ------------=_1737048302-31898-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 16 Jan 2025 16:19:32 +0000 Received: from localhost ([127.0.0.1]:34391 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tYSah-0005K0-Sy for submit@debbugs.gnu.org; Thu, 16 Jan 2025 11:19:32 -0500 Received: from lists.gnu.org ([2001:470:142::17]:40022) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tYSaf-0005Ji-Fp for submit@debbugs.gnu.org; Thu, 16 Jan 2025 11:19:30 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tYSaB-0008VX-Pq for bug-coreutils@gnu.org; Thu, 16 Jan 2025 11:19:05 -0500 Received: from mo4-p00-ob.smtp.rzone.de ([85.215.255.25]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tYSa9-0006XK-7f for bug-coreutils@gnu.org; Thu, 16 Jan 2025 11:18:59 -0500 ARC-Seal: i=1; a=rsa-sha256; t=1737044333; cv=none; d=strato.com; s=strato-dkim-0002; b=d1+l5fhlQxKpqwJN9IFzGdnYVSBFJnJC3PerSRAV5m2VsCVwT9ttCRToio9orVYmwY otEp1bI3NnhZ9PHL1cLybbSwGhh+MzrVT/zoaCZWJHJe5EM+gMO40TQVWuJKW4C4jciI +t3dFU99gGiKuY2CHjmoXxXsd/MLa8HqzewiNnHAibA2AYfDsLbAnaMLfXjdWzzXBcfG q0zI+hGzhOhmBqSqJwfh/xoQOiXwd4euxc+ZvLeXkjf6XhcAve3likK7o/+V4mBlHNrb 4OzMRhu7pUkuEbPDWHFnGLAzI+ZtYgCVaxdEK49oXg5kLT2k9kqznxYmrIu23xDc4Yfj v8XQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; t=1737044333; s=strato-dkim-0002; d=strato.com; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=a/LLntzfuEPyCke1zpVrTCYPT8yeHSzXNy9BgB4eVXI=; b=sv+73PS43jN+yeD3mqe5KNZdWXtNWnTxuDc8QKbdsKauZfhUKbo8L6LyIAgiLRfmU5 82BoMAe5hJJvfzbZ501Bg64LzxnZgrmX5fAfE2MUWCeUtGgsXSP7tXVwHxPUeHQ2siCw eXJnIOnuAkdfOuaqruldFWSTJh/h/EKw3nw/Bg0UUDtZcsiEkay6NUD/6HNXjlgqfMCJ NcNCoijEKS5ScR0mTbaMWLk04kmgLJk5OgxugkR3f4VtFwHfXiPLjN/bEpndBZQ9w16j j4DkTtviI9lcbJII2mwrX6mObalAPbHjaIUA1DNO+0P+v5/e1CyvvtHYCel0pqOqa5+k pCGw== ARC-Authentication-Results: i=1; strato.com; arc=none; dkim=none X-RZG-CLASS-ID: mo00 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1737044333; s=strato-dkim-0002; d=clisp.org; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=a/LLntzfuEPyCke1zpVrTCYPT8yeHSzXNy9BgB4eVXI=; b=oXImJxBLLmP+LjkxzYa2jUYqeHGTKDZxrN+YgYJgCA6g1+pK9bF8ETGiofyX7gPdMk eX+qvTbvCi3TwZQBjn7QxiiL11V4xG13ldpq6z4B4+TCEhnrCjlV/z3RAcAByOVo75Ay /OIw3Ek988zpBhNfkkUcCQkcs2kNIlI+SlayV8OhQDy+SJdtiq+EKf4Bh0sEicqm24vU SYPB/dyZpFpkVUv0RplRpUDBG/kPrk+gIYwLVLkOVprDp4iATpz5iN6hHPgAcuCUKlIy xB6iWejJ5ehPfd7Pr0zJFMRC2FKDSz0gz/CT6iGOuGU99n86ssdaa9hhJdIV+S2/dh/H ektw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; t=1737044333; s=strato-dkim-0003; d=clisp.org; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=a/LLntzfuEPyCke1zpVrTCYPT8yeHSzXNy9BgB4eVXI=; b=hZuvA4k2Uyrmhk4LNQ9O0koYPrdp4Hn3N6Xs+DikIL+S1gOeFm0s4fb72/Qgy+I9sd Rhwi17wUvtmbb30KlbAg== X-RZG-AUTH: ":Ln4Re0+Ic/6oZXR1YgKryK8brlshOcZlLnY4jECd2hdUURIbZgL8PX2QiTuZ3cdB8X/nqm+ZFDrj427esj3ggT1Yh0+bzw7B" Received: from nimes.localnet by smtp.strato.de (RZmta 51.2.17 AUTH) with ESMTPSA id N6df4210GGIr2pQ (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Thu, 16 Jan 2025 17:18:53 +0100 (CET) From: Bruno Haible To: bug-coreutils@gnu.org Subject: undefined behaviour in sort.c Date: Thu, 16 Jan 2025 17:18:53 +0100 Message-ID: <5399074.FjVNtL66Cm@nimes> Organization: GNU MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Received-SPF: none client-ip=85.215.255.25; envelope-from=bruno@clisp.org; helo=mo4-p00-ob.smtp.rzone.de X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Testing the current coreutils with the current gnulib, there is an undefined behaviour in sort.c, in or around the functions debug_line debug_key debug_width ------------------------------------------------------------------------------ Found by building on Ubuntu 24.04, with clang 19, CC="clang -fsanitize=address,undefined,signed-integer-overflow,shift,integer-divide-by-zero -fno-sanitize-recover=undefined" and running the test suite. The log shows this: + printf 'A\tchr10\nB\tchr1\n' + sort -s -k2.4b,2.3n --debug sort: text ordering performed using simple byte comparison sort: leading blanks are significant in key 1; consider also specifying 'b' sort: note numbers use '.' as a decimal point in this locale ../lib/mbswidth.c:60:26: runtime error: addition of unsigned offset to 0x76f80b601805 overflowed to 0x76f80b601804 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../lib/mbswidth.c:60:26 ../tests/sort/sort-debug-keys.sh: line 292: 345166 Done printf 'A\tchr10\nB\tchr1\n' 345167 Aborted | sort -s -k2.4b,2.3n --debug ------------------------------------------------------------------------------ How to reproduce without clang and UBSAN: $ printf 'A\tchr10\nB\tchr1\n' > in $ gdb src/sort (gdb) break mbsnwidth (gdb) run -s -k2.4b,2.3n --debug < in The first time the mbsnwidth function is invoked: Breakpoint 1, mbsnwidth (string=0x51d000000a80 "A\tchr10", nbytes=5, flags=0) at ../lib/mbswidth.c:59 The second time the mbsnwidth function is invoked: Breakpoint 1, mbsnwidth (string=0x51d000000a85 "10", nbytes=18446744073709551615, flags=0) at ../lib/mbswidth.c:59 The nbytes value is obviously bogus. The documentation of mbsnwidth() says: /* Returns the number of screen columns needed for the NBYTES bytes starting at BUF. */ extern int mbsnwidth (const char *buf, size_t nbytes, int flags); Stack trace at the second invocation: (gdb) where #0 mbsnwidth (string=0x51d000000a85 "10", nbytes=18446744073709551615, flags=0) at ../lib/mbswidth.c:59 #1 0x00005555556bff9e in debug_width (text=0x51d000000a85 "10", lim=0x51d000000a84 "r10") at ../src/sort.c:2326 #2 0x00005555556bfee6 in debug_key (line=0x51d000001280, key=0x5070000001e0) at ../src/sort.c:2415 #3 0x00005555556beabc in debug_line (line=0x51d000001280) at ../src/sort.c:2427 #4 0x00005555556b487f in write_line (line=0x51d000001280, fp=0x7ffff78045c0 <_IO_2_1_stdout_>, output_file=0x0) at ../src/sort.c:2942 #5 0x00005555556cc3be in write_unique (line=0x51d000001280, tfp=0x7ffff78045c0 <_IO_2_1_stdout_>, temp_output=0x0) at ../src/sort.c:3577 #6 0x00005555556d15c8 in mergelines_node (node=0x51d000001500, total_lines=2, tfp=0x7ffff78045c0 <_IO_2_1_stdout_>, temp_output=0x0) at ../src/sort.c:3624 #7 0x00005555556cf27f in merge_loop (queue=0x7ffff59096c0, total_lines=2, tfp=0x7ffff78045c0 <_IO_2_1_stdout_>, temp_output=0x0) at ../src/sort.c:3708 #8 0x00005555556cbff7 in sortlines (lines=0x51d0000012a0, nthreads=8, total_lines=2, node=0x51d000001500, queue=0x7ffff59096c0, tfp=0x7ffff78045c0 <_IO_2_1_stdout_>, temp_output=0x0) at ../src/sort.c:3825 #9 0x00005555556ae58f in sort (files=0x502000000418, nfiles=0, output_file=0x0, nthreads=8) at ../src/sort.c:4124 #10 0x00005555556a2d20 in main (argc=4, argv=0x7fffffffd0c8) at ../src/sort.c:4900 Bruno ------------=_1737048302-31898-1-- From unknown Sat Jun 14 19:29:22 2025 X-Loop: help-debbugs@gnu.org Subject: bug#75606: undefined behaviour in sort.c Resent-From: Bruno Haible Original-Sender: "Debbugs-submit" Resent-CC: bug-coreutils@gnu.org Resent-Date: Thu, 16 Jan 2025 19:22:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 75606 X-GNU-PR-Package: coreutils X-GNU-PR-Keywords: To: Paul Eggert Cc: 75606-done@debbugs.gnu.org Received: via spool by 75606-done@debbugs.gnu.org id=D75606.173705527219816 (code D ref 75606); Thu, 16 Jan 2025 19:22:01 +0000 Received: (at 75606-done) by debbugs.gnu.org; 16 Jan 2025 19:21:12 +0000 Received: from localhost ([127.0.0.1]:34688 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tYVQW-00059Y-CU for submit@debbugs.gnu.org; Thu, 16 Jan 2025 14:21:12 -0500 Received: from mo4-p00-ob.smtp.rzone.de ([85.215.255.20]:43157) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tYVQT-00059L-JT for 75606-done@debbugs.gnu.org; Thu, 16 Jan 2025 14:21:10 -0500 ARC-Seal: i=1; a=rsa-sha256; t=1737055266; cv=none; d=strato.com; s=strato-dkim-0002; b=btLYLkwriHvJqO/Qdfh3alF63S/ghnXyYtAaDrW2xk6STszaaOY53eo5B1EmLNVaFf Hu2ghn6TOq4zduPN4W2zkkOOXtVSg+VBA9K0vbqGdnvkDRFrqdXs0RqrH7ik1SesFl43 VErKXiIrqIszQQ/nVaLjxyzpQEWgOHf3XmoDy2G5p+SUmKL8bJW42QLqcHjk6eX+r+9i cWCwVxIV5AmyPrnwomw8k0ywIaEDO43Ix1Ubi9DpvkYov1TUq9RGDgGa1KlWMukGMmG3 ae96xNmbvDyt6AaEu5r3jOdZrlbdIYiv40VPzn7m0jxRPrUq3qNx6JiYP38D49Qei3TK 3NNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; t=1737055266; s=strato-dkim-0002; d=strato.com; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date: From:Subject:Sender; bh=3La7CEeuK006ymk2AJG7lx4FiGmJqsIkSn8VyJi8yHY=; b=Z2AcAfsBYbpyWfAJdfSUoM8ZOzG9VgZG/Xfrl5kEMqA5Xuiy/WQ+a6dgzUe2dCtei8 br5/RRACnwLox3436+bdP/rAJnb4Rf/191Sv9XioYQIQ8m3SiZHAuGSNEgmDgFHpMXQX jov8nKMv3ss7Gx8lgIkN+YKMBfyWK7SKfrLXKU77Qogq7Q81OxtfJOUXEN2jucEKfJfJ aLSJCooUE2/Xz6L5nQnJPFkr7n0zcqiJiB/CbwjSWvDYRAh5wUt+zfRolQWBX/RXVwei P2GbbpXj4wZcysO6NcCGIHz0b0/uUN/+IftUxe8UTJ18dCVgfuv6TEer6iqG70XvCNyB 3sAQ== ARC-Authentication-Results: i=1; strato.com; arc=none; dkim=none X-RZG-CLASS-ID: mo00 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1737055266; s=strato-dkim-0002; d=clisp.org; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date: From:Subject:Sender; bh=3La7CEeuK006ymk2AJG7lx4FiGmJqsIkSn8VyJi8yHY=; b=W6eWp+uZQCjbKtSrvFrQjr0aac7u446D8MoqLdHSVXRWUV9NZOtP2GW/TKuIsCzPqi nZhRLK+oZQWHzYaUdMdktv0hPjdHC18HiHMuNFowhpq6hnct8naZAQz1PKXk/VILtUm5 xXmXqfH3jq+4QwPkaK3cMVZPZF0Vizk6ZfFVZp4srDjZW/LItzPT1125OfstY0YF399k DwYlDx/VUR2wFU6oDo49vuAqcj77b5Mo3fDhbQijyLkFJVwksWhnqUbJ+z2jPX9j4IaZ 3zX74wTUD2Vjz7fgvM7LTjHCA8JNEo3kpHmKzvWRKYFn3p4zC+XyZHaR+daRH/of+1LY 0k1A== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; t=1737055266; s=strato-dkim-0003; d=clisp.org; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date: From:Subject:Sender; bh=3La7CEeuK006ymk2AJG7lx4FiGmJqsIkSn8VyJi8yHY=; b=qpgsCpRO+mGd7F11mhxcUhYF0uPQTVet7S5dSJtlDv2vnAVsSBcbsznMUYRw5HH/o2 eWDdEZA6iU4PuMe6z0DA== X-RZG-AUTH: ":Ln4Re0+Ic/6oZXR1YgKryK8brlshOcZlLnY4jECd2hdUURIbZgL8PX2QiTuZ3cdB8X/nqm+ZFDrj427esj3ggT1Yh0+bzw7B" Received: from nimes.localnet by smtp.strato.de (RZmta 51.2.17 AUTH) with ESMTPSA id N6df4210GJL53L3 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Thu, 16 Jan 2025 20:21:05 +0100 (CET) From: Bruno Haible Date: Thu, 16 Jan 2025 20:21:05 +0100 Message-ID: <1996562.Hs2Xf39FnO@nimes> Organization: GNU In-Reply-To: References: <5399074.FjVNtL66Cm@nimes> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Paul Eggert wrote: > Thanks for reporting that. I installed the attached to fix it. Thanks. I confirm that it fixes it. Bruno