GNU bug report logs -
#79221
basenc triggers undefined-behaviour in mini-gmp
Previous Next
To reply to this bug, email your comments to 79221 AT debbugs.gnu.org.
There is no need to reopen the bug first.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-coreutils <at> gnu.org:
bug#79221; Package
coreutils.
(Tue, 12 Aug 2025 00:36:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Bruno Haible <bruno <at> clisp.org>:
New bug report received and forwarded. Copy sent to
bug-coreutils <at> gnu.org.
(Tue, 12 Aug 2025 00:36:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
The CI this week reports a new test failure of the tests/basenc/basenc test,
when compiled with sanitizers.
How to reproduce:
1. Build the current coreutils with
CC="clang -fsanitize=address,undefined,signed-integer-overflow,shift,integer-divide-by-zero -fno-sanitize-recover=undefined"
configuring it with option --without-libgmp . (There is no issue when
coreutils uses the real gmp.)
2.
$ src/basenc --base58 < /dev/null
../lib/mini-gmp.c:4529:9: runtime error: applying non-zero offset 18446744073709551615 to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../lib/mini-gmp.c:4529:9
Aborted
gdb stack trace:
#7 0x0000555555696e79 in __ubsan_handle_pointer_overflow_abort ()
at /home/runner/work/llvm-project/llvm-project/compiler-rt/lib/ubsan/ubsan_handlers.cpp:855
#8 0x00005555556e27a2 in mpz_import (r=0x7bfff5900060, count=0, order=1, size=1, endian=-1, nails=0, src=0x0) at ../lib/mini-gmp.c:4529
#9 0x00005555556a70a7 in base58_encode (data=0x0, data_len=0, out=0x7edff6de0400 '\276' <repeats 200 times>..., outlen=0x7bfff5b000c0)
at ../src/basenc.c:1178
#10 0x00005555556a2d56 in base58_encode_ctx_finalize (ctx=0x7bfff5b00060, out=0x7bfff5b00040, outlen=0x7bfff5b000c0)
at ../src/basenc.c:1200
#11 0x00005555556a65d1 in do_encode (in=0x7ffff7e038e0 <_IO_2_1_stdin_>, infile=0x55555570fd60 <str> "-",
out=0x7ffff7e045c0 <_IO_2_1_stdout_>, wrap_column=76) at ../src/basenc.c:1431
#12 0x0000555555699973 in main (argc=2, argv=0x7fffffffcfd8) at ../src/basenc.c:1736
Adding a non-zero offset to a NULL pointer is undefined behaviour per
ISO C 23 ยง 6.5.7.(9) as amended by N3322.
Should mpz_import accept count=0, src=NULL arguments? Hard to say from the gmp
documentation https://gmplib.org/manual/Integer-Import-and-Export .
If yes, then it's a bug in mini-gmp.c around line 4529.
If no, it's a bug in coreutils/src/basenc.c.
If yes, feel free to report that to the GMP people, without CCing me, please.
If no, feel free to apply the attached fix. It passes "make check".
Bruno
[0001-basenc-Don-t-trigger-undefined-behaviour-in-mini-gmp.patch (text/x-patch, attachment)]
Reply sent
to
Paul Eggert <eggert <at> cs.ucla.edu>:
You have taken responsibility.
(Tue, 12 Aug 2025 01:09:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Bruno Haible <bruno <at> clisp.org>:
bug acknowledged by developer.
(Tue, 12 Aug 2025 01:09:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 79221-done <at> debbugs.gnu.org (full text, mbox):
Thanks, I installed that.
This bug report was last modified 26 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.