From unknown Sun Sep 07 16:50:26 2025 X-Loop: help-debbugs@gnu.org Subject: bug#79221: basenc triggers undefined-behaviour in mini-gmp Resent-From: Bruno Haible Original-Sender: "Debbugs-submit" Resent-CC: bug-coreutils@gnu.org Resent-Date: Tue, 12 Aug 2025 00:36:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 79221 X-GNU-PR-Package: coreutils X-GNU-PR-Keywords: To: 79221@debbugs.gnu.org X-Debbugs-Original-To: bug-coreutils@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.175495892831492 (code B ref -1); Tue, 12 Aug 2025 00:36:01 +0000 Received: (at submit) by debbugs.gnu.org; 12 Aug 2025 00:35:28 +0000 Received: from localhost ([127.0.0.1]:50784 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ulczA-0008Br-AK for submit@debbugs.gnu.org; Mon, 11 Aug 2025 20:35:28 -0400 Received: from lists.gnu.org ([2001:470:142::17]:35156) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1ulcz3-0008BT-2V for submit@debbugs.gnu.org; Mon, 11 Aug 2025 20:35:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ulcyv-00044n-AO for bug-coreutils@gnu.org; Mon, 11 Aug 2025 20:35:13 -0400 Received: from mo4-p00-ob.smtp.rzone.de ([81.169.146.216]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ulcyn-0000MN-Js for bug-coreutils@gnu.org; Mon, 11 Aug 2025 20:35:11 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1754958896; cv=none; d=strato.com; s=strato-dkim-0002; b=P52Nstjdfqqx380p2+mqFEQaJ11yTVpSvInC3bsEahJoKk7GnL/BlpKPRpWI1VoTpQ wvA05BjgOuYO3NHw93exydT9sLlc5GxJ85MHGoUwOzNWBkmO2QMOhg9SYwA15o0l1s0c b/0yYebw9qBB4oaV1nYI60Hg58W8oiNgaXCbut2UPwPCynhGgnxsPxoBkCQ3SppJFC/O 3SnksOg9qbIkpOjt6ExvvqVo9kytq7W5H3WDU7fAWLnQ4TMO1BuQN3XYqJFXbMOkMReB dKHoWAEGAhyyTl1uzRiF6gh7rr3Tv1FVjn7d7HYLJpf+JGaFuPPzxyWgck7zml3dcURr g3cQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; t=1754958896; s=strato-dkim-0002; d=strato.com; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=n7K6VTsts37z82cWyRwqnDQlHOuKUPU53RI2yNg+Mh8=; b=TaBaK674qJd5zL+HZVAfuwlr6U77dZmKeR8kx3OGqSeU92qvxbRsmJ+wQkj0P+FdI+ nYp95hyOTKuH01BKoLS+dA6+5KDqawq65f+q/zqsU7djUaUg3XioBF7pWvJCa616yP9y RTdhmcPZ9O2G9Pa5T1zGDlMAtMd895jVvkI8WCmM8uO/KSGy0iD2RaGEk6wcFydeF79o iEubRq+ut1RPBw04qt0JbV5VS2uYnA38OpOOcESBg0glcswdRtlvgbezmIlBnlcwk21z txJ8QN1H8U+qn2Kn4UC+cMb87DNhzlGJ7aBcuoN9ik1MHfOs3NbuKH1qxbOCntE0Ji2M vR3w== ARC-Authentication-Results: i=1; strato.com; arc=none; dkim=none X-RZG-CLASS-ID: mo00 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1754958896; s=strato-dkim-0002; d=clisp.org; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=n7K6VTsts37z82cWyRwqnDQlHOuKUPU53RI2yNg+Mh8=; b=mGk5C1ah1BbY20AnsJvlI+o6TuAwh39nxKFJWbAob3JQWlnw7T4LhCKlfNlvD3CtBL gwzaPo42aROFcFCO2Y1Q62DfYzuuWINPGtaLBRbct2p62jQBy6mvGgx2lTA7vLFDr2/I AnmTw7rvnOc1FfZDQkD7ZhQixV7xxqHYPvm8PZV61j/PWFq+2oYBlxvMyzFu9wSwxZP2 Sat68EbihiTpW9y+FRNDNjBQUkeKF/ZM0qFOZD8FAanQiDhx2DaZbALYyoZkVHGAnS6L ZjUUzkbZU+tSQDzempHNrxwySfB+hI8LK74lo1o2jRak9hNrmfFZmpTsW/hTZjhDjz++ 4fhw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; t=1754958896; s=strato-dkim-0003; d=clisp.org; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=n7K6VTsts37z82cWyRwqnDQlHOuKUPU53RI2yNg+Mh8=; b=vW7TWTNmtVLi3RKs4Elev7eN6CRRnqW9DbxhfYHJsKSs3uvP8j1XrP82kPzNSQE9Zf 88ypzLg3D8XEwGHR+UBQ== X-RZG-AUTH: ":Ln4Re0+Ic/6oZXR1YgKryK8brlshOcZlLnY4jECd2hdUURIbZgL8PX2QiTuZ3cdB8X/nqjjKQToPBMWoKrZeoDk0iObgJr70" Received: from nimes.localnet by smtp.strato.de (RZmta 52.1.2 AUTH) with ESMTPSA id N9ae6317C0Yug4x (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Tue, 12 Aug 2025 02:34:56 +0200 (CEST) From: Bruno Haible Date: Tue, 12 Aug 2025 02:34:55 +0200 Message-ID: <5050460.VnKG3xVv5R@nimes> Organization: GNU MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="nextPart4220600.DirUC8aPjC" Content-Transfer-Encoding: 7Bit Received-SPF: none client-ip=81.169.146.216; envelope-from=bruno@clisp.org; helo=mo4-p00-ob.smtp.rzone.de X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This is a multi-part message in MIME format. --nextPart4220600.DirUC8aPjC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" The CI this week reports a new test failure of the tests/basenc/basenc test, when compiled with sanitizers. How to reproduce: 1. Build the current coreutils with CC=3D"clang -fsanitize=3Daddress,undefined,signed-integer-overflow,shift= ,integer-divide-by-zero -fno-sanitize-recover=3Dundefined" configuring it with option --without-libgmp . (There is no issue when coreutils uses the real gmp.) 2.=20 $ src/basenc --base58 < /dev/null =2E./lib/mini-gmp.c:4529:9: runtime error: applying non-zero offset 1844674= 4073709551615 to null pointer SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../lib/mini-gmp.c:4= 529:9=20 Aborted gdb stack trace: #7 0x0000555555696e79 in __ubsan_handle_pointer_overflow_abort () at /home/runner/work/llvm-project/llvm-project/compiler-rt/lib/ubsan/ub= san_handlers.cpp:855 #8 0x00005555556e27a2 in mpz_import (r=3D0x7bfff5900060, count=3D0, order= =3D1, size=3D1, endian=3D-1, nails=3D0, src=3D0x0) at ../lib/mini-gmp.c:4529 #9 0x00005555556a70a7 in base58_encode (data=3D0x0, data_len=3D0, out=3D0x= 7edff6de0400 '\276' ..., outlen=3D0x7bfff5b000c0) at ../src/basenc.c:1178 #10 0x00005555556a2d56 in base58_encode_ctx_finalize (ctx=3D0x7bfff5b00060,= out=3D0x7bfff5b00040, outlen=3D0x7bfff5b000c0) at ../src/basenc.c:1200 #11 0x00005555556a65d1 in do_encode (in=3D0x7ffff7e038e0 <_IO_2_1_stdin_>, = infile=3D0x55555570fd60 "-",=20 out=3D0x7ffff7e045c0 <_IO_2_1_stdout_>, wrap_column=3D76) at ../src/bas= enc.c:1431 #12 0x0000555555699973 in main (argc=3D2, argv=3D0x7fffffffcfd8) at ../src/= basenc.c:1736 Adding a non-zero offset to a NULL pointer is undefined behaviour per ISO C 23 =A7 6.5.7.(9) as amended by N3322. Should mpz_import accept count=3D0, src=3DNULL arguments? Hard to say from = the gmp documentation https://gmplib.org/manual/Integer-Import-and-Export . If yes, then it's a bug in mini-gmp.c around line 4529. If no, it's a bug in coreutils/src/basenc.c. If yes, feel free to report that to the GMP people, without CCing me, pleas= e. If no, feel free to apply the attached fix. It passes "make check". Bruno --nextPart4220600.DirUC8aPjC Content-Disposition: attachment; filename="0001-basenc-Don-t-trigger-undefined-behaviour-in-mini-gmp.patch" Content-Transfer-Encoding: 7Bit Content-Type: text/x-patch; charset="x-UTF_8J"; name="0001-basenc-Don-t-trigger-undefined-behaviour-in-mini-gmp.patch" >From 1d5042677fc8be29aa95451db2cd23b9ab3a32a8 Mon Sep 17 00:00:00 2001 From: Bruno Haible Date: Tue, 12 Aug 2025 02:25:41 +0200 Subject: [PATCH] basenc: Don't trigger undefined behaviour in mini-gmp * src/basenc.c (base58_encode): Avoid calling mpz_import on an empty limb sequence. --- src/basenc.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/basenc.c b/src/basenc.c index dbe3b388f..84789e2de 100644 --- a/src/basenc.c +++ b/src/basenc.c @@ -1175,10 +1175,12 @@ base58_encode (char const* data, size_t data_len, /* Use GMP to convert from base 256 to base 58. */ mpz_t num; mpz_init (num); - mpz_import (num, data_len - zeros, 1, 1, 0, 0, data + zeros); if (data_len - zeros) - for (p = mpz_get_str (p, 58, num); *p; p++) - *p = gmp_to_base58[to_uchar (*p)]; + { + mpz_import (num, data_len - zeros, 1, 1, 0, 0, data + zeros); + for (p = mpz_get_str (p, 58, num); *p; p++) + *p = gmp_to_base58[to_uchar (*p)]; + } mpz_clear (num); *outlen = p - out; -- 2.50.1 --nextPart4220600.DirUC8aPjC-- From unknown Sun Sep 07 16:50:26 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Bruno Haible Subject: bug#79221: closed (Re: bug#79221: basenc triggers undefined-behaviour in mini-gmp) Message-ID: References: <73c0ab53-b6d2-4ec9-94a5-ba7df07e2058@cs.ucla.edu> <5050460.VnKG3xVv5R@nimes> X-Gnu-PR-Message: they-closed 79221 X-Gnu-PR-Package: coreutils Reply-To: 79221@debbugs.gnu.org Date: Tue, 12 Aug 2025 01:09:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1754960942-4756-1" This is a multi-part message in MIME format... ------------=_1754960942-4756-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #79221: basenc triggers undefined-behaviour in mini-gmp which was filed against the coreutils package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 79221@debbugs.gnu.org. --=20 79221: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D79221 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1754960942-4756-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 79221-done) by debbugs.gnu.org; 12 Aug 2025 01:08:06 +0000 Received: from localhost ([127.0.0.1]:50827 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uldUf-0001D8-W9 for submit@debbugs.gnu.org; Mon, 11 Aug 2025 21:08:05 -0400 Received: from mail.cs.ucla.edu ([131.179.128.66]:40408) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uldUb-0001Co-ND for 79221-done@debbugs.gnu.org; Mon, 11 Aug 2025 21:07:58 -0400 Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id B21903C010873; Mon, 11 Aug 2025 18:07:50 -0700 (PDT) Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10032) with ESMTP id I7KsoyMadJdx; Mon, 11 Aug 2025 18:07:50 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id 88CAD3C0149E2; Mon, 11 Aug 2025 18:07:50 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu 88CAD3C0149E2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu; s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1754960870; bh=KRzllEZo/EPiexQB48wBzI40g+yloPleOOw2gRVpvN8=; h=Message-ID:Date:MIME-Version:To:From; b=jsgy8gfsc3bIPuyGrYGW+me+VBMLHp63qDPPbDYPGsvOf6/lkJF94QBD9bUv6t+dK W2ie/a71XB30PCUw+8iQisyv9X9oj5GjbpaOAr2aaALbnuDfHKOuvlgBH/uuPPayP5 fBfSme4cfN/FBkBTteJ6BdzcKpVS49mRGLcjCO+LUNOmMJgVw3Jo2g2b4OgDRUMTnf 7wPLc/88mcjDohtaG7FZ5l//zuEi9UwXQJuKjfu1uoYkpCZOmEGTd/E1fistjXt4gY bvhyFe2CKMAOJFDR7RPKDxqQYOgxRM5Q6/KmWdrj5InmwVWJKb5JyiHBjoBHJ+9NwU HYHhAIdPO+lBw== X-Virus-Scanned: amavis at mail.cs.ucla.edu Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10026) with ESMTP id 8R7QtSzf1fmq; Mon, 11 Aug 2025 18:07:50 -0700 (PDT) Received: from penguin.cs.ucla.edu (unknown [47.154.18.19]) by mail.cs.ucla.edu (Postfix) with ESMTPSA id 69D173C010873; Mon, 11 Aug 2025 18:07:50 -0700 (PDT) Message-ID: <73c0ab53-b6d2-4ec9-94a5-ba7df07e2058@cs.ucla.edu> Date: Mon, 11 Aug 2025 18:07:50 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: bug#79221: basenc triggers undefined-behaviour in mini-gmp To: Bruno Haible References: <5050460.VnKG3xVv5R@nimes> Content-Language: en-US From: Paul Eggert Organization: UCLA Computer Science Department In-Reply-To: <5050460.VnKG3xVv5R@nimes> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 79221-done Cc: 79221-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Thanks, I installed that. ------------=_1754960942-4756-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 12 Aug 2025 00:35:28 +0000 Received: from localhost ([127.0.0.1]:50784 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ulczA-0008Br-AK for submit@debbugs.gnu.org; Mon, 11 Aug 2025 20:35:28 -0400 Received: from lists.gnu.org ([2001:470:142::17]:35156) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1ulcz3-0008BT-2V for submit@debbugs.gnu.org; Mon, 11 Aug 2025 20:35:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ulcyv-00044n-AO for bug-coreutils@gnu.org; Mon, 11 Aug 2025 20:35:13 -0400 Received: from mo4-p00-ob.smtp.rzone.de ([81.169.146.216]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ulcyn-0000MN-Js for bug-coreutils@gnu.org; Mon, 11 Aug 2025 20:35:11 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1754958896; cv=none; d=strato.com; s=strato-dkim-0002; b=P52Nstjdfqqx380p2+mqFEQaJ11yTVpSvInC3bsEahJoKk7GnL/BlpKPRpWI1VoTpQ wvA05BjgOuYO3NHw93exydT9sLlc5GxJ85MHGoUwOzNWBkmO2QMOhg9SYwA15o0l1s0c b/0yYebw9qBB4oaV1nYI60Hg58W8oiNgaXCbut2UPwPCynhGgnxsPxoBkCQ3SppJFC/O 3SnksOg9qbIkpOjt6ExvvqVo9kytq7W5H3WDU7fAWLnQ4TMO1BuQN3XYqJFXbMOkMReB dKHoWAEGAhyyTl1uzRiF6gh7rr3Tv1FVjn7d7HYLJpf+JGaFuPPzxyWgck7zml3dcURr g3cQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; t=1754958896; s=strato-dkim-0002; d=strato.com; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=n7K6VTsts37z82cWyRwqnDQlHOuKUPU53RI2yNg+Mh8=; b=TaBaK674qJd5zL+HZVAfuwlr6U77dZmKeR8kx3OGqSeU92qvxbRsmJ+wQkj0P+FdI+ nYp95hyOTKuH01BKoLS+dA6+5KDqawq65f+q/zqsU7djUaUg3XioBF7pWvJCa616yP9y RTdhmcPZ9O2G9Pa5T1zGDlMAtMd895jVvkI8WCmM8uO/KSGy0iD2RaGEk6wcFydeF79o iEubRq+ut1RPBw04qt0JbV5VS2uYnA38OpOOcESBg0glcswdRtlvgbezmIlBnlcwk21z txJ8QN1H8U+qn2Kn4UC+cMb87DNhzlGJ7aBcuoN9ik1MHfOs3NbuKH1qxbOCntE0Ji2M vR3w== ARC-Authentication-Results: i=1; strato.com; arc=none; dkim=none X-RZG-CLASS-ID: mo00 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1754958896; s=strato-dkim-0002; d=clisp.org; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=n7K6VTsts37z82cWyRwqnDQlHOuKUPU53RI2yNg+Mh8=; b=mGk5C1ah1BbY20AnsJvlI+o6TuAwh39nxKFJWbAob3JQWlnw7T4LhCKlfNlvD3CtBL gwzaPo42aROFcFCO2Y1Q62DfYzuuWINPGtaLBRbct2p62jQBy6mvGgx2lTA7vLFDr2/I AnmTw7rvnOc1FfZDQkD7ZhQixV7xxqHYPvm8PZV61j/PWFq+2oYBlxvMyzFu9wSwxZP2 Sat68EbihiTpW9y+FRNDNjBQUkeKF/ZM0qFOZD8FAanQiDhx2DaZbALYyoZkVHGAnS6L ZjUUzkbZU+tSQDzempHNrxwySfB+hI8LK74lo1o2jRak9hNrmfFZmpTsW/hTZjhDjz++ 4fhw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; t=1754958896; s=strato-dkim-0003; d=clisp.org; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=n7K6VTsts37z82cWyRwqnDQlHOuKUPU53RI2yNg+Mh8=; b=vW7TWTNmtVLi3RKs4Elev7eN6CRRnqW9DbxhfYHJsKSs3uvP8j1XrP82kPzNSQE9Zf 88ypzLg3D8XEwGHR+UBQ== X-RZG-AUTH: ":Ln4Re0+Ic/6oZXR1YgKryK8brlshOcZlLnY4jECd2hdUURIbZgL8PX2QiTuZ3cdB8X/nqjjKQToPBMWoKrZeoDk0iObgJr70" Received: from nimes.localnet by smtp.strato.de (RZmta 52.1.2 AUTH) with ESMTPSA id N9ae6317C0Yug4x (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Tue, 12 Aug 2025 02:34:56 +0200 (CEST) From: Bruno Haible To: bug-coreutils@gnu.org Subject: basenc triggers undefined-behaviour in mini-gmp Date: Tue, 12 Aug 2025 02:34:55 +0200 Message-ID: <5050460.VnKG3xVv5R@nimes> Organization: GNU MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="nextPart4220600.DirUC8aPjC" Content-Transfer-Encoding: 7Bit Received-SPF: none client-ip=81.169.146.216; envelope-from=bruno@clisp.org; helo=mo4-p00-ob.smtp.rzone.de X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This is a multi-part message in MIME format. --nextPart4220600.DirUC8aPjC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" The CI this week reports a new test failure of the tests/basenc/basenc test, when compiled with sanitizers. How to reproduce: 1. Build the current coreutils with CC=3D"clang -fsanitize=3Daddress,undefined,signed-integer-overflow,shift= ,integer-divide-by-zero -fno-sanitize-recover=3Dundefined" configuring it with option --without-libgmp . (There is no issue when coreutils uses the real gmp.) 2.=20 $ src/basenc --base58 < /dev/null =2E./lib/mini-gmp.c:4529:9: runtime error: applying non-zero offset 1844674= 4073709551615 to null pointer SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../lib/mini-gmp.c:4= 529:9=20 Aborted gdb stack trace: #7 0x0000555555696e79 in __ubsan_handle_pointer_overflow_abort () at /home/runner/work/llvm-project/llvm-project/compiler-rt/lib/ubsan/ub= san_handlers.cpp:855 #8 0x00005555556e27a2 in mpz_import (r=3D0x7bfff5900060, count=3D0, order= =3D1, size=3D1, endian=3D-1, nails=3D0, src=3D0x0) at ../lib/mini-gmp.c:4529 #9 0x00005555556a70a7 in base58_encode (data=3D0x0, data_len=3D0, out=3D0x= 7edff6de0400 '\276' ..., outlen=3D0x7bfff5b000c0) at ../src/basenc.c:1178 #10 0x00005555556a2d56 in base58_encode_ctx_finalize (ctx=3D0x7bfff5b00060,= out=3D0x7bfff5b00040, outlen=3D0x7bfff5b000c0) at ../src/basenc.c:1200 #11 0x00005555556a65d1 in do_encode (in=3D0x7ffff7e038e0 <_IO_2_1_stdin_>, = infile=3D0x55555570fd60 "-",=20 out=3D0x7ffff7e045c0 <_IO_2_1_stdout_>, wrap_column=3D76) at ../src/bas= enc.c:1431 #12 0x0000555555699973 in main (argc=3D2, argv=3D0x7fffffffcfd8) at ../src/= basenc.c:1736 Adding a non-zero offset to a NULL pointer is undefined behaviour per ISO C 23 =A7 6.5.7.(9) as amended by N3322. Should mpz_import accept count=3D0, src=3DNULL arguments? Hard to say from = the gmp documentation https://gmplib.org/manual/Integer-Import-and-Export . If yes, then it's a bug in mini-gmp.c around line 4529. If no, it's a bug in coreutils/src/basenc.c. If yes, feel free to report that to the GMP people, without CCing me, pleas= e. If no, feel free to apply the attached fix. It passes "make check". Bruno --nextPart4220600.DirUC8aPjC Content-Disposition: attachment; filename="0001-basenc-Don-t-trigger-undefined-behaviour-in-mini-gmp.patch" Content-Transfer-Encoding: 7Bit Content-Type: text/x-patch; charset="x-UTF_8J"; name="0001-basenc-Don-t-trigger-undefined-behaviour-in-mini-gmp.patch" >From 1d5042677fc8be29aa95451db2cd23b9ab3a32a8 Mon Sep 17 00:00:00 2001 From: Bruno Haible Date: Tue, 12 Aug 2025 02:25:41 +0200 Subject: [PATCH] basenc: Don't trigger undefined behaviour in mini-gmp * src/basenc.c (base58_encode): Avoid calling mpz_import on an empty limb sequence. --- src/basenc.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/basenc.c b/src/basenc.c index dbe3b388f..84789e2de 100644 --- a/src/basenc.c +++ b/src/basenc.c @@ -1175,10 +1175,12 @@ base58_encode (char const* data, size_t data_len, /* Use GMP to convert from base 256 to base 58. */ mpz_t num; mpz_init (num); - mpz_import (num, data_len - zeros, 1, 1, 0, 0, data + zeros); if (data_len - zeros) - for (p = mpz_get_str (p, 58, num); *p; p++) - *p = gmp_to_base58[to_uchar (*p)]; + { + mpz_import (num, data_len - zeros, 1, 1, 0, 0, data + zeros); + for (p = mpz_get_str (p, 58, num); *p; p++) + *p = gmp_to_base58[to_uchar (*p)]; + } mpz_clear (num); *outlen = p - out; -- 2.50.1 --nextPart4220600.DirUC8aPjC-- ------------=_1754960942-4756-1--