GNU bug report logs - #79221
basenc triggers undefined-behaviour in mini-gmp

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#79221: closed (basenc triggers undefined-behaviour in mini-gmp)
Date: Tue, 12 Aug 2025 01:09:01 +0000

[Message part 1 (text/plain, inline)]

Your message dated Mon, 11 Aug 2025 18:07:50 -0700
with message-id <73c0ab53-b6d2-4ec9-94a5-ba7df07e2058 <at> cs.ucla.edu>
and subject line Re: bug#79221: basenc triggers undefined-behaviour in mini-gmp
has caused the debbugs.gnu.org bug report #79221,
regarding basenc triggers undefined-behaviour in mini-gmp
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
79221: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=79221
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Bruno Haible <bruno <at> clisp.org>
To: bug-coreutils <at> gnu.org
Subject: basenc triggers undefined-behaviour in mini-gmp
Date: Tue, 12 Aug 2025 02:34:55 +0200

[Message part 3 (text/plain, inline)]

The CI this week reports a new test failure of the tests/basenc/basenc test,
when compiled with sanitizers.

How to reproduce:
1. Build the current coreutils with
   CC="clang -fsanitize=address,undefined,signed-integer-overflow,shift,integer-divide-by-zero -fno-sanitize-recover=undefined"
   configuring it with option --without-libgmp . (There is no issue when
   coreutils uses the real gmp.)
2. 
$ src/basenc --base58 < /dev/null
../lib/mini-gmp.c:4529:9: runtime error: applying non-zero offset 18446744073709551615 to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../lib/mini-gmp.c:4529:9 
Aborted

gdb stack trace:

#7  0x0000555555696e79 in __ubsan_handle_pointer_overflow_abort ()
    at /home/runner/work/llvm-project/llvm-project/compiler-rt/lib/ubsan/ubsan_handlers.cpp:855
#8  0x00005555556e27a2 in mpz_import (r=0x7bfff5900060, count=0, order=1, size=1, endian=-1, nails=0, src=0x0) at ../lib/mini-gmp.c:4529
#9  0x00005555556a70a7 in base58_encode (data=0x0, data_len=0, out=0x7edff6de0400 '\276' <repeats 200 times>..., outlen=0x7bfff5b000c0)
    at ../src/basenc.c:1178
#10 0x00005555556a2d56 in base58_encode_ctx_finalize (ctx=0x7bfff5b00060, out=0x7bfff5b00040, outlen=0x7bfff5b000c0)
    at ../src/basenc.c:1200
#11 0x00005555556a65d1 in do_encode (in=0x7ffff7e038e0 <_IO_2_1_stdin_>, infile=0x55555570fd60 <str> "-", 
    out=0x7ffff7e045c0 <_IO_2_1_stdout_>, wrap_column=76) at ../src/basenc.c:1431
#12 0x0000555555699973 in main (argc=2, argv=0x7fffffffcfd8) at ../src/basenc.c:1736

Adding a non-zero offset to a NULL pointer is undefined behaviour per
ISO C 23 § 6.5.7.(9) as amended by N3322.

Should mpz_import accept count=0, src=NULL arguments? Hard to say from the gmp
documentation https://gmplib.org/manual/Integer-Import-and-Export .

If yes, then it's a bug in mini-gmp.c around line 4529.
If no, it's a bug in coreutils/src/basenc.c.

If yes, feel free to report that to the GMP people, without CCing me, please.
If no, feel free to apply the attached fix. It passes "make check".

Bruno

[0001-basenc-Don-t-trigger-undefined-behaviour-in-mini-gmp.patch (text/x-patch, attachment)]

[Message part 5 (message/rfc822, inline)]

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Bruno Haible <bruno <at> clisp.org>
Cc: 79221-done <at> debbugs.gnu.org
Subject: Re: bug#79221: basenc triggers undefined-behaviour in mini-gmp
Date: Mon, 11 Aug 2025 18:07:50 -0700

Thanks, I installed that.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.