[07/11] localte: Fix UB on collate_finish

Message ID	20250507142110.3452012-8-adhemerval.zanella@linaro.org
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 922303858D37 From: Adhemerval Zanella <adhemerval.zanella@linaro.org> To: libc-alpha@sourceware.org Cc: Carlos O'Donell <carlos@redhat.com> Subject: [PATCH 07/11] localte: Fix UB on collate_finish Date: Wed, 7 May 2025 11:17:25 -0300 Message-ID: <20250507142110.3452012-8-adhemerval.zanella@linaro.org> In-Reply-To: <20250507142110.3452012-1-adhemerval.zanella@linaro.org> References: <20250507142110.3452012-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org
Series	Add initial support for --enable-ubsan \| expand [00/11] Add initial support for --enable-ubsan [01/11] ubsan: Add initial support for -fsanitize=undefined [02/11] riscv: Fix --enable-ubsan build failure on riscv [03/11] locale: Fix --enable-ubsan build failure on some ABIs [04/11] elf: Adjust DT_EXTRATAGIDX to avoid undefined shifts [05/11] locate: Fix UB on memcpy call [06/11] locale: Fix UB on insert_weights [07/11] localte: Fix UB on collate_finish [08/11] locale: Fix UB in elem_hash [09/11] locale: Fix UB on add_locale_uint32_array [10/11] argp: Fix shift bug [11/11] elf: Fix UB on _dl_map_object_from_fd

Message ID

20250507142110.3452012-8-adhemerval.zanella@linaro.org

State

New

Headers

Received-SPF: pass (google.com: domain of
 libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as
 permitted sender) client-ip=8.43.85.97;
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 922303858D37
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: libc-alpha@sourceware.org
Cc: Carlos O'Donell <carlos@redhat.com>
Subject: [PATCH 07/11] localte: Fix UB on collate_finish
Date: Wed,  7 May 2025 11:17:25 -0300
Message-ID: <20250507142110.3452012-8-adhemerval.zanella@linaro.org>
In-Reply-To: <20250507142110.3452012-1-adhemerval.zanella@linaro.org>
References: <20250507142110.3452012-1-adhemerval.zanella@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org

Series

Add initial support for --enable-ubsan | expand

Commit Message

Adhemerval Zanella May 7, 2025, 2:17 p.m. UTC

The ubsan triggers:

UBSAN: Undefined behaviour in programs/ld-collate.c:1557:7 variable length array bound evaluates to non-positive value 0

The VLA is allocated with nrules being 0.  To simplify the fix,
just allocate one for this case.
---
 locale/programs/ld-collate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Andreas Schwab May 7, 2025, 2:40 p.m. UTC | #1

On Mai 07 2025, Adhemerval Zanella wrote:

> diff --git a/locale/programs/ld-collate.c b/locale/programs/ld-collate.c
> index 4fa08bd273..5ed03f4cbf 100644
> --- a/locale/programs/ld-collate.c
> +++ b/locale/programs/ld-collate.c
> @@ -1554,7 +1554,7 @@ collate_finish (struct localedef_t *locale, const struct charmap_t *charmap)
>       The multibyte case is easy.  We simply sort into an array with
>       256 elements.  */
>    struct locale_collate_t *collate = locale->categories[LC_COLLATE].collate;
> -  int mbact[nrules];
> +  int mbact[nrules == 0 ? 1 : nrules];

nrules is guaranteed to be at most sizeof (((struct element_t *)
0)->used_in_level) * 8, so this can use a fixed array.

Florian Weimer May 7, 2025, 7:20 p.m. UTC | #2

* Adhemerval Zanella:

> The ubsan triggers:
>
> UBSAN: Undefined behaviour in programs/ld-collate.c:1557:7 variable length array bound evaluates to non-positive value 0
>
> The VLA is allocated with nrules being 0.  To simplify the fix,
> just allocate one for this case.

Typo in commit subject: local[]e

diff --git a/locale/programs/ld-collate.c b/locale/programs/ld-collate.c
index 4fa08bd273..5ed03f4cbf 100644
--- a/locale/programs/ld-collate.c
+++ b/locale/programs/ld-collate.c
@@ -1554,7 +1554,7 @@  collate_finish (struct localedef_t *locale, const struct charmap_t *charmap)
      The multibyte case is easy.  We simply sort into an array with
      256 elements.  */
   struct locale_collate_t *collate = locale->categories[LC_COLLATE].collate;
-  int mbact[nrules];
+  int mbact[nrules == 0 ? 1 : nrules];
   int wcact;
   int mbseqact;
   int wcseqact;

[07/11] localte: Fix UB on collate_finish

Commit Message

Comments

Patch