Building c4test with UBSan enabled and then running it produces 500+ lines of output like:
../src/hatrack/hash/set.c:258:15: runtime error: null pointer passed as argument 1, which is declared to never be null
/usr/include/stdlib.h:971:30: note: nonnull attribute specified here
#0 0x5899b1111647 in hatrack_set_items_base libcon4m/src/hatrack/hash/set.c:258:9
#1 0x5899b1111ea1 in hatrack_set_items_sort libcon4m/src/hatrack/hash/set.c:305:12
#2 0x5899b0fa6772 in c4m_set_to_xlist libcon4m/src/adts/set.c:158:38
#3 0x5899b11430a6 in process_branch_exit libcon4m/src/compiler/cfg.c:497:30
#4 0x5899b113cd67 in cfg_process_node libcon4m/src/compiler/cfg.c:633:9
#5 0x5899b113d1a0 in cfg_process_node libcon4m/src/compiler/cfg.c:644:9
#6 0x5899b113c070 in cfg_process_node libcon4m/src/compiler/cfg.c:577:31
#7 0x5899b113d62a in cfg_process_node libcon4m/src/compiler/cfg.c:656:9
#8 0x5899b113c070 in cfg_process_node libcon4m/src/compiler/cfg.c:577:31
#9 0x5899b113b154 in c4m_cfg_analyze libcon4m/src/compiler/cfg.c:744:5
#10 0x5899b106c882 in c4m_check_pass libcon4m/src/compiler/check_pass.c:3320:13
#11 0x5899b1016fc5 in c4m_compile_from_entry_point libcon4m/src/compiler/compile.c:467:5
#12 0x5899b0f07197 in execute_test libcon4m/src/harness/con4m_base/run.c:11:11
#13 0x5899b0f05674 in run_one_item libcon4m/src/harness/con4m_base/run.c:61:29
#14 0x5899b0f0535a in c4m_run_expected_value_tests libcon4m/src/harness/con4m_base/run.c:152:18
#15 0x5899b0f01cdb in main libcon4m/src/harness/con4m_base/test.c:44:5
#16 0x7fd148d45e07 in __libc_start_call_main /usr/src/debug/glibc/glibc/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#17 0x7fd148d45ecb in __libc_start_main /usr/src/debug/glibc/glibc/csu/../csu/libc-start.c:360:3
#18 0x5899b0ecf7b4 in _start (libcon4m/build_dev/c4test+0x14f7b4) (BuildId: eb75f65a7b383149176b9e55cbbfdfd116868794)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/hatrack/hash/set.c:258:15
One test file that triggered this was basic05.c4m.
It looks like qsort may be called with a null view at one call site:
With:
main
(https://github.com/crashappsec/libcon4m/commit/de5b65931a5fd3e7fa70ad4b86ba318160eae5b5) orjtv/parity-push
(https://github.com/crashappsec/libcon4m/commit/4f6ccbecc38e75f780d66e1e679e62a283230470)dev
Building c4test with UBSan enabled and then running it produces 500+ lines of output like:
One test file that triggered this was
basic05.c4m
.It looks like
qsort
may be called with a nullview
at one call site:https://github.com/crashappsec/libcon4m/blob/de5b65931a5fd3e7fa70ad4b86ba318160eae5b5/src/hatrack/hash/set.c#L257-L262
which makes UBSan complain on machines where
qsort
specifies that the first argument must not be null:This is pretty noisy, and will only get more noisy as more test cases are added. I'll make a PR, in case the simplest attempt at a fix works.