Closed JacobsonLantern closed 1 year ago
We currently don't have a FreeBSD+UBSAN build. I couldn't find an excerpt, what does ieeefp.h:260:17
look like? If this a macro that we're providing invalid values to or does the line itself contain UB?
The value provided is ok but fpsetmask flip the bits of the mask and try a bifshit operation as the said line.
We currently don't have a FreeBSD+UBSAN build. I couldn't find an excerpt, what does
ieeefp.h:260:17
look like? If this a macro that we're providing invalid values to or does the line itself contain UB?
Here's the function. I've highlighted the aformentioned line:
static __inline fp_except_t
__fpsetmask(fp_except_t _m)
{
fp_except_t _p;
unsigned _mxcsr;
unsigned short _cw, _newcw;
__fnstcw(&_cw);
_p = (~_cw & FP_MSKS_FLD) >> FP_MSKS_OFF;
_newcw = _cw & ~FP_MSKS_FLD;
_newcw |= (~_m << FP_MSKS_OFF) & FP_MSKS_FLD; //The line in question: 260:17
__fnldcw(_cw, _newcw);
__stmxcsr(&_mxcsr);
/* XXX should we clear non-ieee SSE_DAZ_FLD and SSE_FZ_FLD ? */
_mxcsr &= ~SSE_MSKS_FLD;
_mxcsr |= (~_m << SSE_MSKS_OFF) & SSE_MSKS_FLD;
__ldmxcsr(&_mxcsr);
return (_p);
}
@devnexen OK, I'll try modify my source with your commit. Since I don't really understand this fpsetmask, is there any security implication in this?
OK, after modifying my source to @devnexen commit, another error showed up:
--- ext/phar/phar.php ---
Generating phar.php
This sanitizer is not compatible with enabled ASLR and binaries compiled with PIE
ASLR will be disabled and the program re-executed.
/usr/include/machine/ieeefp.h:260:17: runtime error: left shift of negative value -1
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/include/machine/ieeefp.h:260:17 in
*** [ext/phar/phar.php] Error code 1
Oh, the phar.phar no longer generates error, tho
UPDATE: I've just realized, even during configure stage, the issue can come up too. This one showed up during configure stage, when checking for PHP version (? why would configure check PHP version?)
checking for php version... This sanitizer is not compatible with enabled ASLR and binaries compiled with PIE
ASLR will be disabled and the program re-executed.
/usr/include/machine/ieeefp.h:260:17: runtime error: left shift of negative value -1
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/include/machine/ieeefp.h:260:17 in
This is the only output I get if I use directly the PR's branch
Generating phar.php
/home/dcarlier/Contribs/php-src/Zend/zend_API.c:2777:37: runtime error: member access within address 0x60c000000100 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c000000100: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 10 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_API.c:2777:37 in
/home/dcarlier/Contribs/php-src/Zend/zend_API.c:2778:21: runtime error: member access within address 0x60c000000100 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c000000100: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 10 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_API.c:2778:21 in
/home/dcarlier/Contribs/php-src/Zend/zend_API.c:2783:21: runtime error: member access within address 0x60c000000100 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c000000100: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 10 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_API.c:2783:21 in
/home/dcarlier/Contribs/php-src/Zend/zend_API.c:2803:21: runtime error: member access within address 0x60c000000100 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c000000100: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 10 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_API.c:2803:21 in
/home/dcarlier/Contribs/php-src/Zend/zend_API.c:2804:22: runtime error: member access within address 0x60c000000100 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c000000100: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 10 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_API.c:2804:22 in
/home/dcarlier/Contribs/php-src/Zend/zend_API.c:2807:44: runtime error: member access within address 0x60c000000100 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c000000100: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 10 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_API.c:2807:44 in
/home/dcarlier/Contribs/php-src/Zend/zend_API.c:2814:18: runtime error: member access within address 0x60c000000100 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c000000100: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 10 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_API.c:2814:18 in
/home/dcarlier/Contribs/php-src/Zend/zend_API.c:2786:55: runtime error: member access within address 0x60c000000280 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c000000280: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 90 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_API.c:2786:55 in
/home/dcarlier/Contribs/php-src/Zend/zend_API.c:2789:23: runtime error: member access within address 0x60c000000280 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c000000280: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 90 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_API.c:2789:23 in
/home/dcarlier/Contribs/php-src/Zend/zend_inheritance.c:90:6: runtime error: member access within address 0x60c00003a6c0 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c00003a6c0: note: pointer points here
00 00 00 00 01 00 00 00 41 20 00 00 50 23 01 00 40 60 00 00 00 12 00 00 50 61 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_inheritance.c:90:6 in
/home/dcarlier/Contribs/php-src/Zend/zend_inheritance.c:91:36: runtime error: member access within address 0x60c00003a6c0 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c00003a6c0: note: pointer points here
00 00 00 00 01 00 00 00 41 20 00 00 50 23 01 00 40 60 00 00 00 12 00 00 50 61 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_inheritance.c:91:36 in
/home/dcarlier/Contribs/php-src/Zend/zend.c:667:9: runtime error: member access within address 0x60c0000b7580 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c0000b7580: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 10 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend.c:667:9 in
Generating phar.phar
/home/dcarlier/Contribs/php-src/Zend/zend_API.c:2777:37: runtime error: member access within address 0x60c000000100 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c000000100: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 10 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_API.c:2777:37 in
/home/dcarlier/Contribs/php-src/Zend/zend_API.c:2778:21: runtime error: member access within address 0x60c000000100 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c000000100: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 10 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_API.c:2778:21 in
/home/dcarlier/Contribs/php-src/Zend/zend_API.c:2783:21: runtime error: member access within address 0x60c000000100 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c000000100: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 10 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_API.c:2783:21 in
/home/dcarlier/Contribs/php-src/Zend/zend_API.c:2803:21: runtime error: member access within address 0x60c000000100 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c000000100: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 10 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_API.c:2803:21 in
/home/dcarlier/Contribs/php-src/Zend/zend_API.c:2804:22: runtime error: member access within address 0x60c000000100 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c000000100: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 10 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_API.c:2804:22 in
/home/dcarlier/Contribs/php-src/Zend/zend_API.c:2807:44: runtime error: member access within address 0x60c000000100 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c000000100: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 10 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_API.c:2807:44 in
/home/dcarlier/Contribs/php-src/Zend/zend_API.c:2814:18: runtime error: member access within address 0x60c000000100 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c000000100: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 10 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_API.c:2814:18 in
/home/dcarlier/Contribs/php-src/Zend/zend_API.c:2786:55: runtime error: member access within address 0x60c000000280 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c000000280: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 90 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_API.c:2786:55 in
/home/dcarlier/Contribs/php-src/Zend/zend_API.c:2789:23: runtime error: member access within address 0x60c000000280 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c000000280: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 90 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_API.c:2789:23 in
/home/dcarlier/Contribs/php-src/Zend/zend_inheritance.c:90:6: runtime error: member access within address 0x60c00003a6c0 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c00003a6c0: note: pointer points here
00 00 00 00 01 00 00 00 41 20 00 00 50 23 01 00 40 60 00 00 00 12 00 00 50 61 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_inheritance.c:90:6 in
/home/dcarlier/Contribs/php-src/Zend/zend_inheritance.c:91:36: runtime error: member access within address 0x60c00003a6c0 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c00003a6c0: note: pointer points here
00 00 00 00 01 00 00 00 41 20 00 00 50 23 01 00 40 60 00 00 00 12 00 00 50 61 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend_inheritance.c:91:36 in
/home/dcarlier/Contribs/php-src/Zend/zend.c:667:9: runtime error: member access within address 0x60c0000b7580 with insufficient space for an object of type 'zend_function' (aka 'union _zend_function')
0x60c0000b7580: note: pointer points here
00 00 00 00 01 00 00 00 01 20 00 00 10 05 00 00 40 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dcarlier/Contribs/php-src/Zend/zend.c:667:9 in
PEAR package PHP_Archive not installed: generated phar will require PHP's phar extension be enabled.
directorygraphiterator.inc
phar.inc
invertedregexiterator.inc
pharcommand.inc
directorytreeiterator.inc
clicommand.inc
Build complete.
Don't forget to run 'make test'.
which is the usual ubsan noise, nor do I get issue at configure time. Not sure it make any difference but I use freebsd 13.2, quite a minor release..
@devnexen would you mind to check your /etc/sysctl.conf
and check your:
kern.elf32.aslr.enable
kern.elf32.aslr.pie_enable
kern.elf64.aslr.enable
kern.elf64.aslr.pie_enable
?
kern.elf32.aslr.stack: 1
kern.elf32.aslr.honor_sbrk: 0
kern.elf32.aslr.pie_enable: 0
kern.elf32.aslr.enable: 0
kern.elf64.aslr.stack: 1
kern.elf64.aslr.honor_sbrk: 0
kern.elf64.aslr.pie_enable: 1
kern.elf64.aslr.enable: 1
ASLR is enabled by default on 64 bits since 13.2 anyway.
No feedback was provided. The issue is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so. Thank you.
Description
When building PHP 8.2.5 from source in FreeBSD 13.1-RELEASE-p6 GENERIC amd64 in this config:
./configure --enable-fpm --with-pdo-pgsql --with-pgsql --with-zlib --with-openssl --with-openssl-dir=/usr/local/openssl --with-password-argon2 --enable-werror --enable-address-sanitizer --enable-undefined-sanitizer --enable-zts
it failed to compile at ieeefp.h, saying:
Did I miss something, or is it a bug? Thank you
PHP Version
PHP 8.2.5
Operating System
FreeBSD 13.1-RELEASE-p6 GENERIC amd64