Re: ubsan
Andres Freund <andres@anarazel.de>
From: Andres Freund <andres@anarazel.de>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: pgsql-hackers@postgresql.org
Date: 2022-03-23T18:21:37Z
Lists: pgsql-hackers
Hi,
On 2022-03-23 13:54:50 -0400, Tom Lane wrote:
> Andres Freund <andres@anarazel.de> writes:
> > I tried to run postgres with ubsan to debug something.
>
> For 0001, could we just replace configure's dlopen check with the
> dlsym check? Or are you afraid of reverse-case failures?
Yea, I was worried about that. But now that I think more about it, it's hard
to believe something could provide / intercept dlsym but not dlopen. I guess
we can try and see?
> 0002: ugh, but my only real complaint is that __ubsan_default_options
> needs more than zero comment.
Yea, definitely. I am still hoping that somebody could see a better approach
than that ugly hack.
Haven't yet checked, but probably should also verify asan either doesn't have
the same problem or provide the same hack for ASAN_OPTIONS.
> Also, it's not "our" getenv is it?
Not really. "libc's getenv()"?
> 0003: OK. Interesting though that we haven't seen these before.
I assume it's a question of library version and configure flags.
Looks like the fwrite nonnull case isn't actually due to the nonnull
attribute, but just fwrite() getting intercepted by the sanitizer
library. Looks like that was added starting in gcc 9 [1]
And the guc.c case presumably requires --enable-nls and a version of gettext
using the nonnull attribute?
Wonder if there's a few functions we should add nonnull to ourselves. Probably
would help "everyday compiler warnings", static analyzers, and ubsan.
Greetings,
Andres Freund
[1]
5d3805fca3e9 (Jakub Jelinek 2017-10-19 13:23:59 +0200 1151) #if SANITIZER_INTERCEPT_FWRITE
5d3805fca3e9 (Jakub Jelinek 2017-10-19 13:23:59 +0200 1152) INTERCEPTOR(SIZE_T, fwrite, const void *p, uptr size, uptr nmemb, void *file) {
5d3805fca3e9 (Jakub Jelinek 2017-10-19 13:23:59 +0200 1153) // libc file streams can call user-supplied functions, see fopencookie.
5d3805fca3e9 (Jakub Jelinek 2017-10-19 13:23:59 +0200 1154) void *ctx;
5d3805fca3e9 (Jakub Jelinek 2017-10-19 13:23:59 +0200 1155) COMMON_INTERCEPTOR_ENTER(ctx, fwrite, p, size, nmemb, file);
5d3805fca3e9 (Jakub Jelinek 2017-10-19 13:23:59 +0200 1156) SIZE_T res = REAL(fwrite)(p, size, nmemb, file);
5d3805fca3e9 (Jakub Jelinek 2017-10-19 13:23:59 +0200 1157) if (res > 0) COMMON_INTERCEPTOR_READ_RANGE(ctx, p, res * size);
5d3805fca3e9 (Jakub Jelinek 2017-10-19 13:23:59 +0200 1158) return res;
5d3805fca3e9 (Jakub Jelinek 2017-10-19 13:23:59 +0200 1159) }
$ git describe --tags 5d3805fca3e9
basepoints/gcc-8-3961-g5d3805fca3e
Commits
-
Avoid possible crash within libsanitizer.
- d4baa327a1c9 19 (unreleased) landed
- c775bf048abd 16.11 landed
- a9515f294de1 17.7 landed
- 6d8acb777715 18.1 landed
-
ci: Use -fsanitize=undefined,alignment,address in linux tasks
- bd82928625e7 16.0 landed
-
Add workaround to make ubsan and ps_status.c compatible
- f686ae82f2d7 16.0 landed
-
Don't try to translate NULL in GetConfigOptionByNum().
- 81045e1e1c33 14.3 landed
- c0f99bb520da 13.7 landed
- 61a007feed52 12.11 landed
- 3ac7d024122f 15.0 landed
-
Don't call fwrite() with len == 0 when writing out relcache init file.
- 5f4615b9def5 10.21 landed
- 2121d58091a3 11.16 landed
- c5b60a68cc08 12.11 landed
- 8014c61ebda1 13.7 landed
- 89a94c24aadd 14.3 landed
- 1c6bb380e5ab 15.0 landed
-
configure: check for dlsym instead of dlopen.
- e52e9bd57f33 14.3 landed
- 7c163aa93fe6 13.7 landed
- 6a767bc2e712 12.11 landed
- a77dddb42e09 11.16 landed
- 2a919372655d 10.21 landed
- e71c76fcab8d 15.0 landed
-
Clean up assorted failures under clang's -fsanitize=undefined checks.
- 46ab07ffda9d 15.0 cited