On Mon, Jan 15, 2024 at 12:25:33PM +0100, Gisle Vanem via Lynx-dev wrote:
> I found some ASAN+UBSAN issues after building the
> latest GitHub snapshot [1] of Lynx on Windows.
>
> I used 'clang-cl -fsanitize=address -fsanitize-recover=address
> -fsanitize=undefined'
>
> First the ASAN issue:
> src/GridText.c:915:12: runtime error: applying zero offset to null pointer
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
> src/GridText.c:915:12
>
> Fixed by:
> --- a/src/GridText.c 2023-02-18 11:10:31
> +++ b/src/GridText.c 2023-06-30 10:08:49
> @@ -912,6 +912,7 @@
> result = a->lites.hl_info[count - 1].hl_text;
> else
> result = a->lites.hl_base.hl_text;
> + if (result)
> result += LYAdjHiTextPos(a, count);
> return result;
>
> then this UBSAN ("Undefined Behavior Sanitizer") issue:
>
> src/LYMainLoop.c:6809:27: runtime error: index -1 out of bounds for type
> 'LinkInfo[1024]'
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
> src/LYMainLoop.c:6809:27 in
> =================================================================
> ==12236==ERROR: AddressSanitizer: global-buffer-overflow on address
> 0x7ff774780160 at
> pc 0x7ffc6cc271bb bp 0x005d7ab3d200 sp 0x005d7ab3c990
> READ of size 96 at 0x7ff774780160 thread T0
> #0 0x7ffc6cc271ba in __asan_memcpy
> D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\lib\asan\asan_interceptors_memintrinsics.cpp:22
> #1 0x7ff77371e477 in mainloop
> F:\MinGW32\src\inet\Web\Lynx\src\LYMainLoop.c:6809
> #2 0x7ff77370d88c in main F:\MinGW32\src\inet\Web\Lynx\src\LYMain.c:2276
> #3 0x7ff773e23c67 in invoke_main
> D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:78
> #4 0x7ff773e23c67 in __scrt_common_main_seh
> D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
> #5 0x7ffcd7fe7613 (C:\Windows\System32\KERNEL32.DLL+0x180017613)
> #6 0x7ffcd88026f0 (C:\Windows\SYSTEM32\ntdll.dll+0x1800526f0)
>
> Fixed by:
> --- a/src/LYMainLoop.c 2023-02-18 11:10:31
> +++ b/src/LYMainLoop.c 2023-06-30 10:14:17
> @@ -6774,7 +6774,7 @@
> * If help is not on the screen, then put a message on the screen to
> * tell the user other misc info.
> */
> - if (!show_help) {
> + if (!show_help && curdoc.link >= 0) {
> show_main_statusline(links[curdoc.link],
> ((curlink_is_editable &&
> textinput_activated)
> ----------------
>
> (the line-numbers count be off since I've made other
> unrelated patches locally).
>
> I was sure I've posted this before somewhere. Apparently not.I seem to recall something mentioning clang on Windows, but don't see it offhand in the mail archive. The last I see from you with a patch was in dev.11 (these fixes look ok, and I happen to be working on Lynx this week). > So I was thinking of creating an issue for this on Github, but > there's no 'issue page' there! Why not Tom? Bug reports have "always" gone to the mailing list. When I'm working on Lynx, I use that information. Few bug reports provide patches, whether or not a bug-reporting system is used. > [1] https://github.com/ThomasDickey/lynx-snapshots.git https://invisible-island.net/lynx/lynx-develop.html https://invisible-island.net/personal/git-exports.html -- Thomas E. Dickey <dic...@invisible-island.net> https://invisible-island.net
signature.asc
Description: PGP signature
