[PATCH] Satisfy UBSan in njs

[Ben Kallus]

When I run my nginx+njs application with UBSan enabled, I encounter a
few instances of undefined behavior in njs:

1. A memcpy from NULL
2. A couple of offsets applied to NULL
3. A u32 assigned to nan
4. A u32 assigned to inf

This patch adds checks to prevent these undefined operations. With it,
my application no longer has any UBSan alerts.

# HG changeset patch
# User Ben Kallus <benjamin.p.kallus...@dartmouth.edu>
# Date 1704329280 18000
#      Wed Jan 03 19:48:00 2024 -0500
# Node ID 85d5846984fc2731ad74f91f21c74be67d6974a9
# Parent  4a15613f4e8bb4a8349ee1cefbae07585da4cbc6
Prevent undefined operations on NULL, INF, and NAN

diff -r 4a15613f4e8b -r 85d5846984fc nginx/ngx_http_js_module.c
--- a/nginx/ngx_http_js_module.c        Tue Dec 19 12:37:05 2023 -0800
+++ b/nginx/ngx_http_js_module.c        Wed Jan 03 19:48:00 2024 -0500
@@ -2717,7 +2717,9 @@

     for ( /* void */ ; cl; cl = cl->next) {
         buf = cl->buf;
-        p = ngx_cpymem(p, buf->pos, buf->last - buf->pos);
+        if (buf->last - buf->pos > 0) {
+            p = ngx_cpymem(p, buf->pos, buf->last - buf->pos);
+        }
     }

 done:
diff -r 4a15613f4e8b -r 85d5846984fc src/njs_extern.c
--- a/src/njs_extern.c  Tue Dec 19 12:37:05 2023 -0800
+++ b/src/njs_extern.c  Wed Jan 03 19:48:00 2024 -0500
@@ -38,7 +38,10 @@
     lhq.proto = &njs_object_hash_proto;
     lhq.pool = vm->mem_pool;

-    end = external + n;
+    end = external;
+    if (n > 0) {
+        end += n;
+    }

     while (external < end) {

diff -r 4a15613f4e8b -r 85d5846984fc src/njs_number.h
--- a/src/njs_number.h  Tue Dec 19 12:37:05 2023 -0800
+++ b/src/njs_number.h  Wed Jan 03 19:48:00 2024 -0500
@@ -41,6 +41,10 @@
 {
     uint32_t  u32;

+    if (isnan(num) || isinf(num)) {
+        return 0;
+    }
+
     u32 = num;

     return (u32 == num && u32 != 0xffffffff);
diff -r 4a15613f4e8b -r 85d5846984fc src/njs_object.c
--- a/src/njs_object.c  Tue Dec 19 12:37:05 2023 -0800
+++ b/src/njs_object.c  Wed Jan 03 19:48:00 2024 -0500
@@ -598,7 +598,10 @@
     start = array->start;

     p = start;
-    end = p + array->length;
+    end = p;
+    if (array->length > 0) {
+        end += array->length;
+    }

     switch (kind) {
     case NJS_ENUM_KEYS:
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel