From: Andrew Cooper <andrew.cooper3@citrix.com>
To: George Dunlap <george.dunlap@citrix.com>,
Xen-devel <xen-devel@lists.xen.org>
Cc: George Dunlap <george.dunlap@eu.citrix.com>,
Wei Liu <wei.liu2@citrix.com>,
Ian Jackson <Ian.Jackson@eu.citrix.com>,
Jan Beulich <JBeulich@suse.com>
Subject: Re: [PATCH 03/10] tools/insn-fuzz: Don't use memcpy() for zero-length reads
Date: Mon, 27 Mar 2017 12:05:22 +0100 [thread overview]
Message-ID: <84797cdf-97f4-5bcd-e8b4-034b6de9967f@citrix.com> (raw)
In-Reply-To: <5f2e3417-9f0c-3784-7d19-be5311f9f99a@citrix.com>
On 27/03/17 12:02, George Dunlap wrote:
> On 27/03/17 10:56, Andrew Cooper wrote:
>> For control-flow changes, the emulator needs to perform a zero-length
>> instruction fetch at the target offset. It also passes NULL for the
>> destination buffer, as there is no instruction stream to collect.
>>
>> This trips up UBSAN, even with a size of 0. Exclude zero-length reads from
>> using memcpy(), rather than excluding NULL destination pointers, to still
>> catch unintentional uses of NULL.
> So memcpy() will actually try to write to dst even if bytes == 0?
>
> That seems a bit strange, but OK:
>
> Acked-by: George Dunlap <george.dunlap@citrix.com>
This is the undefined behaviour sanitiser, which actually objects to
passing NULL to a function annotated with
__attribute__((notnull(...))). The check is performed before making the
call, and doesn't account for nothing happening if size is 0.
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-03-27 11:05 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-27 9:56 [PATCH 00/10] x86 emulation bugfixes and fuzzer improvements Andrew Cooper
2017-03-27 9:56 ` [PATCH 01/10] x86/emul: Correct the decoding of vlddqu Andrew Cooper
2017-03-27 11:24 ` Jan Beulich
2017-03-27 12:10 ` Andrew Cooper
2017-03-27 12:30 ` Jan Beulich
2017-03-27 9:56 ` [PATCH 02/10] x86/emul: Add feature check for clzero Andrew Cooper
2017-03-27 11:25 ` Jan Beulich
2017-03-27 11:28 ` Jan Beulich
2017-03-27 12:13 ` Andrew Cooper
2017-03-27 12:31 ` Jan Beulich
2017-03-27 13:40 ` Andrew Cooper
2017-03-27 9:56 ` [PATCH 03/10] tools/insn-fuzz: Don't use memcpy() for zero-length reads Andrew Cooper
2017-03-27 11:02 ` George Dunlap
2017-03-27 11:05 ` Andrew Cooper [this message]
2017-03-27 11:32 ` Jan Beulich
2017-03-27 12:22 ` Andrew Cooper
2017-03-27 12:35 ` Jan Beulich
2017-03-27 11:36 ` Jan Beulich
2017-03-27 12:14 ` Andrew Cooper
2017-03-27 9:56 ` [PATCH 04/10] tools/insn-fuzz: Avoid making use of static data Andrew Cooper
2017-03-27 11:39 ` Jan Beulich
2017-03-27 9:56 ` [PATCH 05/10] tools/insn-fuzz: Fix a stability bug in afl-clang-fast mode Andrew Cooper
2017-03-27 11:41 ` Jan Beulich
2017-03-27 9:56 ` [PATCH 06/10] tools/insn-fuzz: Correct hook prototypes, and assert() appropriate segments Andrew Cooper
2017-03-27 11:48 ` Jan Beulich
2017-03-27 12:49 ` Andrew Cooper
2017-03-27 9:56 ` [PATCH 07/10] tools/insn-fuzz: Provide IA32_DEBUGCTL consistently to the emulator Andrew Cooper
2017-03-27 11:53 ` Jan Beulich
2017-03-27 12:53 ` Andrew Cooper
2017-03-27 9:56 ` [PATCH 08/10] tools/insn-fuzz: Fix assertion failures in x86_emulate_wrapper() Andrew Cooper
2017-03-27 12:01 ` Jan Beulich
2017-03-27 9:56 ` [PATCH 09/10] tools/x86emul: Advertise more CPUID features for testing purposes Andrew Cooper
2017-03-27 11:20 ` George Dunlap
2017-03-27 12:13 ` Jan Beulich
2017-03-27 12:56 ` George Dunlap
2017-03-27 13:03 ` Andrew Cooper
2017-03-27 13:08 ` George Dunlap
2017-03-27 13:42 ` Jan Beulich
2017-03-27 13:49 ` Andrew Cooper
2017-03-27 13:37 ` Andrew Cooper
2017-03-27 13:45 ` Jan Beulich
2017-03-27 12:09 ` Jan Beulich
2017-03-27 13:01 ` Andrew Cooper
2017-03-27 13:40 ` Jan Beulich
2017-03-27 9:56 ` [PATCH 10/10] tools/insn-fuzz: Always use x86_swint_emulate_all Andrew Cooper
2017-03-27 11:00 ` George Dunlap
2017-03-27 13:09 ` Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=84797cdf-97f4-5bcd-e8b4-034b6de9967f@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=george.dunlap@citrix.com \
--cc=george.dunlap@eu.citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).