mirror of
https://github.com/opnsense/src.git
synced 2026-05-04 17:05:14 -04:00
d106f982a5
Mark Milliard has detected a case of undefined behavior with the LLVM UBSAN. The mandoc program called qsort with a==NULL and n==0, which is allowed by the POSIX standard. The qsort() in FreeBSD did not attempt to perform any accesses using the passed pointer for n==0, but it did add an offset to the pointer value, which is undefined behavior in case of a NULL pointer. This operation has no adverse effects on any achitecture supported by FreeBSD, but could be caught in more strict environments. After some discussion in the freebsd-current mail list, it was concluded that the case of a==NULL and n!=0 should still be caught by UBSAN (or cause a program abort due to an illegal access) in order to not hide errors in programs incorrectly invoking qsort(). Only the the case of a==NULL and n==0 should be fixed to not perform the undefined operation on a NULL pointer. This commit makes qsort() exit before reaching the point of potentially undefined behvior for the case n==0, but does not test the value of a, since the result will not depend on whether this pointer is NULL or an actual pointer to an array if n==0. The issue found by Mark Milliard in the whatis command has been reported to the upstream (OpenBSD) and has already been patched there. MFC after: 1 week |
||
|---|---|---|
| .. | ||
| jemalloc | ||
| _Exit.c | ||
| a64l.3 | ||
| a64l.c | ||
| abort.3 | ||
| abort.c | ||
| abs.3 | ||
| abs.c | ||
| alloca.3 | ||
| at_quick_exit.3 | ||
| atexit.3 | ||
| atexit.c | ||
| atexit.h | ||
| atof.3 | ||
| atof.c | ||
| atoi.3 | ||
| atoi.c | ||
| atol.3 | ||
| atol.c | ||
| atoll.c | ||
| bsearch.3 | ||
| bsearch.c | ||
| bsearch_b.c | ||
| cxa_thread_atexit.c | ||
| cxa_thread_atexit_impl.c | ||
| div.3 | ||
| div.c | ||
| exit.3 | ||
| exit.c | ||
| getenv.3 | ||
| getenv.c | ||
| getopt.3 | ||
| getopt.c | ||
| getopt_long.3 | ||
| getopt_long.c | ||
| getsubopt.3 | ||
| getsubopt.c | ||
| hcreate.3 | ||
| hcreate.c | ||
| hcreate_r.c | ||
| hdestroy_r.c | ||
| heapsort.c | ||
| heapsort_b.c | ||
| hsearch.h | ||
| hsearch_r.c | ||
| imaxabs.3 | ||
| imaxabs.c | ||
| imaxdiv.3 | ||
| imaxdiv.c | ||
| insque.3 | ||
| insque.c | ||
| l64a.c | ||
| labs.3 | ||
| labs.c | ||
| ldiv.3 | ||
| ldiv.c | ||
| llabs.3 | ||
| llabs.c | ||
| lldiv.3 | ||
| lldiv.c | ||
| lsearch.3 | ||
| lsearch.c | ||
| Makefile.inc | ||
| memory.3 | ||
| merge.c | ||
| mergesort_b.c | ||
| ptsname.3 | ||
| ptsname.c | ||
| qsort.3 | ||
| qsort.c | ||
| qsort_r.c | ||
| qsort_s.c | ||
| quick_exit.3 | ||
| quick_exit.c | ||
| radixsort.3 | ||
| radixsort.c | ||
| rand.3 | ||
| rand.c | ||
| random.3 | ||
| random.c | ||
| random.h | ||
| reallocarray.3 | ||
| reallocarray.c | ||
| reallocf.3 | ||
| reallocf.c | ||
| realpath.3 | ||
| realpath.c | ||
| remque.c | ||
| set_constraint_handler_s.3 | ||
| set_constraint_handler_s.c | ||
| strfmon.3 | ||
| strfmon.c | ||
| strtod.3 | ||
| strtoimax.c | ||
| strtol.3 | ||
| strtol.c | ||
| strtold.c | ||
| strtoll.c | ||
| strtonum.3 | ||
| strtonum.c | ||
| strtoq.c | ||
| strtoul.3 | ||
| strtoul.c | ||
| strtoull.c | ||
| strtoumax.c | ||
| strtouq.c | ||
| Symbol.map | ||
| system.3 | ||
| system.c | ||
| tdelete.c | ||
| tfind.c | ||
| tsearch.3 | ||
| tsearch.c | ||
| tsearch_path.h | ||
| twalk.c | ||