-
Notifications
You must be signed in to change notification settings - Fork 174
JS_NewRuntime gives GCC-UBSAN error with bounds-checking #928
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
I'm guessing the issue is the string alloc and the |
I think it's because of how JSString is defined: struct JSString {
JSRefCountHeader header; /* must come first, 32-bit */
uint32_t len : 31;
uint8_t is_wide_char : 1; /* 0 = 8 bits, 1 = 16 bits characters */
/* for JS_ATOM_TYPE_SYMBOL: hash = 0, atom_type = 3,
for JS_ATOM_TYPE_PRIVATE: hash = 1, atom_type = 3
XXX: could change encoding to have one more bit in hash */
uint32_t hash : 30;
uint8_t atom_type : 2; /* != 0 if atom, JS_ATOM_TYPE_x */
uint32_t hash_next; /* atom_index for JS_ATOM_TYPE_SYMBOL */
JSWeakRefRecord *first_weak_ref;
#ifdef ENABLE_DUMPS // JS_DUMP_LEAKS
struct list_head link; /* string list */
#endif
union {
__extension__ uint8_t str8[0]; /* 8 bit strings will get an extra null terminator */
__extension__ uint16_t str16[0];
} u;
}; The last element is a flexible array. I wonder if UBSAN will be appeased if we make it size [1] instead? |
It's a false positive. There's no actual write-after-end; js_alloc_string_rt allocates |
Ah thanks both, yeah it looks like a false-positive caused by the use of |
Looks like I'm not sure if this can even be handled from the quickjs side, since a union of
|
It's been reported that UBSan's `-fsanitize=bounds-strict` does not like empty arrays. Remove them and replace their uses with old school pointer arithmetic. Fixes: quickjs-ng#928
Yeah, I don't think we can easily fix that. As you mention, we can't use I've opened #930 where I remove the union and replace uses of |
It's been reported that UBSan's `-fsanitize=bounds-strict` does not like empty arrays. Remove them and replace their uses with old school pointer arithmetic. Fixes: #928
Fantastic, thanks so much for reworking all of that handling so quickly - it's very much appreciated! |
I'm getting an odd error when compiling quickjs with
gcc -fsanitize=bounds-strict
(newly required as part of R's packaging checks) and callingJS_NewRuntime()
:It can be reproduced with the
debian:sid-slim
docker image with default gcc (gcc 14), using dummy program:Compiled with:
The error is pointing to this function:
And specifically the indexing:
Any chance that there's a simple/obvious fix here? Thanks!
The text was updated successfully, but these errors were encountered: