Page MenuHome GnuPG

UBsan finding "armor.c:1159:11: runtime error: member access within null pointer..."
Closed, ResolvedPublic


Hi Everyone,

I'm performing a UBsan run on GnuPG 2.2.15 and all of its dependencies. Everything was built with -fsanitize=undefined -fno-sanitize-recover. For Autotools projects the two flags get placed in CFLAGS, CXXFLAGS and LDFLAGS.

It looks like UBsan is producing some findings:

Checking TOFU trust model with ultimately trusted keys (issue2929).
("/home/build/gnupg-2.2.15/g10/gpg" --no-permission-warning --trust-model=tofu --quick-generate-key failed: gpg: keybox '/tmp/gpgscm-20190510T180345-run-tests-zh02be/pubring.kbx' created
gpg: /tmp/gpgscm-20190510T180345-run-tests-zh02be/trustdb.gpg: trustdb created
gpg: key CFAC68F08C2D9025 marked as ultimately trusted
gpg: directory '/tmp/gpgscm-20190510T180345-run-tests-zh02be/openpgp-revocs.d' created
armor.c:1159:11: runtime error: member access within null pointer of type 'struct string_list'

0: tests.scm:122: (throw (string-append (stringify what) " failed") (:stderr result))
1: issue2929.scm:30: (call-check `(,@gpg --quick-generate-key
FAIL: tests/openpgp/issue2929.scm

Because -fno-sanitize-recover is used, abort() is called on a finding. It is needed because test frameworks often swallow the message *runtime error: ...* and the tester never gets to see it.

Event Timeline

JW created this object in space S1 Public.

It looks like this patch clears this finding:

--- g10/armor.c
+++ g10/armor.c
@@ -1156,7 +1156,7 @@
 	    /* write the comment strings */
-	    for(s=comment->d;comment;comment=comment->next,s=comment->d)
+	    for(s=comment?comment->d:NULL;comment;comment=comment->next,s=comment->d)
 		iobuf_writestr(a, "Comment: " );
 		for( ; *s; s++ )
gniibe changed the task status from Open to Testing.May 14 2019, 4:26 AM
gniibe claimed this task.
gniibe triaged this task as Normal priority.
gniibe added a subscriber: gniibe.

Thanks for your report.

Actually, another s=comment->d is also problem.

Fixed in master and STABLE-BRANCH-2.2.