Undefined behavior in sm/certdump.c
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	JW
	Apr 1 2020, 7:48 AM

Description

Hi Everyone,

I just built GnuPG 2.2.20 release tarball.

The latest release still needs this patch to avoid undefined behavior when buffer is NULL:

--- sm/certdump.c
+++ sm/certdump.c
@@ -695,9 +695,13 @@
       gpg_err_set_errno (c->error);
       return -1;
     }
-  memcpy (p + c->len, buffer, size);
-  c->len += size;
-  p[c->len] = 0; /* Terminate string. */
+
+  if (p && buffer)
+    {
+      memcpy (p + c->len, buffer, size);
+      c->len += size;
+    }
+    p[c->len] = 0; /* Terminate string. */
 
   return (gpgrt_ssize_t)size;
 }

You should be able to tickle the ub by adding -fsantize=undefined to CFLAGS and LDFLAGS, and then running the test suite.

Details

Version: 2.2.20

Related Objects

Mentioned Here: T4495: UBsan finding "certdump.c:695:3: runtime error: null pointer passed as argument 2"

Event Timeline

JW created this task.Apr 1 2020, 7:48 AM

The problem itself is fixed (in T4495: UBsan finding "certdump.c:695:3: runtime error: null pointer passed as argument 2"). The variable buffer cannot be NULL at memcpy.

• werner closed this task as Resolved.Apr 1 2020, 9:59 AM

• werner claimed this task.

Undefined behavior in sm/certdump.cClosed, ResolvedPublicActions

Description

Details

Related Objects

Event Timeline

Undefined behavior in sm/certdump.c
Closed, ResolvedPublic
Actions