On 06.11.2019 23:38, Christos Zoulas wrote: > On Nov 6, 11:17pm, n54%gmx.com@localhost (Kamil Rytarowski) wrote: > -- Subject: Re: CVS commit: src/sys/kern > > | Technically, I think that this is a real UB. > | > | 6.3.2.3/7 > | A pointer to an object type may be converted to a pointer to a > | different object type. If the resulting pointer is not correctly > | aligned for the referenced type, the behavior is undefined. > > Then you are right. I guess the rationale for the above is that > ... pauses to think ... Dereferencing the new object with the > different type can fail if the original pointer was unaligned? > I don't see how. > I recall a similar UB in tmux that is simpler to illustrate. struct screen *s = &data->screen; /// if data is NULL -> return format_add(ft, "selection_present", "%d", s->sel.flag); This triggered UBSan as we syntactically dereferenced a NULL pointer, which is UB. The intention was to set s = data + offsetof(data, screen) and very compiler optimizes it to do the right thing without real dereference. Similarly from a syntactical point of view we first dereference dlp->d_magic, and next ask for its address &(). This is how I understand the GCC behavior here. This is certainly very sensitive behavior of the sanitzier, but it can catch real bugs. It helped to diagnoze at least a single UVM crash (we had crash reports from ASan and UBSan). > | I agree that this is appeasing the sanitizer. > > Yes, on that we agree. > > christos > [1] https://github.com/tmux/tmux/commit/8fb6666f1733ebd4dcb90ba01dbcfc750190c9df
Attachment:
signature.asc
Description: OpenPGP digital signature