mirror of
https://github.com/openssl/openssl.git
synced 2024-12-27 06:21:43 +08:00
5c42ced0ff
ubsan on clang17 has started warning about the following undefined
behavior:
crypto/lhash/lhash.c:299:12: runtime error: call to function err_string_data_hash through pointer to incorrect function type 'unsigned long (*)(const void *)'
[...]/crypto/err/err.c:184: note: err_string_data_hash defined here
#0 0x7fa569e3a434 in getrn [...]/crypto/lhash/lhash.c:299:12
#1 0x7fa569e39a46 in OPENSSL_LH_insert [...]/crypto/lhash/lhash.c:119:10
#2 0x7fa569d866ee in err_load_strings [...]/crypto/err/err.c:280:15
[...]
The issue occurs because, the generic hash functions (OPENSSL_LH_*) will
occasionaly call back to the type specific registered functions for hash
generation/comparison/free/etc, using functions of the (example)
prototype:
[return value] <hash|cmp|free> (void *, [void *], ...)
While the functions implementing hash|cmp|free|etc are defined as
[return value] <fnname> (TYPE *, [TYPE *], ...)
The compiler, not knowing the type signature of the function pointed to
by the implementation, performs no type conversion on the function
arguments
While the C language specification allows for pointers to data of one
type to be converted to pointers of another type, it does not
allow for pointers to functions with one signature to be called
while pointing to functions of another signature. Compilers often allow
this behavior, but strictly speaking it results in undefined behavior
As such, ubsan warns us about this issue
This is an potential fix for the issue, implemented using, in effect,
thunking macros. For each hash type, an additional set of wrapper
funtions is created (currently for compare and hash, but more will be
added for free/doall/etc). The corresponding thunking macros for each
type cases the actuall corresponding callback to a function pointer of
the proper type, and then calls that with the parameters appropriately
cast, avoiding the ubsan warning
This approach is adventageous as it maintains a level of type safety,
but comes at the cost of having to implement several additional
functions per hash table type.
Related to #22896
Reviewed-by: Sasa Nedvedicky <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23192)
|
||
|---|---|---|
| .. | ||
| perl | ||
| platform_symbols | ||
| add-depends.pl | ||
| build.info | ||
| c-compress-test.pl | ||
| cavs-to-evptest.pl | ||
| check-format-test-negatives.c | ||
| check-format-test-positives.c | ||
| check-format.pl | ||
| check-malloc-errs | ||
| checkplatformsyms.pl | ||
| ck_errf.pl | ||
| copy.pl | ||
| ctags.sh | ||
| dofile.pl | ||
| echo.pl | ||
| engines.num | ||
| err-to-raise | ||
| find-doc-nits | ||
| find-unused-errs | ||
| fips-checksums.sh | ||
| fix-deprecation | ||
| fix-includes | ||
| fix-includes.sed | ||
| help.pl | ||
| indent.pro | ||
| lang-compress.pl | ||
| libcrypto.num | ||
| libssl.num | ||
| markdownlint.rb | ||
| merge-err-lines | ||
| missingcrypto111.txt | ||
| missingcrypto-internal.txt | ||
| missingcrypto.txt | ||
| missingmacro111.txt | ||
| missingmacro.txt | ||
| missingssl111.txt | ||
| missingssl-internal.txt | ||
| missingssl.txt | ||
| mk-fipsmodule-cnf.pl | ||
| mkbuildinf.pl | ||
| mkdef.pl | ||
| mkdir-p.pl | ||
| mkerr.pl | ||
| mkinstallvars.pl | ||
| mknum.pl | ||
| mkpod2html.pl | ||
| mkrc.pl | ||
| mktar.sh | ||
| opensslwrap.sh | ||
| other-internal.syms | ||
| other.syms | ||
| providers.num | ||
| quicserver.c | ||
| shlib_wrap.sh.in | ||
| su-filter.pl | ||
| update_abi_check.sh | ||
| withlibctx.pl | ||
| wrap.pl.in | ||
| write-man-symlinks | ||