On 3/12/25 13:29, Collin Funk wrote:
Yao Shuangjie<[email protected]> writes:We are cybersecurity researchers from the Hong Kong University of Science and Technology. We found several security violations of undefined behaviors in GNU bison 3.8.2 using our novel symbolic execution technique several months ago. The details are shown below. ../lib/obstack.c:138:35: runtime error: applying non-zero offset 107820858999056 to null pointer #0 0x6a3c9c in _obstack_begin_worker/root/projects/bison-3.8.2/obj-san/../lib/obstack.c:138:35 #1 0x6a3a6d in _obstack_begin/root/projects/bison-3.8.2/obj-san/../lib/obstack.c:157:10 #2 0x54988c in muscle_init/root/projects/bison-3.8.2/obj-san/../src/muscle-tab.c:126:3 #3 0x548e2f in main/root/projects/bison-3.8.2/obj-san/../src/main.c:97:3 #4 0x7f14c84cdd8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #5 0x7f14c84cde3f in __libc_start_main csu/../csu/libc-start.c:392:3 #6 0x420664 in _start (/root/projects/bison-3.8.2/obj-san/src/bison+0x420664)This is reported in Gnulib here [1].
The Gnulib issue is adding 0 to a null pointer, a behavior that is undefined in strict C23 but which is likely to be well-defined in the next version of C and which works on all Gnulib porting targets so it's OK with Gnulib.
However, the above-quoted message, like [1], says the code is "applying non-zero offset 107820858999056" to the null pointer. That is a different thing. Is Clang mis-reporting what's happenning?
