[gnutls-devel] GnuTLS | UB+ASAN: Fail tests if UB detected (!1136)

[Development of GNU's TLS library]

Tim Rühsen commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/merge_requests/1136#note_266281221

>    stage: stage1-testing
>    image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_X86_CROSS_BUILD
>    script:
> +  - apt-get install -y datefudge:amd64

Added the following exceptions to `devel/ubsan.supp`, all unsigned-integer-overflows which *should* be avoided but are *not* UB.
```
buffers.c:1135:36: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'unsigned int'
    #0 0x7fa51f193919 in get_last_packet /gnutls/lib/buffers.c:1135:36
    #1 0x7fa51f192982 in _gnutls_handshake_io_recv_int /gnutls/lib/buffers.c:1407:8
    #2 0x7fa51f1989be in _gnutls_recv_handshake /gnutls/lib/handshake.c:1522:8
    #3 0x7fa51f1a1fe3 in handshake_client /gnutls/lib/handshake.c:2999:8
    #4 0x7fa51f1a11b7 in gnutls_handshake /gnutls/lib/handshake.c:2727:10
    #5 0x4f21a7 in client /gnutls/tests/mini-overhead.c:155:9
    #6 0x4f1cb2 in start /gnutls/tests/mini-overhead.c:304:3
    #7 0x4f1901 in doit /gnutls/tests/mini-overhead.c:325:2
    #8 0x4f34ef in main /gnutls/tests/utils.c:254:2
    #9 0x7fa51e8281a2 in __libc_start_main (/lib64/libc.so.6+0x271a2)
    #10 0x41c59d in _start (/gnutls/tests/mini-overhead+0x41c59d)

SUMMARY: UndefinedBehaviorSanitizer: unsigned-integer-overflow buffers.c:1135:36 in 
pk.c:668:12: runtime error: negation of 1 cannot be represented in type 'unsigned int'
    #0 0x7fa51f4352eb in _wrap_nettle_pk_decrypt2 /gnutls/lib/nettle/pk.c:668:12
    #1 0x7fa51f23455f in gnutls_privkey_decrypt_data2 /gnutls/lib/privkey.c:1617:10
    #2 0x7fa51f414d32 in proc_rsa_client_kx /gnutls/lib/auth/rsa.c:210:6
    #3 0x7fa51f1b94e7 in _gnutls_recv_client_kx_message /gnutls/lib/kx.c:570:7
    #4 0x7fa51f1a6023 in handshake_server /gnutls/lib/handshake.c:3461:10
    #5 0x7fa51f1a121d in gnutls_handshake /gnutls/lib/handshake.c:2730:9
    #6 0x4f1e17 in server /gnutls/tests/mini-overhead.c:249:9
    #7 0x4f1b69 in start /gnutls/tests/mini-overhead.c:299:3
    #8 0x4f1901 in doit /gnutls/tests/mini-overhead.c:325:2
    #9 0x4f34ef in main /gnutls/tests/utils.c:254:2
    #10 0x7fa51e8281a2 in __libc_start_main (/lib64/libc.so.6+0x271a2)
    #11 0x41c59d in _start (/gnutls/tests/mini-overhead+0x41c59d)

SUMMARY: UndefinedBehaviorSanitizer: unsigned-integer-overflow pk.c:668:12 in 
rsa.c:235:8: runtime error: negation of 1 cannot be represented in type 'unsigned int'
    #0 0x7fa51f415450 in proc_rsa_client_kx /gnutls/lib/auth/rsa.c:235:8
    #1 0x7fa51f1b94e7 in _gnutls_recv_client_kx_message /gnutls/lib/kx.c:570:7
    #2 0x7fa51f1a6023 in handshake_server /gnutls/lib/handshake.c:3461:10
    #3 0x7fa51f1a121d in gnutls_handshake /gnutls/lib/handshake.c:2730:9
    #4 0x4f1e17 in server /gnutls/tests/mini-overhead.c:249:9
    #5 0x4f1b69 in start /gnutls/tests/mini-overhead.c:299:3
    #6 0x4f1901 in doit /gnutls/tests/mini-overhead.c:325:2
    #7 0x4f34ef in main /gnutls/tests/utils.c:254:2
    #8 0x7fa51e8281a2 in __libc_start_main (/lib64/libc.so.6+0x271a2)
    #9 0x41c59d in _start (/gnutls/tests/mini-overhead+0x41c59d)

SUMMARY: UndefinedBehaviorSanitizer: unsigned-integer-overflow rsa.c:235:8 in 
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1136#note_266281221
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200101/431712cd/attachment-0001.html>