[MDEV-31801] Undefined behavior in ed25519 - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Minor
Resolution: Duplicate
Affects Version/s: None
Fix Version/s: N/A
Component/s: N/A
Labels:
None

Description

The library used by the ed25519 authentication plugin exhibits undefined behavior as reported by UBSAN.

This is edited example output from UBSAN that shows that negative values are used in left shift operations.

ref10/fe_sq.c:121:76: runtime error: left shift of negative value -46510040

    #0 0x7f17794c866d in ref10_fe_sq ref10/fe_sq.c:121

    #1 0x7f17794a4700 in ref10_ge_frombytes_negate_vartime ref10/ge_frombytes.c:21

    #2 0x7f17794a18c2 in crypto_sign_open ref10/open.c:24

Analyzing the code in the MariaDB server, it is seen that it also uses signed integers with both left and right shift operations. The latter is not as big of a problem (I assume) than the former as right shift of negative integers is only implementation defined whereas a left shift is undefined behavior.

I believe marko can confirm that he has also seen this when running with UBSAN.

Attachments

Issue Links

blocks

MXS-4686 Undefined behavior in ed25519 plugin

Closed

duplicates

MDEV-31379 Undefined behavior in the reference Ed25519 implementation

Closed

Activity

People

Assignee:: Unassigned

Reporter:: markus makela

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2023-07-31 08:15

Updated:: 2024-03-06 02:24

Resolved:: 2024-03-06 02:24

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server