[MDEV-20778] UBSAN: call to function free_rpl_filter() through pointer to incorrect function type Created: 2019-10-09  Updated: 2019-10-30  Resolved: 2019-10-14

Status: Closed
Project: MariaDB Server
Component/s: Replication, Server
Affects Version/s: 10.1, 10.2, 10.3, 10.4
Fix Version/s: 10.2.28, 10.3.19, 10.4.9

Type: Bug Priority: Major
Reporter: Eugene Kosov (Inactive) Assignee: Eugene Kosov (Inactive)
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-20923 UBSAN: member access within address …... Closed

 Description   

Full message looks like this:

../sql/keycaches.cc:93:5: runtime error: call to function free_rpl_filter(char const*, Rpl_filter*) through pointer to incorrect function type 'void (*)(const char *, unsigned char *)'
 
/home/kevg/work/m/bb-10.2-kevgs/build_ubsan/../sql/keycaches.cc:224: note: free_rpl_filter(char const*, Rpl_filter*) defined here
 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../sql/keycaches.cc:93:5 in



 Comments   
Comment by Eugene Kosov (Inactive) [ 2019-10-09 ]

Please, review. This patch is needed to eventually make UBSAN available for InnoDB testing.

Comment by Oleksandr Byelkin [ 2019-10-10 ]

When I agree with uchar* I have no idea why other types touched.
There should be explanation or just that part of the patch removed.

Comment by Eugene Kosov (Inactive) [ 2019-10-10 ]

Thanks for you review, sanja!
I've added more comments and removed now unneeded type casts from patch.

In general, you can't cast any pointer type to any pointer type because it violates language object model. Rules are more or less the same for both C and C++.
1) You can cast any pointer type to void*
2) You can cast void* to any pointer type
3) You can cast any pointer type to char* or unsigned char*
4) You can cast signed integer pointer to unsigned and vice versa
And that's roughly all. Any other pointer casts are bugs.

Comment by Oleksandr Byelkin [ 2019-10-11 ]

free_key_cache & free_rpl_filter need only object of certain type and you remove this in definition of the function, I do not see sens in this change.

Comment by Eugene Kosov (Inactive) [ 2019-10-11 ]

If I don't change free_rpl_filter() type I see this:

../sql/keycaches.cc:230:31: error: cannot initialize a parameter of type 'void (*)(const char *, void *)' with an lvalue of type 'void (const char *, Rpl_filter *)': type mismatch at 2nd parameter ('void *' vs 'Rpl_filter *')
 
  rpl_filters.delete_elements(free_rpl_filter);
 
                              ^~~~~~~~~~~~~~~
 
../sql/keycaches.cc:87:42: note: passing argument to parameter 'free_element' here
 
void NAMED_ILIST::delete_elements(void (*free_element)(const char *name, void*))
 
                                         ^

No surprises here: types of function pointer are different.

It I 'fix' that with a cast of a function pointer like this:

rpl_filters.delete_elements((void (*)(const char *, void *)) free_rpl_filter);

I see this:

../sql/keycaches.cc:93:5: runtime error: call to function free_rpl_filter(char const*, Rpl_filter*) through pointer to incorrect function type 'void (*)(const char *, void *)'
 
/home/kevg/work/m/bb-10.2-kevgs/build_ubsan/../sql/keycaches.cc:224: note: free_rpl_filter(char const*, Rpl_filter*) defined here
 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../sql/keycaches.cc:93:5 in

And this is exactly what I'm fixing in this patch: consequences of incorrect function type cast.

Comment by Oleksandr Byelkin [ 2019-10-14 ]

So maybe one should use cast during call or change code to use correct pointers, is it possible?

Comment by Oleksandr Byelkin [ 2019-10-14 ]

OK to push

Generated at Thu Feb 08 09:02:06 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.