OpenLDAP's UB minefield
- First Post
- Replies
- Stats
-
Go to
- ----- 2023 -----
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
Someone recently wrote on openldap-bugs:
The kernel recently got bitten using the same pattern of unaligned
short pointers through casts. GCC produced code which corrupted
initramfs during unpacking.
See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D100363.
OpenLDAP should fix that code.
Correct. That's what I said long time ago, too. I wonder if OpenLDAP
projects' delusions about Undefined Behaviour "not being a bug" still
persist, or are they perhaps going to fix their buggy code? What a
minefield to walk on, it can blow up anytime.
I am very happy to not have to administer this server code anymore, but I
sure am scared for those who do.
best regards,
Unto Sten
openldap-technical(a)kolttonen.fi wrote:
Someone recently wrote on openldap-bugs:
> The kernel recently got bitten using the same pattern of unaligned
> short pointers through casts. GCC produced code which corrupted
> initramfs during unpacking.
>
> See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D100363.
> OpenLDAP should fix that code.
The kernel bug is unrelated. They're accessing an array of bytes in a loop,
and the compiler decided to vectorize the loop. There is no such condition
in the OpenLDAP or LMDB code.
The error output in the reported OpenLDAP bug very clearly shows that LMDB
is accessing unsigned shorts at 2-byte aligned addresses, which is the correct
alignment for that data type.
https://bugs.openldap.org/show_bug.cgi?id=8988#c23
There is no bug in LMDB, the UBsan report is wrong.
Correct. That's what I said long time ago, too. I wonder if
OpenLDAP
projects' delusions about Undefined Behaviour "not being a bug" still
persist, or are they perhaps going to fix their buggy code? What a
minefield to walk on, it can blow up anytime.
I am very happy to not have to administer this server code anymore, but I
sure am scared for those who do.
best regards,
Unto Sten
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
445
days inactive
462
days old
openldap-technical@openldap.org
1 comments
2 participants
tags (0)
participants (2)
-
Howard Chu -
openldap-technical@kolttonen.fi