From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS22989 209.51.188.0/24 X-Spam-Status: No, score=-4.0 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, MSGID_FROM_MTA_HEADER,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id C6F511F8C6 for ; Mon, 23 Aug 2021 10:07:48 +0000 (UTC) Received: from localhost ([::1]:44160 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mI6rr-0008JH-Kc for normalperson@yhbt.net; Mon, 23 Aug 2021 06:07:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45878) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mI6pr-00055N-PG for bug-gnulib@gnu.org; Mon, 23 Aug 2021 06:05:43 -0400 Received: from mx0a-00069f02.pphosted.com ([205.220.165.32]:59334) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mI6pm-0005Xk-Mw for bug-gnulib@gnu.org; Mon, 23 Aug 2021 06:05:43 -0400 Received: from pps.filterd (m0246617.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 17N8Tfoh025306; Mon, 23 Aug 2021 10:05:28 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : in-reply-to : references : date : message-id : content-type : mime-version; s=corp-2021-07-09; bh=F9ZbktzTag+BI9sqnzSheAgxrTkNAmAoV7hw/feMDc4=; b=mmDF+Be+iMEOSbanRqEj8ruze+Nm9h6DNidOcf9PSgwrwWhfI330g+qzZeAnMOk599nL 64SHHxU40xivqomHEqOu76WCaZEsIibMEcz3YxCgv/TsqysYGQI12+/ZIAePhY8uRgj0 Umxof0T3AhfGad3/vWbgmJgAZxybhcbcxWZjfYStP3k/AvKzYmJUrSc6fUtfQyzP5iXU e8bvp48MYulyQp77+GqKhF55Sl0bvckZo47ULjoiYhemwk///XlS7XTxswhu3lCzah+z 6FX4l8JdmIn38F1y7DkPwKUiAG6jq8DAx7JYtYc81AyNk72YfOZcvjsjozFV/5ExQuQM 2A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : in-reply-to : references : date : message-id : content-type : mime-version; s=corp-2020-01-29; bh=F9ZbktzTag+BI9sqnzSheAgxrTkNAmAoV7hw/feMDc4=; b=aWadeyV23Twg5bkaAgWgz1r2j39PIUYqDGc8Hxh7bDJgYmprbH76r1qZXzdDVraVIFsD +SSW8P9ftYd53mknSJHmiDuMHMplOIKmofG2n6G+KdeeGd9OB+M+b9WUZyEd5zhsog90 AnSr5DMBf6R3yGEufJC4o0aFGY/K/y0VATusO7QFn9+QmEUszefNrvD6Ajg0tNpc5l6m g7uF35MNgg9e3thjDDi7VxiLu+nerBkJhdMg33Mv9qbF+v8a5LO4433ceNGhJC88KJAT KsqeerGgJ8oHnv7HgoBtXyOPRt0lMUWzNfWmQE9hwSEOkF287D+0OZH9eRusHorIb+a5 Cw== Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79]) by mx0b-00069f02.pphosted.com with ESMTP id 3aktrts5em-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 23 Aug 2021 10:05:27 +0000 Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 17NA5MeG151800; Mon, 23 Aug 2021 10:05:26 GMT Received: from nam12-mw2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2047.outbound.protection.outlook.com [104.47.66.47] (may be forged)) by userp3020.oracle.com with ESMTP id 3akb8sd2e1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 23 Aug 2021 10:05:26 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IF2/BCQZ8TLGWtTQkre+ojMyM4dcyeRLqDqSL7D0QF4BFFUoNZk3zH/BYjwL3t8WpiWppkGE1F0SHKJ0p9aDPcJLeA7EnHTxRdZF6teRR8whZOnfW9vCZKY3OB+lxgNtAwisVg6Nh0SemkE1SGCC4YyJt/7g5wUTM3LniaN0rx0zEZOHL83ErLym/uyO10kfUEx8UrhcjqFxQu1oy2CyFpjO9Ya6tBJ2E14GjHH8Uh6A/yQDdyRHHDd0Z38phpA/nhHP4dP+s8pa6rnlqofSMc6PKWlVZBSzTuO5EdTIbp5ncD/5wZ/w9ULbTdBD9KQu8LcPk8kFDoLG9XKY6giZAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F9ZbktzTag+BI9sqnzSheAgxrTkNAmAoV7hw/feMDc4=; b=EWCgPXDTGWiEenb7K+XmugrntQDfdh8Mtn/wsgOEUW7+38zO4gwuRiWOUVMIOJ9gCOC6W6NIgu9KVOJboJGUjlvRv0g8F2ebIZcHJTdAVtLgGrTJYzy9cdMltKOQ7yvAWP0WB/nKme2kno+jsF32ai8io+q1HnKL1E+ScOKpqH0JS4nXVpVYoq4KwnyirrTdinPEQk5IO0ToAeSaLoRQI5O7zhHMbBKZ2fM1wQ0wnP6Nml6zcPgtA39bKttOngM/nNR+mzpuzz1mW4oxVBPFaOj9mijUmBHFL+GEm7D/8zvHML0eNIAc9vDjJWkfdc9xQdZ4DyH+rX2+63l9xW9z2A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F9ZbktzTag+BI9sqnzSheAgxrTkNAmAoV7hw/feMDc4=; b=Lg3ZN/u+neYaCBuiWO3wYe95WG3121hAlSY3r6POwNo6Kon1+PrbasV4VRCSIVej3yCyQYrvZemFf46ylMFcoS52zzEgMigz3o0T4cx1DupAgPJedqj0zH3VPpL1RHCFneVlOj4oiIl7hY0bdw9olxTKvAxot5jCt4QngT8IbdU= Authentication-Results: cs.ucla.edu; dkim=none (message not signed) header.d=none;cs.ucla.edu; dmarc=none action=none header.from=oracle.com; Received: from BLAPR10MB5138.namprd10.prod.outlook.com (2603:10b6:208:322::8) by BLAPR10MB5025.namprd10.prod.outlook.com (2603:10b6:208:30d::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.22; Mon, 23 Aug 2021 10:05:19 +0000 Received: from BLAPR10MB5138.namprd10.prod.outlook.com ([fe80::6c3b:ee48:fd8:b568]) by BLAPR10MB5138.namprd10.prod.outlook.com ([fe80::6c3b:ee48:fd8:b568%9]) with mapi id 15.20.4436.024; Mon, 23 Aug 2021 10:05:19 +0000 From: Darren Kenny To: Paul Eggert Subject: Re: [PATCH 1/3] lib/regexec: Fix possible null-dereference In-Reply-To: References: <96f2ea78b6ce05f20d2c38fee43ffe87c3ca2664.1624030621.git.darren.kenny@oracle.com> Date: Mon, 23 Aug 2021 11:05:13 +0100 Message-ID: Content-Type: text/plain X-ClientProxiedBy: DB6PR07CA0111.eurprd07.prod.outlook.com (2603:10a6:6:2c::25) To BLAPR10MB5138.namprd10.prod.outlook.com (2603:10b6:208:322::8) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from oracle.com (46.7.162.180) by DB6PR07CA0111.eurprd07.prod.outlook.com (2603:10a6:6:2c::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.6 via Frontend Transport; Mon, 23 Aug 2021 10:05:18 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3b67c72f-23da-4e96-29d0-08d9661d82da X-MS-TrafficTypeDiagnostic: BLAPR10MB5025: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: zD08BztTi1sDvLBwj9mdQqAA3RlcKXDl3ksAvFgV1SIqJe3V7Jhm7/qxbzdkPfD7fcusy9BlcBX4EAXbDuBX+PW8AwwcC8XVZv942rQP0L1Cs2XYFgtsRYkx5YFkXwHHzkWa3QEEoNRZLo0JWUk9+7F3u04cBHEM6Q4pXslid+3SDcJKukBp2oKgAIlACcIIJN0odOYqRBX0TewY5EMso1hy+kDz+1Y2CVpXIdPaHu0e9kjpqWBaFY6e26orfqHtzh7O8YQ5DtCodwfS5kdpd5ufSlQDzGeBL6o4bvqnecRd8K23FfOTjedEZbfhanZtzAlFCpAjg6OYMQgBzxs3osePbZCGW3JnCJDFZhBhaBbbPcQIV4lgI/J3Jfi17kdnOMQb8BVr1V41wHtSLwbtm4h48x1+HNAE7D2dZT7sy9CRoMLQb7rLYHJ51sb2nASsqn186SJFJWwyrBfK35XH0/YH+Z/dNw8uFWhh2wtck5aDfVjSyknyFCRoKXaat/7TbE4LQyutZXD2xa7CGt9qIhbPaVdicZeUS1gxhd2BqeBJsdO5YRAOYzkyurIN05xrZR9Wzq456H9dMuhGAV58roP0IEu/4IPyqxzETtjXS3KjHu7YUuS6JoOq1lMBhAoPAFoqqZLCXMmZaEEzNXhWCrQJmLykgk/EIK/JmbhAlKax/kwRMEQFl81m1ka3L3niN2mwogXzDEbL49KnIQxoxA== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BLAPR10MB5138.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(956004)(53546011)(2616005)(66556008)(66476007)(8936002)(316002)(86362001)(8886007)(66946007)(6916009)(36756003)(44832011)(508600001)(26005)(52116002)(7696005)(8676002)(186003)(4326008)(55016002)(6666004)(5660300002)(38350700002)(38100700002)(2906002)(107886003); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?PVYji5oncFWO8gxG11ra+j9L/0uO+6AJQCiV5a6vyJXnMRVcJybaGfF3vth5?= =?us-ascii?Q?JSjJQdQaiz80wfZTZ+7yKUNA8lE9qiJe66Bj8SK1J2f4oYit6S/kO8lbT93v?= =?us-ascii?Q?p1Th41JyRdGz5JUsg3Z+xNJHCNOsWcHcTxN/t+7S8XKlfDBKdldbwLiTfNe7?= =?us-ascii?Q?9NL3G0QLn9RGar/VuCEGEdSQWcR5sFx6OnT3SqdpQGvhCwcmsOll0cFeOuF2?= =?us-ascii?Q?i5QgdHKZ8ZDvdWENrhtHO3oHdtTcBEa9wsc0MVCPrSXOTPtXp/or1ODzyK+L?= =?us-ascii?Q?lLX5VR83yq9WVtKcCuHOmuQxKsQFcyifrY718s8BmwuNs87U5xaOPqX1X4h2?= =?us-ascii?Q?zVueMUf10erqq0T53HEBvnTQfD93R4TxGGy7bKtzjzhLJ6dn/6y4kXQ5My04?= =?us-ascii?Q?ofZHSAc4DSfkRzHv7LKLDJS3FVcPo19FTvpQQgxx/S+uYxtVIk43DYfQnZyV?= =?us-ascii?Q?Xb8PSJhlqMCBMl9YibCj4P+3epu08na1aBC2rafvjASlxjdgg0NXpUAEaCKG?= =?us-ascii?Q?2O7Laabg9jhhkMtA4D9t1Y+MnCUEgsy3oyo+K8mLvj7Bum/QrK1tNDpRE7AG?= =?us-ascii?Q?CKRtigBMwuvalsuZVpYK7QrWVu38Y44qiERgVEDb7qN2LzlraqqQsNObwOso?= =?us-ascii?Q?PXak00YCuUz73vlrHC0jRsqh2Z9W3NS+A/3g4gO8gz8vErKvHQpRMOSpf9/I?= =?us-ascii?Q?1F0pwqJLGILOatASGUj5Z/+ycrqq3qGLgWxnQs+Vn9+6/xQYru1o7QEfSkzb?= =?us-ascii?Q?g/EyOuWVZObC/ZlWt76bTeo4014w9qm4fJ5qlJx0kSeBRetWQbR0xAoZvflT?= =?us-ascii?Q?coEVaAlZEsQuMuwiMiFsjOqOeQC2rTqmS1W0AN9wx0yh/T/FlDrZDBaJvxhS?= =?us-ascii?Q?pyKDHY9vFF/yBLuxjPAIIZcAetkbqJUbq5zkxKqODtu5KXsv6Ri3529/7aBw?= =?us-ascii?Q?/G6bcvjSOT1JrroH7R6paJRj3Fksg8qSOlue9GzaDs6F6Iac0N3Ym9XU3b85?= =?us-ascii?Q?pRLZKWYtmv4p1Yu+ndIwFW3/TE1cgjLeMExmKGW4jyn1KP2ptaAJf5XW+opt?= =?us-ascii?Q?i4hEx+aO5V2U7UBEHUUpG7axSqCIRVtYVH4cETl0ev4MDYALSfqstCioD2bV?= =?us-ascii?Q?aPi0yxXyZZZ6NQ0WiQE7kv1PX83cWARA2KD70hwSDSRhQyIdcBSBB91uA7PR?= =?us-ascii?Q?do9fx2nvvhmFaYYsbyXTzI+JKefG2tskDScaob7xQYoxhNuA1Mkf4n9epGdG?= =?us-ascii?Q?oJCeB7+e62Es17y96DDvq4o6cBbXwD81MQ+NzY6Lgj5mEnZwi/ubaTrTb8np?= =?us-ascii?Q?d5sNF70NgQ33koEX/RMfH10b?= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3b67c72f-23da-4e96-29d0-08d9661d82da X-MS-Exchange-CrossTenant-AuthSource: BLAPR10MB5138.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2021 10:05:19.2105 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4/KdHrJ4FSY1Szn89OfedkqtXrMrgICTmALbIndvHXSUUNvPGmnJZDXvsc8N2G+nQjHR8S+Wo3Juzi8bAnbjXg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLAPR10MB5025 X-Proofpoint-Virus-Version: vendor=nai engine=6300 definitions=10084 signatures=668682 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 phishscore=0 spamscore=0 bulkscore=0 mlxlogscore=999 malwarescore=0 adultscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2108230067 X-Proofpoint-GUID: TkEBOis8i0yui_dSpjG9jN21vFo9Wasm X-Proofpoint-ORIG-GUID: TkEBOis8i0yui_dSpjG9jN21vFo9Wasm Received-SPF: pass client-ip=205.220.165.32; envelope-from=darren.kenny@oracle.com; helo=mx0a-00069f02.pphosted.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_BL=0.01, RCVD_IN_MSPIKE_L3=0.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: bug-gnulib@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Gnulib discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Daniel Kiper , bug-gnulib@gnu.org Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Sender: "bug-gnulib" Hi Paul, Sorry, somehow I missed your responses. On Wednesday, 2021-08-11 at 00:28:26 -07, Paul Eggert wrote: > On 6/18/21 8:44 AM, Darren Kenny wrote: >> It appears to be possible that the mctx->state_log field may be NULL > > How so? I don't see the execution path that would do that. > The explanation given by Coverity boils down to: - In check_matching(), line 1069, there is a test if mctx->state_log != NULL - Later there is a call to transit_state() at line 1125, which is followed by a check for mctx->state_log != NULL again. - In transit_state(), there is a call to transit_state_mb() at line 2226, which in turn, at line 2497, directly references mctx->state_log without first checking if it is NULL. Because of the existing checks if mctx->state_log != NULL, Coverity seems to be assuming that it is possible that it may be NULL, so transit_state_mb()'s use of it should also be checking it. Coverity also acknowledges that extend_buffers() may also modify the field, but not in all cases. > If you can see how it could happen, please let us know. Otherwise, does > the attached patch pacify Coverity, and if not why not? > The patch we have already satisfies Coverity, once applied, I have not checked if a DEBUG_ASSERT() call, in a path that Coverity isn't including anywhere in its analysis would work. Why do you think an assert in clean_state_log_if_needed() would help? Thanks, Darren. > The DEBUG_ASSERT stuff does pacify GCC, as it tells GCC things that GCC > isn't smart enough to figure out on its own. I hope Coverity can use > similar advice. > diff --git a/lib/regexec.c b/lib/regexec.c > index 5e4eb497a..f25e00d83 100644 > --- a/lib/regexec.c > +++ b/lib/regexec.c > @@ -1674,6 +1674,8 @@ build_sifted_states (const re_match_context_t *mctx, re_sift_context_t *sctx, > static reg_errcode_t > clean_state_log_if_needed (re_match_context_t *mctx, Idx next_state_log_idx) > { > + DEBUG_ASSERT (mctx->state_log != NULL); > + > Idx top = mctx->state_log_top; > > if ((next_state_log_idx >= mctx->input.bufs_len