From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS22989 209.51.188.0/24 X-Spam-Status: No, score=-3.9 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, MSGID_FROM_MTA_HEADER,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id A16781F8C6 for ; Tue, 24 Aug 2021 15:12:33 +0000 (UTC) Received: from localhost ([::1]:33402 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mIY6K-0003jP-B0 for normalperson@yhbt.net; Tue, 24 Aug 2021 11:12:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36280) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mIY5X-0003Co-C8 for bug-gnulib@gnu.org; Tue, 24 Aug 2021 11:11:43 -0400 Received: from mx0b-00069f02.pphosted.com ([205.220.177.32]:25340) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mIY5U-0004AG-RE for bug-gnulib@gnu.org; Tue, 24 Aug 2021 11:11:42 -0400 Received: from pps.filterd (m0246631.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 17OF0bxh021187; Tue, 24 Aug 2021 15:11:30 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : in-reply-to : references : date : message-id : content-type : mime-version; s=corp-2021-07-09; bh=+BBvlMHbE+wjvxed9J7nzGaRmfOAfnFxypRCm7glcUI=; b=TSDdO9iKe93j7yppHQkRHIdf/hGontsbt+mRsYgh3ypjiUvA3DObfhQ2WPgTxsn9SLSA XzJMDPfFsH/WrOD62To+NlDPApdCDJ6ynG/ZFL1WF5+Gc4Rz+scuHzh6XrDzUM/XOtvj IA6WZ4xaCaa+GCNMuWpnZR+5BtTGIJI5lW+LNpHP5hHnOMk1/4+DULqJP8O/9oYBATWZ OOsQHrigi8iD+cd5x373e4UlWC3v9zEzP3ubotqMXLPBIDL1KkOZDAerARUsGwsceY2+ Lci3zh0cL9DGbZ5sPpv/Bd8vM1Eb2TKz64ZnATYsTrn+Qfrw8oKq7MVlmfkzL9I/4xcL rQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : in-reply-to : references : date : message-id : content-type : mime-version; s=corp-2020-01-29; bh=+BBvlMHbE+wjvxed9J7nzGaRmfOAfnFxypRCm7glcUI=; b=tcRB/sKhkHB1EyxhOM2J8Ul83rgPBtIXIB4uIfN9eUIlgWTTeACk5az6nlgQa9xG3feO BBHsC+rYCjbmou5XdiXxC+TXfsYaUzEBapBZIhxw3NXcsgeH2ddGOzyZcaYwzRNKMMRK FNAjUoSJ06VvZnzXhQxk4UKbU3Tz0bCsRSL6aJ1oPUX07eRRi/h8mp//j+OYf/d9Chga Sto5Pbeew6NFJiqnOTP+zP5s94mM7Fl3DWVLqqO9i4LlcOmX+Xdl4eJNrJV0+61DikV7 lo1AKH4rozI1KMKw/wrlROSB/6KnGqUiL7mxoNpmAffaW1zllgcyZrymWhkxDPDXysnK 4A== Received: from aserp3020.oracle.com (aserp3020.oracle.com [141.146.126.70]) by mx0b-00069f02.pphosted.com with ESMTP id 3amwmv8xd2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 24 Aug 2021 15:11:30 +0000 Received: from pps.filterd (aserp3020.oracle.com [127.0.0.1]) by aserp3020.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 17OF5Fh5059984; Tue, 24 Aug 2021 15:11:28 GMT Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2168.outbound.protection.outlook.com [104.47.58.168]) by aserp3020.oracle.com with ESMTP id 3ajsa5ew7f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 24 Aug 2021 15:11:28 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Txu2cXLJhTJFb4va2UF+sdh++KWAZTMdgAXW/xNqcuWNIVrPygcB8RPgua7LAKn0OD4htzzofRiMCGeWo0ZnLyIbjNB84lh7bopniLKSS9ZNPYzquRqUXxZWk0mHNmpN7+40PeoWXzKffkDU6UHlCzW/gHVEha4sAdKK4sirJW4o1SqoWK1Zxh11k/BvIJOpe4DdeeyuEGNPdunftYAMWX+bZBg8oaby6mHyc06/k3ke6MI/bGdFCv9lzhyZDfQGy9fB5DJrSTAOCDdA4aRtPdKLqBpoZ0GNs7Kvdmj51SrKJi5kwCjV7nSTkA8AE5uaesBtgHFXhtY59+tGvLkg4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+BBvlMHbE+wjvxed9J7nzGaRmfOAfnFxypRCm7glcUI=; b=f3zdHbePufIOhYykKHTImMg8JtR+q2krLfRc0el0P1OvOPic7LzDXSgm/ac6Tr/dKdTd9eY2KGSXGbf9bq/1DmI2NDba22TFzdGfIsuzMcu42K8ptGZ3lwCU7CZZHZMJNv/8KSLIYcA5i8YqQAKMjoxF7wCXPFb01MVTQPDnP02OXJXuy1DwIj9BJPNlxw6ZD7x04nn1vwxupUKPbQEN4KINq8/19x+bKsUOnRSkLvLT1cP6xYiVqYkZPSj5O8TY0ipNsL2eXSTliqB59CwnpAVz4kvPlHtrhbeeMpjvD5rJeoHnIXWS6XgpNtKULkGiSK5YxDdE6MbtcJLwHc9/0Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+BBvlMHbE+wjvxed9J7nzGaRmfOAfnFxypRCm7glcUI=; b=qE0XgRUOuUNI1YW8qIzQPjxly/LQf+WG+1Gh3kA8XHS0Jpkw9SJh3HFDl6coXeVckAEuTPY0l56ExGGAe2STtoEvah4u7GGRgXne2GaO42+GbyFwQWPA1qpWfkHtOHfiP5Lpy6jLBRxlvs7PxkdEu/0WQATjRFkHZU8in4Tf+Sw= Authentication-Results: cs.ucla.edu; dkim=none (message not signed) header.d=none;cs.ucla.edu; dmarc=none action=none header.from=oracle.com; Received: from BLAPR10MB5138.namprd10.prod.outlook.com (2603:10b6:208:322::8) by BL0PR10MB3059.namprd10.prod.outlook.com (2603:10b6:208:74::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.22; Tue, 24 Aug 2021 15:11:26 +0000 Received: from BLAPR10MB5138.namprd10.prod.outlook.com ([fe80::6c3b:ee48:fd8:b568]) by BLAPR10MB5138.namprd10.prod.outlook.com ([fe80::6c3b:ee48:fd8:b568%9]) with mapi id 15.20.4436.024; Tue, 24 Aug 2021 15:11:26 +0000 From: Darren Kenny To: Paul Eggert Subject: Re: [PATCH 1/3] lib/regexec: Fix possible null-dereference In-Reply-To: <92b34c53-aa12-fb5e-19fd-fd0c7015bddf@cs.ucla.edu> References: <96f2ea78b6ce05f20d2c38fee43ffe87c3ca2664.1624030621.git.darren.kenny@oracle.com> <92b34c53-aa12-fb5e-19fd-fd0c7015bddf@cs.ucla.edu> Date: Tue, 24 Aug 2021 16:11:22 +0100 Message-ID: Content-Type: text/plain X-ClientProxiedBy: DB8P191CA0028.EURP191.PROD.OUTLOOK.COM (2603:10a6:10:130::38) To BLAPR10MB5138.namprd10.prod.outlook.com (2603:10b6:208:322::8) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from oracle.com (46.7.162.180) by DB8P191CA0028.EURP191.PROD.OUTLOOK.COM (2603:10a6:10:130::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19 via Frontend Transport; Tue, 24 Aug 2021 15:11:25 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 366020f7-2ac4-43a1-be07-08d967117139 X-MS-TrafficTypeDiagnostic: BL0PR10MB3059: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: vtU9kDyVKxkO869RcQSiB+IaamZjT94tPFFHz+89KSZG8kvzY61AEkHG23ph78pgsqPUYq48taOSoMwD6uIjKZoWR+gVAwqEz00eoOP/B9XWRoEOpNBobzczps5iBUizreWHHuTUXm48OzRA5uqz6e0JqD+M5XKCS66wJ/Bk4tM8E4zk9o8wYg5dto5nci3HXryuIj2iT9FVt/PY/kaqOUCwVgQq59HVqvGZLGmBtLUJC5XVi75iIS30Xe45lEA1qCssc+b90f6C9ACIjIsU6Ucpcn8YxEUAXSn0nm9fDkD5+ypdu8yycKpZO8Pdoo32hmkkp6W7SJXsqa7A67jeIPx/v8aFNguV9DzWzpScPEzfd0PvgL19d8PF/Ja/63Pv85IgMDCGtoC2uBbwab4LOobuFelAXO/jvTouCm3/Oh9q0+pC/9NY3teVEGXlDUAcvSi+7VKmsQixqDauB2hQD+gK5p5ynE2avwQcmUeaRf4pfP3XPrDszIGgnjBwvC1A0914mgl8XweH/GOd2UggZ+cqDWgIzYg/1QAyKyLyOFWuYShoSYnUDRAgmud3ffzFVHwa4695YRAF7LRBXBqM0UdDIsZmRSRdH/ZyOEyjkjiSjsouevJcESCjHeFbRANZBsKGBsIzWom5Vp9fdWlETm4ODlM6WlTXPvhjHcWnDd5tUH9sA3FeLeOKx4ATeyD/wermJgd13ZJkEauJk7R7nQ== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BLAPR10MB5138.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(346002)(376002)(366004)(136003)(396003)(39860400002)(4326008)(5660300002)(186003)(44832011)(38350700002)(52116002)(478600001)(36756003)(8936002)(107886003)(53546011)(2616005)(86362001)(66476007)(316002)(6666004)(66946007)(8676002)(6916009)(7696005)(66556008)(26005)(8886007)(55016002)(38100700002)(956004)(2906002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?5j+Odg2x6I/YiJPsmm8/IrOAvvRPe+g9t/WvTR2bWENvjo36znO9biqagLUp?= =?us-ascii?Q?oBApt7pwjh5OL0xTzKEDHWSgqr7kYVKlTWSK3aPqRPLaRd3xVDh/lHhveklo?= =?us-ascii?Q?Wtbr3sJ16J2XVMusz/HMDgxDdnprbKzvycq5oLkge68k6EiiXAbt5ejNbiMy?= =?us-ascii?Q?QFM+MwLQH6zLDNQDtQ0XGXk8THdn2SHU1HPUokoFWg5rJcWqgo+jvyRRl8uo?= =?us-ascii?Q?Ru6GSujvrYRf2gy6DXRWqoDWyiQJnNhrNkCp49rwONMOM4LSPzoxQu3x3RE5?= =?us-ascii?Q?mm15OTWU73qrp27zIMwlhMO3EtwErBfqPTEczTCnKZNKxbF7HHopf7Q04ltd?= =?us-ascii?Q?U3kplJKS8hzCeUhxbpo+SFQ6D+xz+664idOmNcOpiWv4kfMIr1axtRmAft2Q?= =?us-ascii?Q?HkFnzxgIa3PUZo84G0n14Bk35lkiGh6GLKTQ93litn6nHvkh77K96FaNcPg7?= =?us-ascii?Q?I5nDlXmds6DeqlV88XlZ+plrKFlCjn0NmxgubouVOXQEpW9MTnEICjSYRtFb?= =?us-ascii?Q?CTCikarUuVflOigG+SJ1k91mZcKPkWUYOTvwhnOZJlO66QJtzIpQ7qgI2ius?= =?us-ascii?Q?QK+F2TANjf3df1YSwHdfkiceHd+EMRq56qhcXSMaOSvDEwRWp2zikeT6oN5y?= =?us-ascii?Q?wsgREiR7bhwmotF9ab6fDqz5ESH4id0VHuGDK0LPQ9EWMPMKLfRk2TsiZ/AL?= =?us-ascii?Q?4OoMePRM10Dc6+pxWmZmpCALKmSoHKvwbub44EpDxhneS1f1zB1Zjz7XNjPc?= =?us-ascii?Q?5fSvHTRexEaJ08tBtUceX/k1i0GdSkMPWZdZf5NISeF+tXG799kG+DDZwZ4d?= =?us-ascii?Q?YPKzhPZMsyk4CLUBadVgD8SZ0JDoRhvSG24i+eDsELk/Nj6xU966IE+eshg3?= =?us-ascii?Q?76zk7r3Cl/ZgDNAEyQ5Yc/r3rnujI2r5YZhjS4EsHbe4GZnBYztAji9eL2N4?= =?us-ascii?Q?IaTz/wZvwwzMIr9nzqQJ/8l3RIxYOtfWE+0G7ECqQmThKKV4u9dSLnZhTXjU?= =?us-ascii?Q?/BRWKAwVngGkoTvuHu+FXLNvS0HXH9j8g0geyIp/pZGnW9ZU0JaDUJSA70Zh?= =?us-ascii?Q?kCBeokLU/M93QYxDvJLOTRXc+GiLR2LNXnOciX/IOmg9nDHekTRQ69RK8rOC?= =?us-ascii?Q?cmp5f740eM/iYOLlMHxhbmGLLSastk3lk+r3q2hhssfvxyUlLdXneAWlBjFQ?= =?us-ascii?Q?IEyKIa+KtjKB0QSBGFWnC3cettpuFqgtPywe3jZtT5QRizQ1vxXautQL+5eC?= =?us-ascii?Q?BqVzalN60w+bAu7KyWuyVcS81dCxopLtdmThi9K7XfhszgmZ97jdhBtPuixO?= =?us-ascii?Q?5BEJD3jDA20M2NsZDN8z23zH?= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 366020f7-2ac4-43a1-be07-08d967117139 X-MS-Exchange-CrossTenant-AuthSource: BLAPR10MB5138.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Aug 2021 15:11:26.3471 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: sm8I9/NQGtwEhVmN4tHsBbMj0aWHW6MklTGa8eFBR7e3TmCXoFzmmXbmsuxX8ZZ0Qrb1TCYdYwKaxzaO1CnQ1w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR10MB3059 X-Proofpoint-Virus-Version: vendor=nai engine=6300 definitions=10086 signatures=668682 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 spamscore=0 mlxlogscore=999 bulkscore=0 mlxscore=0 adultscore=0 malwarescore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2108240101 X-Proofpoint-GUID: yOIJ2tCOPLq7-q8OU7TQWU0ZZtSXUpo8 X-Proofpoint-ORIG-GUID: yOIJ2tCOPLq7-q8OU7TQWU0ZZtSXUpo8 Received-SPF: pass client-ip=205.220.177.32; envelope-from=darren.kenny@oracle.com; helo=mx0b-00069f02.pphosted.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: bug-gnulib@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Gnulib discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Daniel Kiper , bug-gnulib@gnu.org Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Sender: "bug-gnulib" On Monday, 2021-08-23 at 13:09:18 -07, Paul Eggert wrote: > On 8/23/21 3:05 AM, Darren Kenny wrote: > >> The explanation given by Coverity boils down to: >> >> - In check_matching(), line 1069, there is a test if mctx->state_log != >> NULL > > This line number doesn't match either the current Gnulib version (commit > d3837928885e91c9ddd465240b90a97aa342fda6) nor the version in the current > Grub release (2.06). So I guess you are using some other version of > regexec.c. Could you tell us which one? > You're right, I should have fetched from HEAD, the version I was looking at was several weeks old at changeset b50a7e59debf8. >> - In transit_state(), there is a call to transit_state_mb() at line >> 2226, which in turn, at line 2497, directly references mctx->state_log >> without first checking if it is NULL. > > In the Gnulib version, transit_state calls transit_state_mb only if > state->accept_mb is true, and if the state can accept multibyte > characters then in re_search_internal dfa->has_mb_node must be true, > which means that re_search_internal initializes mctx.state_log to a > nonnull pointer before we get to transit_state. > > So I'm not seeing a bug here; it still appears to be a false alarm. If > I'm missing something please let us know. > It certainly may be that Coverity just doesn't know enough for all use-cases. Is there a specific set of assertions already present that ensure that the circumstances you outline above are always in place? >> The patch we have already satisfies Coverity, once applied > > Yes, I can see why the patch would pacify Coverity. However, we > shouldn't add unnecessary code merely to pacify a Coverity false alarm. > >> I have not checked if a DEBUG_ASSERT() call, in a path that Coverity isn't >> including anywhere in its analysis would work. >> >> Why do you think an assert in clean_state_log_if_needed() would help? > > If you tell Coverity to analyze with -DDEBUG, then adding DEBUG_ASSERT > (X != NULL) should tell Coverity that X must be nonnull at that point. > We can use this method to tell Coverity things that it can't deduce on > its own. > At present at least, we're not building GRUB with DEBUG, but maybe it is something to consider for Coverity builds. Thanks, Darren.