NetBSD Problem Report #54491

From www@netbsd.org  Tue Aug 27 05:29:43 2019
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 6EBDF7A1A1
	for <gnats-bugs@gnats.NetBSD.org>; Tue, 27 Aug 2019 05:29:43 +0000 (UTC)
Message-Id: <20190827052942.7ACA57A1BB@mollari.NetBSD.org>
Date: Tue, 27 Aug 2019 05:29:42 +0000 (UTC)
From: n54@gmx.com
Reply-To: n54@gmx.com
To: gnats-bugs@NetBSD.org
Subject: sysinst is not LLVM ASan clean
X-Send-Pr-Version: www-1.0

>Number:         54491
>Category:       install
>Synopsis:       sysinst is not LLVM ASan clean
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Aug 27 05:30:00 +0000 2019
>Last-Modified:  Tue Aug 27 14:55:01 +0000 2019
>Originator:     Kamil Rytarowski
>Release:        NetBSD 9.99.10
>Organization:
TNF
>Environment:
NetBSD  9.99.10 NetBSD 9.99.10 (GENERIC) #0: Tue Aug 27 05:56:51 CEST 2019  kamill@chieftec:/public/netbsd.asan/sys/arch/amd64/compile/GENERIC amd64
>Description:
sysinst errors after unpacking sets

=================================================================               
==18==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f7ff7a9b478 
at pc 0x7f7ff786fb22 bp 0x7f7fffffd590 sp 0x7f7fffffd588                        
READ of size 8 at 0x7f7ff7a9b478 thread T0                                      
    #0 0x7f7ff786fb21 in doupdate (/usr/lib/libcurses.so.8+0x6fb21)     // /usr/src/lib/libcurses/refresh.c:2013
    #1 0x7f7ff7865c19 in wrefresh (/usr/lib/libcurses.so.8+0x65c19)     // /usr/src/lib/libcurses/refresh.c:481
    #2 0x38ff0c in do_configmenu (/usr/sbin/sysinst+0x18ff0c)           // /usr/src/usr.sbin/sysinst/arch/amd64/../../configmenu.c:460
    #3 0x364cce in do_install (/usr/sbin/sysinst+0x164cce)              // /usr/src/usr.sbin/sysinst/arch/amd64/../../install.c:211        
    #4 0x35d76e in opt_act_2_0 (/usr/sbin/sysinst+0x15d76e)             // /public/netbsd.asan/usr.sbin/sysinst/arch/amd64/menu_defs.c:254
    #5 0x35ae43 in process_menu (/usr/sbin/sysinst+0x15ae43)            // /public/netbsd.asan/usr.sbin/sysinst/arch/amd64/menu_defs.c:3208
    #6 0x364281 in main (/usr/sbin/sysinst+0x164281)                    // /usr/src/usr.sbin/sysinst/arch/amd64/../../main.c:277
    #7 0x262e1c in ___start (/usr/sbin/sysinst+0x62e1c)                         

0x7f7ff7a9b478 is located 40 bytes to the left of global variable 'buf' defined 
in '/usr/src/lib/libcurses/refresh.c:1465:16' (0x7f7ff7a9b4a0) of size 2048     
0x7f7ff7a9b478 is located 8 bytes to the right of global variable 'blank' define
d in '/usr/src/lib/libcurses/refresh.c:1119:17' (0x7f7ff7a9b460) of size 16     
SUMMARY: AddressSanitizer: global-buffer-overflow (/usr/lib/libcurses.so.8+0x6fb
21) in doupdate                                                                 
Shadow bytes around the buggy address:                                          
  0x4feffef53630: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9               
  0x4feffef53640: 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00               
  0x4feffef53650: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9               
  0x4feffef53660: f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 04 f9 f9 f9               
  0x4feffef53670: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00               
=>0x4feffef53680: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 00 00 f9[f9]              
  0x4feffef53690: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00               
  0x4feffef536a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00               
  0x4feffef536b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00               
  0x4feffef536c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00               
  0x4feffef536d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00               
Shadow byte legend (one shadow byte represents 8 application bytes):            
  Addressable:           00                                                     
  Partially addressable: 01 02 03 04 05 06 07                                   
  Heap left redzone:       fa                                                   
  Freed heap region:       fd                                                   
  Stack left redzone:      f1                                                   
  Stack mid redzone:       f2                                                   
  Stack right redzone:     f3                                                   
  Stack after return:      f5                                                   
  Stack use after scope:   f8                                                   
  Global redzone:          f9                                                   
  Global init order:       f6                                                   
  Poisoned by user:        f7                                                   
  Container overflow:      fc                                                   
  Array cookie:            ac                                                   
  Intra object redzone:    bb                                                   
  ASan internal:           fe 
  Left alloca redzone:     ca                                                   
  Right alloca redzone:    cb                                                   
  Shadow gap:              cc                                                   
==18==ABORTING
>How-To-Repeat:
1. ./build.sh -C /public/extras -j8 -N0 -U -u -V MAKECONF=/dev/null -V MKDEBUGLIB=yes -V MKDEBUG=yes -V MKSANITIZER=yes -V MKLLVM=yes -V MKGCC=no -V HAVE_LLVM=yes -O /public/netbsd.asan distribution

2. Build release

3. Build iso-image

4. Try to install in qemu.
>Fix:
N/A

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: install-manager->lib-bug-people
Responsible-Changed-By: martin@NetBSD.org
Responsible-Changed-When: Tue, 27 Aug 2019 06:44:13 +0000
Responsible-Changed-Why:
Sounds like a libcurses bug to me


From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: install/54491: sysinst is not LLVM ASan clean
Date: Tue, 27 Aug 2019 11:29:39 +0200

 This seems to depend on the terminal type, i.e. I can not reproduce it
 with "xterm".

 Did you use quemu with graphical display (so your $TERM would have been
 wsvt25)?

 Martin

From: Kamil Rytarowski <n54@gmx.com>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: install/54491: sysinst is not LLVM ASan clean
Date: Tue, 27 Aug 2019 16:29:57 +0200

 On 27.08.2019 11:30, Martin Husemann wrote:
 > The following reply was made to PR install/54491; it has been noted by G=
 NATS.
 >
 > From: Martin Husemann <martin@duskware.de>
 > To: gnats-bugs@netbsd.org
 > Cc:
 > Subject: Re: install/54491: sysinst is not LLVM ASan clean
 > Date: Tue, 27 Aug 2019 11:29:39 +0200
 >
 >  This seems to depend on the terminal type, i.e. I can not reproduce it
 >  with "xterm".
 >
 >  Did you use quemu with graphical display (so your $TERM would have been
 >  wsvt25)?
 >
 >  Martin
 >
 >

 # echo $TERM
 wsvt25

 I use qemu with -curses.

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.