RFR: 8332589: ubsan: unix/native/libjava/ProcessImpl_md.c:562:5: runtime error: null pointer passed as argument 2, which is declared to never be null [v3]

Magnus Ihse Bursie ihse at openjdk.org
Fri May 24 08:47:02 UTC 2024 

On Fri, 24 May 2024 07:24:13 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

>> When building with ubsan enabled (--enable-uban) on Linux x86_64 and doing jtreg tests afterwards I run into this error :
>> 
>> /jdk/src/java.base/unix/native/libjava/ProcessImpl_md.c:562:5: runtime error: null pointer passed as argument 2, which is declared to never be null
>>     #0 0x7fd95bec78d8 in spawnChild /jdk/src/java.base/unix/native/libjava/ProcessImpl_md.c:562
>>     #1 0x7fd95bec78d8 in startChild /jdk/src/java.base/unix/native/libjava/ProcessImpl_md.c:612
>>     #2 0x7fd95bec78d8 in Java_java_lang_ProcessImpl_forkAndExec /jdk/src/java.base/unix/native/libjava/ProcessImpl_md.c:712
>>     #3 0x7fd93797a06d (<unknown module>)
>> 
>> this is the memcpy call getting an unexpected null pointer :
>>     memcpy(buf+offset, c->pdir, sp.dirlen); gets a second parameter null.
>> Something similar was discussed and fixed here https://bugs.python.org/issue27570 for Python .
>> 
>> Similar issue in OpenJDK _ 
>> https://bugs.openjdk.org/browse/JDK-8332473
>> 8332473: ubsan: growableArray.hpp:290:10: runtime error: null pointer passed as argument 1, which is declared to never be null
>
> Matthias Baesken has updated the pull request incrementally with one additional commit since the last revision:
> 
>   handle special case that memcpy src is NULL but a len larger than 0 was given

This looks much safer. Thank you! 

I think the code can be simplified a bit, as commented. It does not matter much, so you can keep the current code as well if you think it looks better.

src/java.base/unix/native/libjava/ProcessImpl_md.c line 563:

> 561:     offset = copystrings(buf, offset, &c->envv[0]);
> 562:     if (c->pdir != NULL) {
> 563:         if (sp.dirlen > 0) {

As long as c->pdir is non-null, I think the code below is safe to execute. `memcpy(a, b, len)` should be okay if `len` is 0, as long as `a` and `b` are non-null, right?

So this check here is not needed, I think.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/19329#issuecomment-2128960961
PR Review Comment: https://git.openjdk.org/jdk/pull/19329#discussion_r1613102923

More information about the core-libs-dev mailing list