Clang-11.0.0 Miscompiled SQLite

栏目: IT技术 · 发布时间: 5年前

内容简介：It appears that the clang-11.0.0 compiler mis-compiles sqlite3.c version 3.32.1. I havechecked in a change to SQLite that appears to work around the problem. But there might be other bugs. Therefore, use clang-11.0.0 with caution and test your applicatio

It appears that the clang-11.0.0 compiler mis-compiles sqlite3.c version 3.32.1. I havechecked in a change to SQLite that appears to work around the problem. But there might be other bugs. Therefore, use clang-11.0.0 with caution and test your applications carefully!

Details:

OSSFuzz has been reported bug 23003 against SQLite. I could not reproduce the problem on my desktop (Ubuntu with gcc-5.4.0) so I followed the OSSFuzz bug replication procedures and discovered what appears to be a problem with Clang-11.0.0 currently used by OSSFuzz.

The code that is miscompiled is lines 345-347 of the src/utf.c source file , shown below:

c = pMem->flags;
      sqlite3VdbeMemRelease(pMem);
      pMem->flags = MEM_Str|MEM_Term|(c&(MEM_AffMask|MEM_Subtype));

From the -S output, it looks like Clang-11.0.0 is compiling these three lines as if there were written as:

sqlite3VdbeMemRelease(pMem);
      pMem->flags = MEM_Str|MEM_Term|(pMem->flags&(MEM_AffMask|MEM_Subtype));

In other words, Clang seems to be assuming that the sqlite3VdbeMemRelease() function does not change the value of pMem->flags. But it does. My work-around is to do the bit-twiddling of pMem->flags before the function call instead of afterwards:

c = MEM_Str|MEM_Term|(pMem->flags&(MEM_AffMask|MEM_Subtype));
      sqlite3VdbeMemRelease(pMem);
      pMem->flags = c;

Compiler Version And Build Details:

OSSFuzz reports the compiler used as:

clang version 11.0.0 (https://github.com/llvm/llvm-project.git a6ae333a0c23fc9b0783ca45e2676abac00c6723)
    Target: x86_64-unknown-linux-gnu
    Thread model: posix

The build script compiles SQLite thusly:

clang -O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link -DSQLITE_MAX_LENGTH=128000000 -DSQLITE_MAX_SQL_LENGTH=128000000 -DSQLITE_MAX_MEMORY=25000000 -DSQLITE_PRINTF_PRECISION_LIMIT=1048576 -DSQLITE_DEBUG=1 -DSQLITE_MAX_PAGE_COUNT=16384 -O1 -g -I. -c -O1 -g ./sqlite3.c -o sqlite3.o

以上就是本文的全部内容，希望本文的内容对大家的学习或者工作能带来一定的帮助，也希望大家多多支持码农网

查看所有标签

猜你喜欢:

Clang-11.0.0 Miscompiled SQLite

本站部分资源来源于网络，本站转载出于传递更多信息之目的，版权归原作者或者来源机构所有，如转载稿涉及版权问题，请联系我们。

码农书籍

互联网心理学

雷雳 / 北京师范大学出版社 / 2016-6-1 / CNY 99.00

☆人为什么要使用互联网？ ☆为什么越来越多的人更喜欢在网上畅所欲言？ ☆网络行为背后的心理机制又是什么？ ☆虚拟网络世界又是如何改变了我们？当连接万物的互联网遇见无处不在的心理学，当虚拟空间生长出真实的“心理特性”，我们需要用心理学的方式，重新思考互联网背后的人与社会。这是一部汇集前沿学者智慧、充满探索精神的佳作，该书从心理学视角切入，透过文化多样性和环境多样性，详细解读......一起来看看《互联网心理学》这本书的介绍吧!

码农工具

HTML 编码/解码

RGB CMYK 转换工具

RGB CMYK 互转工具