fix(endian): ENDIAN_conv が size==0 で size_t アンダーフローし範囲外書き込み#487
Open
sksat (sksat) wants to merge 1 commit into
Open
fix(endian): ENDIAN_conv が size==0 で size_t アンダーフローし範囲外書き込み#487sksat (sksat) wants to merge 1 commit into
sksat (sksat) wants to merge 1 commit into
Conversation
There was a problem hiding this comment.
Pull request overview
library/endian.c の ENDIAN_conv における size_t の不正な空入力ガード(if (size < 0) が常に false)を修正し、size==0 時の size-- によるアンダーフローから発生する範囲外書き込み/クラッシュを防ぐPRです。ENDIAN_memcpy(little-endian ビルドで ENDIAN_conv を呼ぶ)経由でも、memcpy(..., 0) 相当の no-op を安全に扱えるようになります。
Changes:
ENDIAN_convのガード条件をif (size == 0) return;に修正し、size==0のアンダーフローを防止
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
The empty-input guard was `if (size < 0)`, which is always false for the unsigned size_t parameter (dead code), and the following `size--` wrapped to SIZE_MAX when size==0, making the reversal loop write far out of bounds (observed SIGSEGV on little-endian builds where ENDIAN_memcpy delegates to ENDIAN_conv). Rewrite the loop as `for (i = 0; i < size; i++) aft[size-1-i] = bef[i];` so that size==0 is a natural no-op and the size_t underflow is impossible by construction. no-op on zero length matches memcpy(dst, src, 0) semantics, which is the contract ENDIAN_memcpy advertises. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
sksat (sksat)
force-pushed
the
fix/endian-conv-size-underflow
branch
from
bc5c104 to
b3b9453
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
概要
ENDIAN_conv(after, before, size)はsize == 0でsize_tアンダーフローを起こし、範囲外書き込みでクラッシュする。ENDIAN_convはENDIAN_memcpy(IS_LITTLE_ENDIAN時の実体)が委譲する先。「エンディアン考慮版 memcpy」を謳うのに、memcpy(dst,src,0)なら no-op で済む入力でクラッシュする。修正
size--をやめ、アンダーフローしないループに書き換える(ガード追加ではなく失敗モードを構造的に除去)。size==0→ ループが回らず no-opsize>0→ 従来と同じバイト反転(ビット単位で等価)size--不在でアンダーフロー不可能、死にコードif (size < 0)も除去size==0 を no-op にした理由
memcpy(_,_,0)は well-defined な no-op。memcpy にエラー概念は無く、memcpy 互換を謳う以上 no-op が契約通り(エラー化すると互換から外れる)。ENDIAN_convの直接呼び出し元も無い)。assert()を使わず葉関数は benign 値を返す(例:ascii2hexは不正文字に0x00)。影響 / 検証
IS_LITTLE_ENDIAN(SILS/テスト)ビルドのみ。実機(big-endian)はENDIAN_memcpy→memcpyで無関係。現状の呼び出し元は固定非ゼロサイズだが、可変長で 0 が来ると即死する地雷。library/endian.cをコンパイルした再現プログラムで、修正前ENDIAN_conv(dst,src,0)→ SIGSEGV、修正後 → no-op(size=4 の反転は維持)、ASan+UBSan 警告なし。備考
library/葉関数の unit test 基盤は #473 で導入予定。本PRは実装修正のみ、リグレッションテストは #473 マージ後に同基盤上へ追加する。🤖 Generated with Claude Code