Skip to content

ldv benchmarks, pointer arithmetic with unbelievably huge offsets

I caught some ldv benchmarks where pointers got offsets that are too huge to be correct. Those pointers are then dereferenced, resulting in undefined behaviors.

Example:

c/ldv-linux-3.0/module_get_put-drivers-block-loop.ko.cil.out.i: In function 'add_disk':
c/ldv-linux-3.0/module_get_put-drivers-block-loop.ko.cil.out.i:6927.11-22: error: Invalid memory access
  
  6927:   add_disk(lo->lo_disk);
                   ^^^^^^^^^^^  
  accessing 8 bytes at offset 774763251095800727688 of variable 'loop_devices' of size 16 bytes
  Callstack:
        from c/ldv-linux-3.0/module_get_put-drivers-block-loop.ko.cil.out.i:6927.2-23: add_disk
        from c/ldv-linux-3.0/module_get_put-drivers-block-loop.ko.cil.out.i:7055.8-19: loop_init
        from c/ldv-linux-3.0/module_get_put-drivers-block-loop.ko.cil.out.i:7018.4-8: main

Indeed, lo = (struct loop_device *)__mptr + 0x0ffffffffffffd70UL; at line 6923.

Other cases:

  • c/ldv-linux-3.7.3/main15_drivers-usb-core-usbcore-ko--32_7a--linux-3.7.3.i, line 31184, bus = (struct usb_bus *)__mptr + 0xffffffffffffffb8UL;
  • c/ldv-linux-4.2-rc1/linux-4.2-rc1.tar.xz-08_1a-drivers--usb--gadget--libcomposite.ko-entry_point.cil.out.yml, line 7489, fd = (struct usb_function_driver *)__mptr + 0xfffffffffffffff0UL;
  • c/ldv-linux-4.2-rc1/linux-4.2-rc1.tar.xz-32_7a-drivers--md--dm-crypt.ko-entry_point.cil.out.yml, line 5944, __gu_p = (void *)(iv + ((unsigned long )cc->iv_size + 0xfffffffffffffff8UL));
  • c/ldv-linux-4.2-rc1/linux-4.2-rc1.tar.xz-08_1a-drivers--iio--accel--kxcjk-1013.ko-entry_point.cil.out.i, line 5770, tmp = i2c_get_clientdata((struct i2c_client const *)((struct i2c_client *)__mptr + 0xffffffffffffffe0UL));
  • c/ldv-linux-4.2-rc1/linux-4.2-rc1.tar.xz-08_1a-drivers--iio--imu--inv_mpu6050--inv-mpu6050.ko-entry_point.cil.out.i line 5456, tmp = i2c_get_clientdata((struct i2c_client const *)((struct i2c_client *)__mptr + 0xffffffffffffffe0UL));
  • c/ldv-linux-4.2-rc1/linux-4.2-rc1.tar.xz-08_1a-drivers--input--gameport--gameport.ko-entry_point.cil.out.i line 3573, gameport = (struct gameport *)__mptr + 0xfffffffffffffde0UL;
  • c/ldv-linux-4.2-rc1/linux-4.2-rc1.tar.xz-08_1a-drivers--md--dm-multipath.ko-entry_point.cil.out.i, line 4139 psi = (struct ps_internal *)__mptr + 0xffffffffffffffa0UL;
Edited by Raphaël Monat
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information