Skip to content

Latest commit

 

History

History
305 lines (297 loc) · 30.7 KB

bugs-found-by-musl.md

File metadata and controls

305 lines (297 loc) · 30.7 KB

Bugs found by musl

(originally created for slcon 2013)

Bugs found and reported

Bugs relevant to musl

Unreported bugs

  • linux procfs and writev
  • posix: usage of the cx option in unistd.h
  • broken bre support in tre
  • broken random in all bsd libc and glibc (bad seed, ub signed int arithmetics)
  • search.h implementation bugs in bsd libc and glibc (stack overflow, hsearch crashes on glibc)
  • several libm bugs in glibc, fdlibm (freebsd, openbsd, bionic,..)
  • gcc fldpi, fldl2e,.. even with -frounding-math
  • gcc -fPIC -Os generates GOT for single 32bit consts instead of using immediate value (for float on i386)
  • llvm signal handler bug (not async-signal-safe, invalid use of c++, racy unmasking) in Support/Unix/Signals.inc
  • llvm exit bug (destructor calls exit)
  • llvm: invalid use of the address of stdin/stdout/stderr in Support/DynamicLibrary.cpp
  • address sanitizer: various problems: stack detection, include files, ifdef, non-portable code,..
  • various c++ projects: depend on constructor order of different tu (gcc 46770)
  • various projects: assume large thread stack size without setting it up (firefox,..)
  • various projects: query the base pointer of the stack to do pointer arithmetics with it (libgc, firefox,...)
  • calling dlopen from the constructor of global static object (firefox)
  • incorrect usage of feature test macros and configure results (lots of projects)
  • usage of obsolete wrong headers (sys/foo.h instead of foo.h and vice-versa, many projects)
  • glibc has some missing posix symbols (found by libc-test)
  • glibc has broken vfork on mips
  • glibc integer overflows in time/tz code
  • linux headers invoke ub by using (1 << 31) eg. MS_NOUSER in include/uapi/linux/fs.h
  • strace: broken handling of vfork
  • bionic: posix namespace violation, +gratuitous interface breaking
  • bionic: broken checks in wchar.cpp mbrtowc
  • gnutls: O_CLOEXEC
  • arp: posix namespace collision (tm_)
  • util-linux: cpuset.h __cpumask, etc, sys/ttydefaults.h, __sighandler_t
  • f() instead of (f)() in configure scripts (or #undef)
  • bionic/wchar.cpp 'if (n == 0)' is wrong, should be 'if (s == NULL)' and later 'if (n == 0) return -2'
  • gcc vs c99 annex f issues
  • gcc dl_iterate_phdr configure check (hard coded solaris header check + glibc/bionic/bsd ifdef + config.host overrides)
  • posix: can syslog set errno (when it fails)?
  • isoc: fputc('c',stdin) should be explicitly ub
  • posix: pow "For y < 0, if x is zero, .. +-HUGE_VAL" should be "if x is +-0" to match +-
  • isoc: underflow omission in annex f with FLT_EVAL_METHOD!=0 (comp.lang.c discussion)
  • glibc: fegetenv/fesetenv does not save/restore sse exception flags on i386
  • gcc: peephole optimization on i386 (i64 &= -1ULL<<32; turns into "andl $-1,4(%esp); movl $0,(%esp)")
  • gcc: optimization for fmod loop: superfluous fldl/fstpl in loop
  • glibc, gnulib: invalid ld80 on i386 printf'd incorrectly, gnulib tests this case, but not correctly
  • glibc: -lxnet fails (posix requirement)
  • glibc vs linux: on microblaze struct elf_prpsinfo does not match the in-kernel definition.
  • gcc: generates usless .globl directive when referencing libgcc math function
  • gcc: libgcc symbol references has .globl but not .type directive so the assembler considers the symbol reference as object breaking eg -Bsymbolic-functions
  • gcc: definitions in libgcc.a should be .hidden (default visibility breaks usage in shared libraries)
  • gcc: (long long)ptr sign extends the pointer value, this eg breaks syscall arg passing on x32
  • glibc: alloca, strdupa, strndupa, should be declared with __attribute__((deprecated))
  • gcc, clang: mm_malloc.h pollutes global namespace, broken if libc posix_memalign is macro, gcc proto is wrong
  • gcc, __builtin_constant_p does not evaluate to an integer-constant-expression
  • linux: on 32bit mips linux uses -1U/2 as RLIM_INFINITY (which is in the middle of the valid range) but limits are not always compared accordingly: eg one can set inifine limit even if rlim_max is finite and >-1U/2