如何解决了解由未定义行为清理程序 (UBSan) 触发的运行时错误
当启用未定义的消毒剂时,我在 GNU 科学库 (GSL) 中发现了一个运行时错误:
deque.c:58:11: runtime error: member access within misaligned address 0x0000024010f4 for type 'struct deque',which requires 8 byte alignment
0x0000024010f4: note: pointer points here
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
deque.c:59:11: runtime error: member access within misaligned address 0x0000024010f4 for type 'struct deque',which requires 8 byte alignment
0x0000024010f4: note: pointer points here
00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
deque.c:60:11: runtime error: member access within misaligned address 0x0000024010f4 for type 'struct deque',which requires 8 byte alignment
0x0000024010f4: note: pointer points here
00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
deque.c:61:12: runtime error: member access within misaligned address 0x0000024010f4 for type 'struct deque',which requires 8 byte alignment
0x0000024010f4: note: pointer points here
00 00 00 00 ff ff ff ff 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
但我不知道如何导致这些错误,或者如何修复它们。有人可以帮忙解释一下吗?此外,这是不是应该向开发人员提出的重要问题(例如,这只蜜蜂是否可以作为安全攻击加以利用)?
源代码“deque.c”可以在here找到,相关的运行时错误行如下所示(错误发生在第58、59、60、61行)。
[添加]
调用 deque_init 的代码如下,在 mmacc.c of GSL's movstat library 中:
static int
mmacc_init(const size_t n,void * vstate)
{
mmacc_state_t * state = (mmacc_state_t *) vstate;
state->n = n;
state->k = 0;
state->xprev = 0.0;
state->rbuf = (ringbuf *) ((unsigned char *) vstate + sizeof(mmacc_state_t));
state->minque = (deque *) ((unsigned char *) state->rbuf + ringbuf_size(n));
state->maxque = (deque *) ((unsigned char *) state->minque + deque_size(n + 1));
ringbuf_init(n,state->rbuf);
deque_init(n + 1,state->minque);
deque_init(n + 1,state->maxque);
return GSL_SUCCESS;
}
上面代码中的ringbuf_size函数是指ringbuf.c of the movstat library of GSL.中下面的代码
static size_t
ringbuf_size(const size_t n)
{
size_t size = 0;
size += sizeof(ringbuf);
size += n * sizeof(ringbuf_type_t); /* b->array */
return size;
}
解决方法
我对库不太熟悉,但这就是您收到错误的原因。
main()我们可以看到,指针确实移动了 4。让我们找出原因。
指针来自
deque.c:58:11: runtime error: member access within misaligned address 0x0000024010f4 for type 'struct deque',which requires 8 byte alignment
0x0000024010f4: note: pointer points here
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
由此我们可以判断,要么是 state->minque = (deque *) ((unsigned char *) state->rbuf + ringbuf_size(n));
未对齐,要么 state->rbuf 返回的值与 8 不对齐。通过快速测试,我们可以看到,确实 ringbuf_size 返回未对齐的值。我用一个简单的程序打印了 ringbuf_size、n、sizeof(ringbuf) 和最终结果。
n * sizeof(ringbuf_type_t)如您所见,如果您使用奇数作为 0 24 + 0 = 24
1 24 + 4 = 28
2 24 + 8 = 32
3 24 + 12 = 36
4 24 + 16 = 40
5 24 + 20 = 44
6 24 + 24 = 48
7 24 + 28 = 52
8 24 + 32 = 56
9 24 + 36 = 60
10 24 + 40 = 64
11 24 + 44 = 68
12 24 + 48 = 72
13 24 + 52 = 76
14 24 + 56 = 80
15 24 + 60 = 84
,那么您会得到未对齐的指针(在您的情况下为 5)。原因是:
size示例修复可能是添加
sizeof(size_t) = 8
sizeof(ringbuf_type_t) = 4
在 size += (size % sizeof(size_t));
函数中。这样,结果变为:
ringbuf_size版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
