libc/qsort: fix invalid-pointer-pair if enable detect_invalid_pointer_pairs=2

anchao · jerpelea · commit 3403b983ec47 · 2023-05-08T13:43:28.000+02:00
================================================================= ==2920138==ERROR: AddressSanitizer: invalid-pointer-pair: 0x603000000130 0x000000000000 #0 0x5602d3c6a89d in qsort stdlib/lib_qsort.c:180 #1 0x5602d3c28928 in romfs_cachenode romfs/fs_romfsutil.c:503 #2 0x5602d3c2854d in romfs_cachenode romfs/fs_romfsutil.c:486 apache#3 0x5602d3c2b056 in romfs_fsconfigure romfs/fs_romfsutil.c:777 apache#4 0x5602d3c24856 in romfs_bind romfs/fs_romfs.c:1111 apache#5 0x5602d3bf5179 in nx_mount mount/fs_mount.c:427 apache#6 0x5602d3bf5796 in mount mount/fs_mount.c:539 apache#7 0x5602d3bc1154 in nsh_romfsetc apps/nshlib/nsh_romfsetc.c:110 apache#8 0x5602d3b8f38d in nsh_initialize apps/nshlib/nsh_init.c:127 apache#9 0x5602d3b8f2b7 in nsh_main apps/system/nsh/nsh_main.c:69 apache#10 0x5602d3b7a3a6 in nxtask_startup sched/task_startup.c:70 apache#11 0x5602d3b5de89 in nxtask_start task/task_start.c:134 0x603000000130 is located 0 bytes inside of 32-byte region [0x603000000130,0x603000000150) allocated by thread T0 here: #0 0x7fcdac74793c in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:226 #1 0x5602d3c9024e in host_memalign sim/posix/sim_hostmemory.c:180 #2 0x5602d3c907d2 in host_realloc sim/posix/sim_hostmemory.c:222 apache#3 0x5602d3b8aaff in mm_realloc sim/sim_heap.c:262 apache#4 0x5602d3b87a6a in realloc umm_heap/umm_realloc.c:91 apache#5 0x5602d3c280c4 in romfs_cachenode romfs/fs_romfsutil.c:466 apache#6 0x5602d3c2854d in romfs_cachenode romfs/fs_romfsutil.c:486 apache#7 0x5602d3c2b056 in romfs_fsconfigure romfs/fs_romfsutil.c:777 apache#8 0x5602d3c24856 in romfs_bind romfs/fs_romfs.c:1111 apache#9 0x5602d3bf5179 in nx_mount mount/fs_mount.c:427 apache#10 0x5602d3bf5796 in mount mount/fs_mount.c:539 apache#11 0x5602d3bc1154 in nsh_romfsetc apps/nshlib/nsh_romfsetc.c:110 apache#12 0x5602d3b8f38d in nsh_initialize apps/nshlib/nsh_init.c:127 apache#13 0x5602d3b8f2b7 in nsh_main apps/system/nsh/nsh_main.c:69 apache#14 0x5602d3b7a3a6 in nxtask_startup sched/task_startup.c:70 apache#15 0x5602d3b5de89 in nxtask_start task/task_start.c:134 Address 0x000000000000 is a wild pointer. SUMMARY: AddressSanitizer: invalid-pointer-pair stdlib/lib_qsort.c:180 in qsort ==2920138==ABORTING Aborted (core dumped) Signed-off-by: chao an <anchao@xiaomi.com>
diff --git a/libs/libc/stdlib/lib_qsort.c b/libs/libc/stdlib/lib_qsort.c
@@ -67,8 +67,8 @@
   }
 
 #define SWAPINIT(a, width) \
-  swaptype = ((FAR char *)a - (FAR char *)0) % sizeof(long) || \
-  width % sizeof(long) ? 2 : width == sizeof(long)? 0 : 1;
+  swaptype = (uintptr_t)a % sizeof(long) || \
+  width % sizeof(long) ? 2 : width == sizeof(long) ? 0 : 1;
 
 #define swap(a, b) \
   if (swaptype == 0) \

Original file line number	Diff line number	Diff line change
`@@ -67,8 +67,8 @@`
`67`	`67`	`}`
`68`	`68`
`69`	`69`	`#define SWAPINIT(a, width) \`
`70`		`- swaptype = ((FAR char )a - (FAR char )0) % sizeof(long) \|\| \`
`71`		`- width % sizeof(long) ? 2 : width == sizeof(long)? 0 : 1;`
	`70`	`+ swaptype = (uintptr_t)a % sizeof(long) \|\| \`
	`71`	`+ width % sizeof(long) ? 2 : width == sizeof(long) ? 0 : 1;`
`72`	`72`
`73`	`73`	`#define swap(a, b) \`
`74`	`74`	`if (swaptype == 0) \`