From 7c28dadb5e66ee96b7c448e3ae288a2f1bd168d1 Mon Sep 17 00:00:00 2001
From: Andrew Jeffery <andrew@codeconstruct.com.au>
Date: Thu, 30 Oct 2025 12:35:22 +1030
Subject: [PATCH 1/3] mctp-netlink: Don't qsort() when target list is NULL

Mitigate the following ubsan splat:

    Feb 27 09:32:23 test mctpd[1034]: ../git/src/mctp-netlink.c:960:3: runtime error: null pointer passed as argument 1, which is declared to never be null
    Feb 27 09:32:23 test mctpd[1034]:     #0 0x4552c4  (/usr/sbin/mctpd+0x4a2c4) (BuildId: 0a2c71201a0ddde8f9bbe7d2fd65628c4e08f5d8)
    Feb 27 09:32:23 test mctpd[1034]:     #1 0x42c3b0  (/usr/sbin/mctpd+0x213b0) (BuildId: 0a2c71201a0ddde8f9bbe7d2fd65628c4e08f5d8)
    Feb 27 09:32:23 test mctpd[1034]:     #2 0xa623b4ac  (/usr/lib/libc.so.6+0x1f4ac) (BuildId: f7dfc12cfaed3ca290b3c7f41ef9145c0de0fe6b)
    Feb 27 09:32:23 test mctpd[1034]:     #3 0xa623b598 in __libc_start_main (/usr/lib/libc.so.6+0x1f598) (BuildId: f7dfc12cfaed3ca290b3c7f41ef9145c0de0fe6b)

glibc (e.g. 2.41) declares qsort as:

    extern void qsort (void *__base, size_t __nmemb, size_t __size,
    		   __compar_fn_t __compar) __nonnull ((1, 4));

Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
---
 src/mctp-netlink.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/mctp-netlink.c b/src/mctp-netlink.c
index 6cbbf6d..1c38ef6 100644
--- a/src/mctp-netlink.c
+++ b/src/mctp-netlink.c
@@ -952,13 +952,17 @@ static void sort_linkmap(mctp_nl *nl)
 {
 	size_t i;
 
-	qsort(nl->linkmap, nl->linkmap_count, sizeof(*nl->linkmap),
-	      cmp_ifindex);
+	if (nl->linkmap) {
+		qsort(nl->linkmap, nl->linkmap_count, sizeof(*nl->linkmap),
+		      cmp_ifindex);
+	}
 
 	for (i = 0; i < nl->linkmap_count; i++) {
 		struct linkmap_entry *entry = &nl->linkmap[i];
-		qsort(entry->local_eids, entry->num_local, sizeof(mctp_eid_t),
-		      cmp_eid);
+		if (entry->local_eids) {
+			qsort(entry->local_eids, entry->num_local,
+			      sizeof(mctp_eid_t), cmp_eid);
+		}
 	}
 }
 

From c06f1262ee01e00fff699a1d83eb4effe89064ff Mon Sep 17 00:00:00 2001
From: Andrew Jeffery <andrew@codeconstruct.com.au>
Date: Thu, 30 Oct 2025 12:59:44 +1030
Subject: [PATCH 2/3] mctp-netlink: Don't memcpy() when source list is NULL

Mitigate the ubsan splat:

    Feb 27 09:30:55 test mctpd[984]: SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../../../../../workspace/sources/mctp/src/mctp-netlink.c:1102:2 in
    Feb 27 09:31:00 test mctpd[993]: ../../../../../../workspace/sources/mctp/src/mctp-netlink.c:1102:2: runtime error: null pointer passed as argument 2, which is declared to never be null
    Feb 27 09:31:00 test mctpd[993]:     #0 0x47fcc0  (/usr/sbin/mctpd+0x57cc0) (BuildId: 74658a0b3317f1295bab6bbcd8febf809768bfda)
    Feb 27 09:31:00 test mctpd[993]:     #1 0x459590  (/usr/sbin/mctpd+0x31590) (BuildId: 74658a0b3317f1295bab6bbcd8febf809768bfda)
    Feb 27 09:31:00 test mctpd[993]:     #2 0x4498f0  (/usr/sbin/mctpd+0x218f0) (BuildId: 74658a0b3317f1295bab6bbcd8febf809768bfda)
    Feb 27 09:31:00 test mctpd[993]:     #3 0xa62904ac  (/usr/lib/libc.so.6+0x1f4ac) (BuildId: f7dfc12cfaed3ca290b3c7f41ef9145c0de0fe6b)
    Feb 27 09:31:00 test mctpd[993]:     #4 0xa6290598 in __libc_start_main (/usr/lib/libc.so.6+0x1f598) (BuildId: f7dfc12cfaed3ca290b3c7f41ef9145c0de0fe6b)

Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
---
 src/mctp-netlink.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/mctp-netlink.c b/src/mctp-netlink.c
index 1c38ef6..9cd1571 100644
--- a/src/mctp-netlink.c
+++ b/src/mctp-netlink.c
@@ -1094,11 +1094,12 @@ mctp_eid_t *mctp_nl_addrs_byindex(const mctp_nl *nl, int index, size_t *ret_num)
 	mctp_eid_t *ret;
 
 	*ret_num = 0;
-	if (!entry)
+	if (!entry || entry->num_local == 0)
 		return NULL;
 	ret = malloc(entry->num_local);
 	if (!ret)
 		return NULL;
+	assert(entry->local_eids);
 	memcpy(ret, entry->local_eids, entry->num_local);
 	*ret_num = entry->num_local;
 	return ret;

From c62e013e3dfb9163957e6f887ba62af2b767df1e Mon Sep 17 00:00:00 2001
From: Andrew Jeffery <andrew@codeconstruct.com.au>
Date: Fri, 28 Nov 2025 13:00:09 +1030
Subject: [PATCH 3/3] github: Enable UBSAN for PR workflow

Given we were already enabling ASAN and there were a couple of UBSAN
bugs, let's enable UBSAN too.

Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
---
 .github/workflows/pr.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 663fd7a..a47bac9 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -18,7 +18,7 @@ jobs:
         run: pip install --user -r tests/requirements.txt
 
       - name: Configure mctp build
-        run: meson setup build -Db_sanitize=address
+        run: meson setup build -Db_sanitize=address,undefined
 
       - name: Build mctp
         run: meson compile -C build
@@ -52,7 +52,7 @@ jobs:
         run: pip install --user -r tests/requirements.txt
 
       - name: Configure mctp build
-        run: meson setup build -Db_sanitize=address
+        run: meson setup build -Db_sanitize=address,undefined
 
       - name: Build mctp
         run: meson compile -C build