Fix UB in print_expr_str
#2126
Merged
Fix UB in print_expr_str
#2126
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
clang 16 with ASAN and UBSAN flag this as UB because it's performing pointer arithmetic on a NULL pointer, which is not allowed in C. The test suite of libyang-cpp triggers this behavior: 2/4 Test CESNET#1: test_context .....................***Failed 0.77 sec libyang[0]: Unexpected end-of-input. (path: Line number 1.) libyang[0]: Data model "invalid" not found in local searchdirs. libyang[0]: Loading "invalid" module failed. libyang[0]: Feature "nonexisting" not found in module "mod1". libyang[0]: Data model "doesnt-exist" not found in local searchdirs. libyang[0]: Loading "doesnt-exist" module failed. /home/ci/src/cesnet-gerrit-public/github/CESNET/libyang/src/xpath.c:239:24: runtime error: applying zero offset to null pointer #0 0x7f4054b4d168 in print_expr_str /home/ci/src/cesnet-gerrit-public/github/CESNET/libyang/src/xpath.c:239:24 CESNET#1 0x7f4054b2ba16 in print_expr_struct_debug /home/ci/src/cesnet-gerrit-public/github/CESNET/libyang/src/xpath.c:276:9 CESNET#2 0x7f4054b27209 in lyxp_expr_parse /home/ci/src/cesnet-gerrit-public/github/CESNET/libyang/src/xpath.c:3216:5 CESNET#3 0x7f40543582ab in ly_path_parse /home/ci/src/cesnet-gerrit-public/github/CESNET/libyang/src/path.c:339:5 CESNET#4 0x7f405441c8d4 in lyd_find_path /home/ci/src/cesnet-gerrit-public/github/CESNET/libyang/src/tree_data.c:3028:11 CESNET#5 0x7f4055751848 in libyang::DataNode::findPath(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, libyang::OutputNodes) const /home/ci/src/cesnet-gerrit-public/CzechLight/libyang-cpp/src/DataNode.cpp:220:16 CESNET#6 0x5424d5 in DOCTEST_ANON_FUNC_2() /home/ci/src/cesnet-gerrit-public/CzechLight/libyang-cpp/tests/context.cpp:346:9 CESNET#7 0x5ffbf7 in doctest::Context::run() /home/ci/target/include/doctest/doctest.h:7007:21 CESNET#8 0x60556d in main /home/ci/target/include/doctest/doctest.h:7085:71 CESNET#9 0x7f4055048b49 in __libc_start_call_main /usr/src/debug/glibc-2.37-1.fc38.x86_64/csu/../sysdeps/nptl/libc_start_call_main.h:58:16 CESNET#10 0x7f4055048c0a in __libc_start_main@GLIBC_2.2.5 /usr/src/debug/glibc-2.37-1.fc38.x86_64/csu/../csu/libc-start.c:360:3 CESNET#11 0x4450f4 in _start (/home/ci/build/CzechLight/libyang-cpp/test_context+0x4450f4) (BuildId: b2cbc6b91e2c885110ddbf157ff7a19e41ed0306) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/ci/src/cesnet-gerrit-public/github/CESNET/libyang/src/xpath.c:239:24 in I'm getting this on Fedora 38 and on Arch, but for some reason I cannot seem to hit the original issue on NixOS. Strange, but it's an UB anyway. Fixes: 1696178 xpath UPDATE do not use memstream
jktjkt
added a commit
to CESNET/libyang-cpp
that referenced
this pull request
Nov 1, 2023
Bug: CESNET/libyang#2126 Change-Id: Ie1320a2881d60c5af454a1f4c18dc300ff2f95b7
|
That is a rather strict check but fine, merged. |
michalvasko
approved these changes
Nov 2, 2023
jktjkt
added a commit
to CESNET/CzechLight-dependencies
that referenced
this pull request
Nov 3, 2023
Bug: CESNET/libyang#2126 Change-Id: Ib3225a73aef2b139d68d8742e0c111dc18836540
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
clang 16 with ASAN and UBSAN flag this as UB because it's performing pointer arithmetic on a NULL pointer, which is not allowed in C. The test suite of libyang-cpp triggers this behavior:
I'm getting this on Fedora 38 and on Arch, but for some reason I cannot seem to hit the original issue on NixOS. Strange, but it's an UB anyway.
Fixes: 1696178 (#2124)
Cc: @peckato1