When compiled with clang and '-fsanitize=undefined' set, running
'ovsdb-client --timestamp monitor Open_vSwitch' in a sandbox triggers
the following undefined behavior (flagged by UBSan):
lib/dynamic-string.c:207:38: runtime error: applying zero offset to null
pointer
#0 0x4ebc18 in ds_put_strftime_msec lib/dynamic-string.c:207:38
#1 0x4ebd04 in xastrftime_msec lib/dynamic-string.c:225:5
#2 0x552e6a in table_format_timestamp__ lib/table.c:226:12
#3 0x552852 in table_print_timestamp__ lib/table.c:233:27
#4 0x5506f3 in table_print_table__ lib/table.c:254:5
#5 0x550633 in table_format lib/table.c:601:9
#6 0x5524f3 in table_print lib/table.c:633:5
#7 0x44dc5e in monitor_print_table ovsdb/ovsdb-client.c:1019:5
#8 0x44c650 in monitor_print ovsdb/ovsdb-client.c:1040:13
#9 0x44ac56 in do_monitor__ ovsdb/ovsdb-client.c:1500:21
#10 0x44636e in do_monitor ovsdb/ovsdb-client.c:1575:5
#11 0x442c41 in main ovsdb/ovsdb-client.c:283:5
Reported-by: Ilya Maximets <[email protected]>
Signed-off-by: Dumitru Ceara <[email protected]>
---
v2:
- Use Adrian's suggestion.
- Fixed commit log to use the backtrace matching the ovsdb-client
reproducer.
---
lib/dynamic-string.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/lib/dynamic-string.c b/lib/dynamic-string.c
index 6940e1fd63bd..3b4520f87c35 100644
--- a/lib/dynamic-string.c
+++ b/lib/dynamic-string.c
@@ -202,10 +202,11 @@ ds_put_strftime_msec(struct ds *ds, const char *template,
long long int when,
localtime_msec(when, &tm);
}
+ ds_reserve(ds, 64);
for (;;) {
- size_t avail = ds->string ? ds->allocated - ds->length + 1 : 0;
- size_t used = strftime_msec(&ds->string[ds->length], avail, template,
- &tm);
+ size_t avail = ds->allocated - ds->length + 1;
+ char *dest = &ds->string[ds->length];
+ size_t used = strftime_msec(dest, avail, template, &tm);
if (used) {
ds->length += used;
return;
--
2.27.0
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
