[libvirt PATCH v2 0/2] Fail tests on UBSAN findings
V1: https://listman.redhat.com/archives/libvir-list/2021-July/msg00592.html Changes since V1: Simplified series by using the approach mentioned in https://listman.redhat.com/archives/libvir-list/2021-June/msg00358.html Tim Wiederhake (2): virFileReadLimFD: Cast maxlen to size_t before adding ci: Halt on sanitizer errors .gitlab-ci.yml | 2 ++ src/util/virfile.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) -- 2.31.1
If the function is called with maxlen equal to `INT_MAX`, adding one will trigger a signed integer overflow. Signed-off-by: Tim Wiederhake <twiederh@redhat.com> --- src/util/virfile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/virfile.c b/src/util/virfile.c index 723e1ca6e5..ad491251a2 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -1422,7 +1422,7 @@ virFileReadLimFD(int fd, int maxlen, char **buf) errno = EINVAL; return -1; } - s = saferead_lim(fd, maxlen+1, &len); + s = saferead_lim(fd, (size_t) maxlen + 1, &len); if (s == NULL) return -1; if (len > maxlen || (int)len != len) { -- 2.31.1
On Thu, Jul 22, 2021 at 11:00:17AM +0200, Tim Wiederhake wrote:
If the function is called with maxlen equal to `INT_MAX`, adding one will trigger a signed integer overflow.
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> --- src/util/virfile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
The undefined behaviour sanitizer (UBSAN) defaults to merely printing an error message if it detects undefined behaviour. These error messages often end up in captured output and do not fail the tests, effectively hiding the warning. Make the test cases fail to make the issues visible. Signed-off-by: Tim Wiederhake <twiederh@redhat.com> --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3cb6ff5e6b..4757139fa9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -89,6 +89,8 @@ stages: - meson build --werror -Ddocs=disabled -Db_lundef=false -Db_sanitize="$SANITIZER" - ninja -C build; - ninja -C build test; + variables: + UBSAN_OPTIONS: print_stacktrace=1:halt_on_error=1 # Jobs that we delegate to Cirrus CI because they require an operating # system other than Linux. These jobs will only run if the required -- 2.31.1
On Thu, Jul 22, 2021 at 11:00:18AM +0200, Tim Wiederhake wrote:
The undefined behaviour sanitizer (UBSAN) defaults to merely printing an error message if it detects undefined behaviour. These error messages often end up in captured output and do not fail the tests, effectively hiding the warning. Make the test cases fail to make the issues visible.
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
participants (2)
-
Daniel P. Berrangé -
Tim Wiederhake