diff mbox series

[ovs-dev] controller: Fix UB due to passing NULL to memcpy.

Message ID 20220816144502.357803-1-dceara@redhat.com
State Accepted
Headers show
Series [ovs-dev] controller: Fix UB due to passing NULL to memcpy. | expand

Checks

Context Check Description
ovsrobot/apply-robot success apply and check: success
ovsrobot/github-robot-_Build_and_Test success github build: passed
ovsrobot/github-robot-_ovn-kubernetes success github build: passed

Commit Message

Dumitru Ceara Aug. 16, 2022, 2:45 p.m. UTC 
Reported by UndefinedBehaviorSanitizer when running in a sandbox:
  controller/ovn-controller.c:374:21: runtime error: null pointer passed as argument 2, which is declared to never be null
  /usr/include/string.h:44:28: note: nonnull attribute specified here
  SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior controller/ovn-controller.c:374:21

Signed-off-by: Dumitru Ceara <dceara@redhat.com>
---
 controller/ovn-controller.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Ales Musil Aug. 17, 2022, 8 a.m. UTC | #1 
On Tue, Aug 16, 2022 at 4:47 PM Dumitru Ceara <dceara@redhat.com> wrote:

> Reported by UndefinedBehaviorSanitizer when running in a sandbox:
>   controller/ovn-controller.c:374:21: runtime error: null pointer passed
> as argument 2, which is declared to never be null
>   /usr/include/string.h:44:28: note: nonnull attribute specified here
>   SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
> controller/ovn-controller.c:374:21
>
> Signed-off-by: Dumitru Ceara <dceara@redhat.com>
> ---
>  controller/ovn-controller.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c
> index 8268726e6..96270c824 100644
> --- a/controller/ovn-controller.c
> +++ b/controller/ovn-controller.c
> @@ -371,7 +371,9 @@ create_br_int(struct ovsdb_idl_txn *ovs_idl_txn,
>      struct ovsrec_bridge **bridges;
>      size_t bytes = sizeof *bridges * cfg->n_bridges;
>      bridges = xmalloc(bytes + sizeof *bridges);
> -    memcpy(bridges, cfg->bridges, bytes);
> +    if (cfg->n_bridges) {
> +        memcpy(bridges, cfg->bridges, bytes);
> +    }
>      bridges[cfg->n_bridges] = bridge;
>      ovsrec_open_vswitch_verify_bridges(cfg);
>      ovsrec_open_vswitch_set_bridges(cfg, bridges, cfg->n_bridges + 1);
> --
> 2.31.1
>
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
>
Makes sense, thanks!

Acked-by: Ales Musil <amusil@redhat.com>
Numan Siddique Aug. 18, 2022, 2:24 a.m. UTC | #2 
On Wed, Aug 17, 2022 at 6:01 PM Ales Musil <amusil@redhat.com> wrote:
>
> On Tue, Aug 16, 2022 at 4:47 PM Dumitru Ceara <dceara@redhat.com> wrote:
>
> > Reported by UndefinedBehaviorSanitizer when running in a sandbox:
> >   controller/ovn-controller.c:374:21: runtime error: null pointer passed
> > as argument 2, which is declared to never be null
> >   /usr/include/string.h:44:28: note: nonnull attribute specified here
> >   SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
> > controller/ovn-controller.c:374:21
> >
> > Signed-off-by: Dumitru Ceara <dceara@redhat.com>

> > ---
> >  controller/ovn-controller.c | 4 +++-
> >  1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c
> > index 8268726e6..96270c824 100644
> > --- a/controller/ovn-controller.c
> > +++ b/controller/ovn-controller.c
> > @@ -371,7 +371,9 @@ create_br_int(struct ovsdb_idl_txn *ovs_idl_txn,
> >      struct ovsrec_bridge **bridges;
> >      size_t bytes = sizeof *bridges * cfg->n_bridges;
> >      bridges = xmalloc(bytes + sizeof *bridges);
> > -    memcpy(bridges, cfg->bridges, bytes);
> > +    if (cfg->n_bridges) {
> > +        memcpy(bridges, cfg->bridges, bytes);
> > +    }
> >      bridges[cfg->n_bridges] = bridge;
> >      ovsrec_open_vswitch_verify_bridges(cfg);
> >      ovsrec_open_vswitch_set_bridges(cfg, bridges, cfg->n_bridges + 1);
> > --
> > 2.31.1
> >
> > _______________________________________________
> > dev mailing list
> > dev@openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> >
> >
> Makes sense, thanks!
>
> Acked-by: Ales Musil <amusil@redhat.com>

Thanks.  Applied to the main branch.

Numan

>
> --
>
> Ales Musil
>
> Senior Software Engineer - OVN Core
>
> Red Hat EMEA <https://www.redhat.com>
>
> amusil@redhat.com    IM: amusil
> <https://red.ht/sig>
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
diff mbox series

Patch

diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c
index 8268726e6..96270c824 100644
--- a/controller/ovn-controller.c
+++ b/controller/ovn-controller.c
@@ -371,7 +371,9 @@  create_br_int(struct ovsdb_idl_txn *ovs_idl_txn,
     struct ovsrec_bridge **bridges;
     size_t bytes = sizeof *bridges * cfg->n_bridges;
     bridges = xmalloc(bytes + sizeof *bridges);
-    memcpy(bridges, cfg->bridges, bytes);
+    if (cfg->n_bridges) {
+        memcpy(bridges, cfg->bridges, bytes);
+    }
     bridges[cfg->n_bridges] = bridge;
     ovsrec_open_vswitch_verify_bridges(cfg);
     ovsrec_open_vswitch_set_bridges(cfg, bridges, cfg->n_bridges + 1);