From patchwork Fri Jun 24 12:54:22 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ilya Maximets <i.maximets@ovn.org>
X-Patchwork-Id: 1647873
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=140.211.166.138; helo=smtp1.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>)
Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4LTxsT5vNFz9s1l
	for <incoming@patchwork.ozlabs.org>; Fri, 24 Jun 2022 22:54:37 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp1.osuosl.org (Postfix) with ESMTP id 9B9F884077;
	Fri, 24 Jun 2022 12:54:35 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 9B9F884077
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp1.osuosl.org ([127.0.0.1])
	by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 3ubfojV9H8iC; Fri, 24 Jun 2022 12:54:34 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org
 [IPv6:2605:bc80:3010:104::8cd3:938])
	by smtp1.osuosl.org (Postfix) with ESMTPS id BD41783F22;
	Fri, 24 Jun 2022 12:54:33 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org BD41783F22
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 6846CC0039;
	Fri, 24 Jun 2022 12:54:33 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id C33FEC002D
 for <ovs-dev@openvswitch.org>; Fri, 24 Jun 2022 12:54:31 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp3.osuosl.org (Postfix) with ESMTP id 9DA3760BB5
 for <ovs-dev@openvswitch.org>; Fri, 24 Jun 2022 12:54:31 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 9DA3760BB5
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp3.osuosl.org ([127.0.0.1])
 by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id RybQ8CX3pgmT for <ovs-dev@openvswitch.org>;
 Fri, 24 Jun 2022 12:54:31 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org A74E461473
Received: from relay11.mail.gandi.net (relay11.mail.gandi.net
 [217.70.178.231])
 by smtp3.osuosl.org (Postfix) with ESMTPS id A74E461473
 for <ovs-dev@openvswitch.org>; Fri, 24 Jun 2022 12:54:30 +0000 (UTC)
Received: (Authenticated sender: i.maximets@ovn.org)
 by mail.gandi.net (Postfix) with ESMTPSA id 920A010000B;
 Fri, 24 Jun 2022 12:54:26 +0000 (UTC)
From: Ilya Maximets <i.maximets@ovn.org>
To: ovs-dev@openvswitch.org
Date: Fri, 24 Jun 2022 14:54:22 +0200
Message-Id: <20220624125422.1061867-1-i.maximets@ovn.org>
X-Mailer: git-send-email 2.34.3
MIME-Version: 1.0
Cc: Ilya Maximets <i.maximets@ovn.org>, Dumitru Ceara <dceara@redhat.com>
Subject: [ovs-dev] [PATCH] ofpbuf: Fix offsetting a NULL pointer in
	ofpbuf_reserve.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

ofpbuf_reserve() can be called with a zero size for a buffer with
an unallocated data.  It's a valid case, but we should not allow
evaluation of 'NULL + 0'.

 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior lib/ofpbuf.c:469:30 in
 lib/ofpbuf.c:469:30: runtime error: applying zero offset to null pointer
    0 0xb2f890 in ofpbuf_reserve lib/ofpbuf.c:469:30
    1 0xb2f9bc in ofpbuf_new_with_headroom lib/ofpbuf.c:179:5
    2 0xb2f9bc in ofpbuf_clone_data_with_headroom lib/ofpbuf.c:228:24
    3 0xb2f9bc in ofpbuf_clone_with_headroom lib/ofpbuf.c:199:18
    4 0xb2f8ea in ofpbuf_clone lib/ofpbuf.c:189:12
    5 0x6b3c57 in ukey_set_actions ofproto/ofproto-dpif-upcall.c:1712:5
    6 0x6c4315 in ukey_create__ ofproto/ofproto-dpif-upcall.c:1738:5
    7 0x6beed6 in ukey_create_from_upcall ofproto/ofproto-dpif-upcall.c:1793:12
    8 0x6beed6 in upcall_xlate ofproto/ofproto-dpif-upcall.c:1284:24
    9 0x6beed6 in process_upcall ofproto/ofproto-dpif-upcall.c:1456:9
    10 0x6bafb6 in recv_upcalls ofproto/ofproto-dpif-upcall.c:875:17
    11 0x6b70fa in udpif_upcall_handler ofproto/ofproto-dpif-upcall.c:792:13
    12 0xb4d5fa in ovsthread_wrapper lib/ovs-thread.c:422:12
    13 0x7fe6922081ce in start_thread (/lib64/libpthread.so.0+0x81ce)
    14 0x7fe690e39dd2 in clone (/lib64/libc.so.6+0x39dd2)

Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Acked-by: Dumitru Ceara <dceara@redhat.com>
Acked-by: Aaron Conole <aconole@redhat.com>
---
 lib/ofpbuf.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/ofpbuf.c b/lib/ofpbuf.c
index 79ced46d7..679f3ba3e 100644
--- a/lib/ofpbuf.c
+++ b/lib/ofpbuf.c
@@ -464,6 +464,10 @@ ofpbuf_put_hex(struct ofpbuf *b, const char *s, size_t *n)
 void
 ofpbuf_reserve(struct ofpbuf *b, size_t size)
 {
+    if (!size) {
+        return;
+    }
+
     ovs_assert(!b->size);
     ofpbuf_prealloc_tailroom(b, size);
     b->data = (char*)b->data + size;