Skip to content

Commit

Permalink
Fix undefined behavior on memcpy()
Browse files Browse the repository at this point in the history 
libnetconf2's test `test_server_thread` eventually ends up in this stack
trace:

 libyang/src/tree_schema.c:3288:16: runtime error: null pointer passed as argument 1, which is declared to never be null
 /nix/store/ypih4394q488ljr421x8jak55vmr0ckn-glibc-2.32-dev/include/string.h:44:28: note: nonnull attribute specified here
    #0 0x7f565ebf8f6e in lys_node_dup_recursion libyang/src/tree_schema.c:3288:9
    CESNET#1 0x7f565ebf3409 in lys_node_dup libyang/src/tree_schema.c:3609:14
    CESNET#2 0x7f565ebbf62c in yang_check_deviation libyang/src/parser_yang.c:4646:26
    CESNET#3 0x7f565eba6531 in yang_check_sub_module libyang/src/parser_yang.c:4784:13
    CESNET#4 0x7f565eba3d1c in yang_read_module libyang/src/parser_yang.c:2705:13
    CESNET#5 0x7f565ebd1077 in lys_parse_mem_ libyang/src/tree_schema.c:1083:15
    CESNET#6 0x7f565ebd31ab in lys_parse_fd_ libyang/src/tree_schema.c:1271:14
    CESNET#7 0x7f565e92f291 in ly_ctx_load_localfile libyang/src/context.c:916:39
    CESNET#8 0x7f565e92c31b in ly_ctx_load_sub_module libyang/src/context.c:1063:19
    CESNET#9 0x7f565e92fdcc in ly_ctx_load_module libyang/src/context.c:1102:12
    CESNET#10 0x597422 in main libnetconf2/tests/test_server_thread.c:686:5
    CESNET#11 0x7f565dc98dbc in __libc_start_main (/nix/store/kah5n342wz4i0s9lz9ka4bgz91xa2i94-glibc-2.32/lib/libc.so.6+0x23dbc)
    CESNET#12 0x42a4d9 in _start /build/glibc-2.32/csu/../sysdeps/x86_64/start.S:120

In other words, it would call `memcpy` with the source parameter being
NULL, which is [explicitly said to be undefined
behavior](https://www.imperialviolet.org/2016/06/26/nonnull.html).
  • Loading branch information
@jktjkt
jktjkt committed Jan 26, 2021
1 parent 5df7bb9 commit 354d5db
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion src/tree_schema.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3285,7 +3285,9 @@ lys_node_dup_recursion(struct lys_module *module, struct lys_node *parent, const
}
}
} else {
memcpy(retval->iffeature, node->iffeature, retval->iffeature_size * sizeof *retval->iffeature);
if (node->iffeature_size) {
memcpy(retval->iffeature, node->iffeature, retval->iffeature_size * sizeof *retval->iffeature);
}
}

/*
Expand Down

0 comments on commit 354d5db

Please sign in to comment.