-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix up from a bunch of ubsan issues found. #16074
base: master
Are you sure you want to change the base?
Commits on Aug 6, 2024
-
isisd: Translate level appropriately
Sanitizers are finding: isisd/isis_spf.c:2122:22: runtime error: index 2 out of bounds for type '_uint64_t [2]' Comparing the pattern against the rest of the code, 1 should be subtracted. Signed-off-by: Donald Sharp <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5b45194 - Browse repository at this point
Copy the full SHA 5b45194View commit details -
*: Cleanup no returns for functions that should have them
Signed-off-by: Donald Sharp <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 28515ee - Browse repository at this point
Copy the full SHA 28515eeView commit details -
In fact there are more than several places that we do in fact pass in NULL to get a NULL returned. Signed-off-by: Donald Sharp <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ff8b83e - Browse repository at this point
Copy the full SHA ff8b83eView commit details -
lib: Prevent Pointer dereference to NULL
The call into zlog_target_clone was passing &zcf->active->zt. From running memory sanitizer we are seeing that it is complaining about member access within null pointer of type... for this value. Since the call into zlog_target_clone checks for NULL for this value, let's just make sure we don't do anything stupid here. Signed-off-by: Donald Sharp <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7cb8bd8 - Browse repository at this point
Copy the full SHA 7cb8bd8View commit details -
lib: Fix Null pointer derenference that happened to not crash
lib/yang.c:248:3: runtime error: member access within null pointer of type 'struct lysc_node_action' lib/yang.c:254:3: runtime error: member access within null pointer of type 'struct lysc_node_notif' If this data structure happens to ever be moved around we'll start crashing. Let's just fix it. Signed-off-by: Donald Sharp <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e7184da - Browse repository at this point
Copy the full SHA e7184daView commit details -
tests: Fix not long enough time out
Running the mgmt_oper tests under heavy load would occassionally cause the test to fail. The retry mechanism would kick in and the test would have succeeded. Let's extend the timer. Signed-off-by: Donald Sharp <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9cc1f27 - Browse repository at this point
Copy the full SHA 9cc1f27View commit details -
lib: Cleanup bitfield to use unsigned values
Getting these messages: ./bgp_lu_topo2.test_bgp_lu2/R1/bgpd.err:bgpd/bgp_labelpool.c:310:3: runtime error: left shift of 1 by 31 places cannot be represented in type 'int' ./bgp_lu_topo2.test_bgp_lu2/R4/bgpd.err:bgpd/bgp_labelpool.c:310:3: runtime error: left shift of 1 by 31 places cannot be represented in type 'int' ./bgp_lu_topo2.test_bgp_lu2/R4/bgpd.err:bgpd/bgp_labelpool.c:497:5: runtime error: left shift of 1 by 31 places cannot be represented in type 'int' ./bgp_lu_topo2.test_bgp_lu2/R4/bgpd.err:bgpd/bgp_labelpool.c:499:5: runtime error: left shift of 1 by 31 places cannot be represented in type 'int' Signed-off-by: Donald Sharp <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 019f1bc - Browse repository at this point
Copy the full SHA 019f1bcView commit details -
lib: Cleanup bitfield issues found
Found this problem: ./isis_te_topo1.test_isis_te_topo1/r1/isisd.err:lib/link_state.c:330:8: runtime error: left shift of 1073741824 by 1 places cannot be represented in type 'int' Clean it up. Signed-off-by: Donald Sharp <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 54621f6 - Browse repository at this point
Copy the full SHA 54621f6View commit details -
Found this problem: ./eigrp_topo1.test_eigrp_topo1/r3/eigrpd.err:eigrpd/eigrp_packet.c:1113:35: runtime error: left shift of 192 by 24 places cannot be represented in type 'int' Fix it. Signed-off-by: Donald Sharp <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b502f34 - Browse repository at this point
Copy the full SHA b502f34View commit details -
zebra: Fix misaligned long long unsigned int
Error message: ./multicast_pim_dr_nondr_test.test_pim_dr_nondr_with_ospf_topo2/r5/zebra.err:zebra/rt_netlink.c:1142:15: runtime error: load of misaligned address 0x7bb40000a064 for type 'long long unsigned int', which requires 8 byte alignment Fix it. Signed-off-by: Donald Sharp <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1d383d4 - Browse repository at this point
Copy the full SHA 1d383d4View commit details -
bgpd: Make peer->max_packet_size atomic
This value is being set and read at the same time according to the thread sanitizer WARNING: ThreadSanitizer: data race (pid=2914253) Read of size 2 at 0x7ba800011b10 by thread T2: #0 validate_header bgpd/bgp_io.c:601 (bgpd+0x60c5e0) #1 read_ibuf_work bgpd/bgp_io.c:177 (bgpd+0x608ffe) #2 bgp_process_reads bgpd/bgp_io.c:261 (bgpd+0x609880) #3 event_call lib/event.c:2011 (libfrr.so.0+0x59168d) #4 fpt_run lib/frr_pthread.c:369 (libfrr.so.0+0x35154e) #5 frr_pthread_inner lib/frr_pthread.c:178 (libfrr.so.0+0x34fef6) Previous write of size 2 at 0x7ba800011b10 by main thread: #0 bgp_open_option_parse bgpd/bgp_open.c:1469 (bgpd+0xb5006f) #1 bgp_open_receive bgpd/bgp_packet.c:2100 (bgpd+0x6b3f5c) #2 bgp_process_packet bgpd/bgp_packet.c:4019 (bgpd+0x6c9549) #3 event_call lib/event.c:2011 (libfrr.so.0+0x59168d) #4 frr_run lib/libfrr.c:1217 (libfrr.so.0+0x3b04a9) #5 main bgpd/bgp_main.c:548 (bgpd+0x49aa3d) Location is heap block of size 24328 at 0x7ba80000c000 allocated by main thread: #0 calloc ../../../../src/libsanitizer/tsan/tsan_interceptors_posix.cpp:667 (libtsan.so.2+0x3fdd2) #1 qcalloc lib/memory.c:105 (libfrr.so.0+0x3f2784) #2 peer_new bgpd/bgpd.c:1517 (bgpd+0x955024) #3 peer_create bgpd/bgpd.c:1941 (bgpd+0x95c908) #4 peer_remote_as bgpd/bgpd.c:2211 (bgpd+0x9614a6) #5 peer_remote_as_vty bgpd/bgp_vty.c:4788 (bgpd+0x881239) #6 neighbor_remote_as bgpd/bgp_vty.c:4869 (bgpd+0x881a28) #7 cmd_execute_command_real lib/command.c:1002 (libfrr.so.0+0x2b53a2) #8 cmd_execute_command_strict lib/command.c:1111 (libfrr.so.0+0x2b5e0b) #9 command_config_read_one_line lib/command.c:1271 (libfrr.so.0+0x2b6972) #10 config_from_file lib/command.c:1324 (libfrr.so.0+0x2b7035) #11 vty_read_file lib/vty.c:2607 (libfrr.so.0+0x5c0d19) #12 vty_read_config lib/vty.c:2853 (libfrr.so.0+0x5c1f37) #13 frr_config_read_in lib/libfrr.c:981 (libfrr.so.0+0x3ae76a) #14 event_call lib/event.c:2011 (libfrr.so.0+0x59168d) #15 frr_run lib/libfrr.c:1217 (libfrr.so.0+0x3b04a9) #16 main bgpd/bgp_main.c:548 (bgpd+0x49aa3d) Thread T2 'bgpd_io' (tid=2914257, running) created by main thread at: #0 pthread_create ../../../../src/libsanitizer/tsan/tsan_interceptors_posix.cpp:1001 (libtsan.so.2+0x63a59) #1 frr_pthread_run lib/frr_pthread.c:197 (libfrr.so.0+0x3500da) #2 bgp_pthreads_run bgpd/bgpd.c:8490 (bgpd+0x9d7716) #3 main bgpd/bgp_main.c:547 (bgpd+0x49a9c8) Fix this. Signed-off-by: Donald Sharp <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fadfc7b - Browse repository at this point
Copy the full SHA fadfc7bView commit details -
lib: Thread is being used and set at the same time
The call to set thread is being used and set at the same time in various pthreads in the code. This should not be happening. Let's fix it. Signed-off-by: Donald Sharp <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 946c20a - Browse repository at this point
Copy the full SHA 946c20aView commit details