Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

src/libexpr/search-path.cc: avoid out-of-bounds read on string_view #8825

Merged
merged 1 commit into from
Aug 16, 2023
Merged

src/libexpr/search-path.cc: avoid out-of-bounds read on string_view #8825

merged 1 commit into from
Aug 16, 2023

Conversation

trofi
Copy link
Contributor

@trofi trofi commented Aug 14, 2023

Without the change build with -D_GLIBCXX_ASSERTIONS exposes testsuite assertion:

$ gdb src/libexpr/tests/libnixexpr-tests
Reading symbols from src/libexpr/tests/libnixexpr-tests...
(gdb) break __glibcxx_assert_fail
(gdb) run
(gdb) bt
in std::__glibcxx_assert_fail(char const*, int, char const*, char const*)@plt () from /mnt/archive/big/git/nix/src/libexpr/libnixexpr.so
in std::basic_string_view<char, std::char_traits<char> >::operator[] (this=0x7fffffff56c0, __pos=4)
    at /nix/store/r74fw2j8rx5idb0w8s1s6ynwwgs0qmh9-gcc-14.0.0/include/c++/14.0.0/string_view:258
in nix::SearchPath::Prefix::suffixIfPotentialMatch (this=0x7fffffff5780, path=...) at src/libexpr/search-path.cc:15
in nix::SearchPathElem_suffixIfPotentialMatch_partialPrefix_Test::TestBody (this=0x555555a17540) at src/libexpr/tests/search-path.cc:62

As string sizes are usigned types (a - b) > 0 effectively means a != b. While the intention should be a > b.

The change fixes test suite pass.

Motivation

Context

Checklist for maintainers

Maintainers: tick if completed or explain if not relevant

  • agreed on idea
  • agreed on implementation strategy
  • tests, as appropriate
    • functional tests - tests/**.sh
    • unit tests - src/*/tests
    • integration tests - tests/nixos/*
  • documentation in the manual
  • documentation in the internal API docs
  • code and comments are self-explanatory
  • commit message explains why the change was made
  • new feature or incompatible change: updated release notes

Priorities

Add 👍 to pull requests you find important.

@trofi
src/libexpr/search-path.cc: avoid out-of-bounds read on string_view
b74962c 
Without the change build with `-D_GLIBCXX_ASSERTIONS` exposes testsuite
assertion:

    $ gdb src/libexpr/tests/libnixexpr-tests
    Reading symbols from src/libexpr/tests/libnixexpr-tests...
    (gdb) break __glibcxx_assert_fail
    (gdb) run
    (gdb) bt
    in std::__glibcxx_assert_fail(char const*, int, char const*, char const*)@plt () from /mnt/archive/big/git/nix/src/libexpr/libnixexpr.so
    in std::basic_string_view<char, std::char_traits<char> >::operator[] (this=0x7fffffff56c0, __pos=4)
        at /nix/store/r74fw2j8rx5idb0w8s1s6ynwwgs0qmh9-gcc-14.0.0/include/c++/14.0.0/string_view:258
    in nix::SearchPath::Prefix::suffixIfPotentialMatch (this=0x7fffffff5780, path=...) at src/libexpr/search-path.cc:15
    in nix::SearchPathElem_suffixIfPotentialMatch_partialPrefix_Test::TestBody (this=0x555555a17540) at src/libexpr/tests/search-path.cc:62

As string sizes are usigned types `(a - b) > 0` effectively means
`a != b`. While the intention should be `a > b`.

The change fixes test suite pass.
@trofi trofi requested a review from edolstra as a code owner August 14, 2023 21:11
@trofi trofi mentioned this pull request Aug 14, 2023
Closed
trofi added a commit to trofi/nix-guix-gentoo that referenced this pull request Aug 14, 2023
@trofi
sys-apps/nix: pull search-path OOB fix pending upstream inclusion
0d114d4 
Initially reported by ThomasP at

    https://discourse.nixos.org/t/error-while-installing-home-manager/31720

There `nix-build` triggered `libstdc++` assertion when `gcc` is built
with `-D_GLIBCXX_ASSERTIONS` enabled by default.

Apply a simple patch proposed upstream to avoid out-of-bounds access to
the `string_view`:

    NixOS/nix#8825
@iFreilicht
Copy link
Contributor

Is this the only assertion that fails when -D_GLIBCXX_ASSERTIONS is set? If so, might it make sense to enable this while running the test suites to prevent regressions?

@trofi
Copy link
Contributor Author

trofi commented Aug 15, 2023

Certainly that failure was the only one on the nix test suite. And it was enough for the original reported of the failure at https://discourse.nixos.org/t/error-while-installing-home-manager/31720/13 to get working nix in Gentoo environment.

There is a tiny chance there are more bugs lurking, but so far it looks functioning.

As for -D_GLIBCXX_ASSERTIONS enabled by default it sounds reasonable to have at least as one of the flavours of the test. I'm not very familiar with nix's flake.nix to extend it though.

I hoped nix also uses -fsanitize=address as part of it's testsuite which should have caught the failures as well. But maybe boehm-gc does not make it as simple.

@edolstra edolstra merged commit 7f8c99c into NixOS:master Aug 16, 2023
8 checks passed
@edolstra edolstra added the backport 2.15-maintenance Automatically creates a PR against the branch label Aug 16, 2023
@github-actions
Copy link

Backport failed for 2.15-maintenance, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally.

git fetch origin 2.15-maintenance
git worktree add -d .worktree/backport-8825-to-2.15-maintenance origin/2.15-maintenance
cd .worktree/backport-8825-to-2.15-maintenance
git checkout -b backport-8825-to-2.15-maintenance
ancref=$(git merge-base 5542c1f87ee3325bce8140f4087b12647b4107ef b74962c92b2d8d9b957934e0aefcf4983169ae1e)
git cherry-pick -x $ancref..b74962c92b2d8d9b957934e0aefcf4983169ae1e

@trofi trofi deleted the search-path-prefix branch August 16, 2023 15:12
@Ericson2314
Copy link
Member

Thanks for fixing this! (I probably wrote the original)

@trofi
Copy link
Contributor Author

trofi commented Aug 16, 2023

I think be518e7 changed (path.size() > s && path[s] != '/') to n > 0 && (path.size() - n) > 0. It's only a part of 2.17.0. Should be no need to backport anywhere.

@Ericson2314 Ericson2314 added backport 2.16-maintenance Automatically creates a PR against the branch backport 2.17-maintenance Automatically creates a PR against the branch labels Sep 6, 2023
@github-actions
Copy link

github-actions bot commented Sep 6, 2023

Backport failed for 2.15-maintenance, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally.

git fetch origin 2.15-maintenance
git worktree add -d .worktree/backport-8825-to-2.15-maintenance origin/2.15-maintenance
cd .worktree/backport-8825-to-2.15-maintenance
git checkout -b backport-8825-to-2.15-maintenance
ancref=$(git merge-base 5542c1f87ee3325bce8140f4087b12647b4107ef b74962c92b2d8d9b957934e0aefcf4983169ae1e)
git cherry-pick -x $ancref..b74962c92b2d8d9b957934e0aefcf4983169ae1e

@github-actions
Copy link

github-actions bot commented Sep 6, 2023

Backport failed for 2.16-maintenance, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally.

git fetch origin 2.16-maintenance
git worktree add -d .worktree/backport-8825-to-2.16-maintenance origin/2.16-maintenance
cd .worktree/backport-8825-to-2.16-maintenance
git checkout -b backport-8825-to-2.16-maintenance
ancref=$(git merge-base 5542c1f87ee3325bce8140f4087b12647b4107ef b74962c92b2d8d9b957934e0aefcf4983169ae1e)
git cherry-pick -x $ancref..b74962c92b2d8d9b957934e0aefcf4983169ae1e

@github-actions
Copy link

github-actions bot commented Sep 6, 2023

Backport failed for 2.15-maintenance, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally.

git fetch origin 2.15-maintenance
git worktree add -d .worktree/backport-8825-to-2.15-maintenance origin/2.15-maintenance
cd .worktree/backport-8825-to-2.15-maintenance
git checkout -b backport-8825-to-2.15-maintenance
ancref=$(git merge-base 5542c1f87ee3325bce8140f4087b12647b4107ef b74962c92b2d8d9b957934e0aefcf4983169ae1e)
git cherry-pick -x $ancref..b74962c92b2d8d9b957934e0aefcf4983169ae1e

@github-actions
Copy link

github-actions bot commented Sep 6, 2023

Backport failed for 2.16-maintenance, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally.

git fetch origin 2.16-maintenance
git worktree add -d .worktree/backport-8825-to-2.16-maintenance origin/2.16-maintenance
cd .worktree/backport-8825-to-2.16-maintenance
git checkout -b backport-8825-to-2.16-maintenance
ancref=$(git merge-base 5542c1f87ee3325bce8140f4087b12647b4107ef b74962c92b2d8d9b957934e0aefcf4983169ae1e)
git cherry-pick -x $ancref..b74962c92b2d8d9b957934e0aefcf4983169ae1e

@github-actions github-actions bot mentioned this pull request Sep 6, 2023
Merged
@github-actions
Copy link

github-actions bot commented Sep 6, 2023

Successfully created backport PR for 2.17-maintenance:

@github-actions
Copy link

github-actions bot commented Sep 6, 2023

Git push to origin failed for 2.17-maintenance with exitcode 1

@Ericson2314 Ericson2314 removed backport 2.15-maintenance Automatically creates a PR against the branch backport 2.16-maintenance Automatically creates a PR against the branch labels Sep 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edolstra edolstra Awaiting requested review from edolstra edolstra is a code owner

Assignees
No one assigned
Labels
backport 2.17-maintenance Automatically creates a PR against the branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@trofi @iFreilicht @Ericson2314 @edolstra