Skip to content

Commit

Permalink
core: fix invalid read reported by address sanitizer
Browse files Browse the repository at this point in the history
=================================================================
==849267== ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff4caa7230 at pc 0x7ffdf8608687 bp 0x7fff4caa71b0 sp 0x7fff4caa71a0
READ of size 8 at 0x7fff4caa7230 thread T0
    #0 0x7ffdf8608686 in fi_tostr_ libfabric-current/src/fi_tostr.c:618
    #1 0x402f3a in run_test_set ofi/libfabric-current/fabtest/unit/size_left_test.c:262
    ofiwg#2 0x403457 in main libfabric-current/fabtest/unit/size_left_test.c:317
    ofiwg#3 0x7ffdf4819b14 in __libc_start_main (/usr/lib64/libc.so.6+0x21b14)
    ofiwg#4 0x401988 in _start (libfabric-1.4.0/ofi_inst/bin/fi_size_left_test+0x401988)
Address 0x7fff4caa7230 is located at offset 32 in frame <run_test_set> of T0's stack:
  This frame has 2 object(s):
    [32, 36) 'ep_type'
    [96, 104) 'info'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow libfabric-current/src/fi_tostr.c:618 fi_tostr_
Shadow bytes around the buggy address:
  0x10006994cdf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006994ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006994ce10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006994ce20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006994ce30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10006994ce40: 00 00 f1 f1 f1 f1[04]f4 f4 f4 f2 f2 f2 f2 00 f4
  0x10006994ce50: f4 f4 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
  0x10006994ce60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006994ce70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006994ce80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006994ce90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:     fa
  Heap righ redzone:     fb
  Freed Heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==849267== ABORTING

Signed-off-by: Sylvain Didelot <sdidelot@ddn.com>
  • Loading branch information
sydidelot committed Aug 3, 2017
1 parent 5cde39b commit 14e41b8
Showing 1 changed file with 22 additions and 22 deletions.
44 changes: 22 additions & 22 deletions src/fi_tostr.c
Original file line number Diff line number Diff line change
Expand Up @@ -640,16 +640,16 @@ __attribute__((visibility ("default")))
char *DEFAULT_SYMVER_PRE(fi_tostr)(const void *data, enum fi_type datatype)
{
static char *buf = NULL;
uint64_t val64;
uint32_t val32;
int enumval;
const uint64_t *val64;
const uint32_t *val32;
const int *enumval;

if (!data)
return NULL;

val64 = *(const uint64_t *) data;
val32 = *(const uint32_t *) data;
enumval = *(const int *) data;
val64 = (const uint64_t *) data;
val32 = (const uint32_t *) data;
enumval = (const int *) data;

if (!buf) {
buf = calloc(FI_BUFSIZ, 1);
Expand All @@ -663,16 +663,16 @@ char *DEFAULT_SYMVER_PRE(fi_tostr)(const void *data, enum fi_type datatype)
fi_tostr_info(buf, data);
break;
case FI_TYPE_EP_TYPE:
fi_tostr_ep_type(buf, enumval);
fi_tostr_ep_type(buf, *enumval);
break;
case FI_TYPE_CAPS:
fi_tostr_caps(buf, val64);
fi_tostr_caps(buf, *val64);
break;
case FI_TYPE_OP_FLAGS:
fi_tostr_flags(buf, val64);
fi_tostr_flags(buf, *val64);
break;
case FI_TYPE_ADDR_FORMAT:
fi_tostr_addr_format(buf, val32);
fi_tostr_addr_format(buf, *val32);
break;
case FI_TYPE_TX_ATTR:
fi_tostr_tx_attr(buf, data, "");
Expand All @@ -690,44 +690,44 @@ char *DEFAULT_SYMVER_PRE(fi_tostr)(const void *data, enum fi_type datatype)
fi_tostr_fabric_attr(buf, data, "");
break;
case FI_TYPE_THREADING:
fi_tostr_threading(buf, enumval);
fi_tostr_threading(buf, *enumval);
break;
case FI_TYPE_PROGRESS:
fi_tostr_progress(buf, enumval);
fi_tostr_progress(buf, *enumval);
break;
case FI_TYPE_PROTOCOL:
fi_tostr_protocol(buf, val32);
fi_tostr_protocol(buf, *val32);
break;
case FI_TYPE_MSG_ORDER:
fi_tostr_order(buf, val64);
fi_tostr_order(buf, *val64);
break;
case FI_TYPE_MODE:
fi_tostr_mode(buf, val64);
fi_tostr_mode(buf, *val64);
break;
case FI_TYPE_AV_TYPE:
fi_tostr_av_type(buf, enumval);
fi_tostr_av_type(buf, *enumval);
break;
case FI_TYPE_ATOMIC_TYPE:
fi_tostr_atomic_type(buf, enumval);
fi_tostr_atomic_type(buf, *enumval);
break;
case FI_TYPE_ATOMIC_OP:
fi_tostr_atomic_op(buf, enumval);
fi_tostr_atomic_op(buf, *enumval);
break;
case FI_TYPE_VERSION:
fi_tostr_version(buf);
break;
case FI_TYPE_EQ_EVENT:
fi_tostr_eq_event(buf, enumval);
fi_tostr_eq_event(buf, *enumval);
break;
case FI_TYPE_CQ_EVENT_FLAGS:
fi_tostr_cq_event_flags(buf, val64);
fi_tostr_cq_event_flags(buf, *val64);
break;
case FI_TYPE_MR_MODE:
/* mr_mode was an enum converted to int flags */
fi_tostr_mr_mode(buf, enumval);
fi_tostr_mr_mode(buf, *enumval);
break;
case FI_TYPE_OP_TYPE:
fi_tostr_op_type(buf, enumval);
fi_tostr_op_type(buf, *enumval);
break;
default:
strcatf(buf, "Unknown type");
Expand Down

0 comments on commit 14e41b8

Please sign in to comment.