[systemd-devel] [PATCH] sd-bus: fix potential UB in bus_socket_auth_verify_client()
Lennart Poettering
mzqohf at 0pointer.de
Thu May 14 02:34:26 PDT 2015
On Wed, 13.05.15 19:16, Cristian RodrÃguez (crrodriguez at opensuse.org) wrote:
> When built with GCC undefined behaviour sanitizer the following problem
> surfaces:
>
> src/libsystemd/sd-bus/bus-socket.c:180:11: runtime error: null pointer
> passed as argument 1, which is declared to never be null
>
> Indeed, calling memmem where b->rbuffer == NULL is undefined
> behaviour.
Ah, well, the implementation of memmem() in glibc actually doesn't
have this limitation, only the prototype declares it. That's annoying.
> Fix that by returning if rbuffer is null or rbuffer_size < 2
I have now applied a different fix: memmem_safe() is to memmem() what
qsort_safe() is to qsort(): a small wrapper that allows NULL pointers
to be specified for zero-length buffers. I think this is the better
option here, I hope that makes sense,
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list