When compiled with '-fsanitize=undefined' running 'ovsdb-client
--timestamp monitor Open_vSwitch' in a sandbox triggers the following
undefined behavior (flagged by UBSan):
lib/dynamic-string.c:207:38: runtime error: applying zero offset to null
pointer
#0 0x196c05b in ds_put_strftime_msec lib/dynamic-string.c:207:38
#1 0x196c2aa in xastrftime_msec lib/dynamic-string.c:225:5
#2 0x1935f33 in pmd_info_show_perf lib/dpif-netdev.c:799:17
#3 0x1935f33 in dpif_netdev_pmd_info lib/dpif-netdev.c:1487:13
#4 0x1938155 in pmd_perf_show_cmd lib/dpif-netdev.c:1537:5
#5 0x1d7634b in process_command lib/unixctl.c:310:13
#6 0x1d7634b in run_connection lib/unixctl.c:344:17
#7 0x1d7634b in unixctl_server_run lib/unixctl.c:395:21
#8 0x168b5bd in main vswitchd/ovs-vswitchd.c:130:9
#9 0x7f6fa2fd8492 in __libc_start_main (/lib64/libc.so.6+0x23492)
#10 0xe6911d in _start (vswitchd/ovs-vswitchd+0xe6911d)
Reported-by: Ilya Maximets <i.maxim...@ovn.org>
Signed-off-by: Dumitru Ceara <dce...@redhat.com>
---
lib/dynamic-string.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/dynamic-string.c b/lib/dynamic-string.c
index fd0127ed1740..3d415af4f4e0 100644
--- a/lib/dynamic-string.c
+++ b/lib/dynamic-string.c
@@ -200,8 +200,8 @@ ds_put_strftime_msec(struct ds *ds, const char *template,
long long int when,
for (;;) {
size_t avail = ds->string ? ds->allocated - ds->length + 1 : 0;
- size_t used = strftime_msec(&ds->string[ds->length], avail, template,
- &tm);
+ char *dest = ds->string ? &ds->string[ds->length] : NULL;
+ size_t used = strftime_msec(dest, avail, template, &tm);
if (used) {
ds->length += used;
return;
--
2.27.0
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
