OLSR: Fix invalid-pointer-pair AddressSanitizer errors#1271
Draft
fxlb wants to merge 1 commit intothe-tcpdump-group:masterfrom
Draft
OLSR: Fix invalid-pointer-pair AddressSanitizer errors#1271fxlb wants to merge 1 commit intothe-tcpdump-group:masterfrom
fxlb wants to merge 1 commit intothe-tcpdump-group:masterfrom
Conversation
Member
fxlb
commented
Jan 4, 2025
fxlb
commented
Avoid adding a length value to a pointer. The result could be located
in an invalid (freed) region or could give a wild pointer.
tptr is initialized with:
tptr = pptr;
After tptr is incremented and pptr don't change.
Thus (tptr - pptr) is >= 0 and (u_int)(tptr - pptr) is XXXXXXXXXXXXX
The errors were:
1)
olsr-oobr-1 : TEST FAILED[...]
reading from file tests/olsr-oobr-1.pcap, link-type EN10MB (Ethernet),
snapshot length 61
=================================================================
==ERROR: AddressSanitizer: invalid-pointer-pair: 0x60600000004e
0x606000000852
#0 0x555555c32d61 in olsr_print [...]/print-olsr.c:346:17
0x60600000004e is located 46 bytes inside of 61-byte region
[0x606000000020,0x60600000005d)
allocated by thread T0 here:
#0 0x5555558d18ee in malloc ([...]/tcpdump+0x37d8ee)
the-tcpdump-group#1 0x555555cf37dc in pcap_check_header [...]/sf-pcap.c:480:14
0x606000000852 is located 1938 bytes after 64-byte region
[0x606000000080,0x6060000000c0)
freed by thread T0 here:
#0 0x5555558d1646 in __interceptor_free ([...]/tcpdump+0x37d646)
the-tcpdump-group#1 0x555555cd3144 in pcap_compile [...]/gencode.c:1009:3
previously allocated by thread T0 here:
#0 0x5555558d18ee in malloc ([...]/tcpdump+0x37d8ee)
the-tcpdump-group#1 0x555555cf76d0 in pcap_alloc [...]/scanner.c:5588:9
the-tcpdump-group#2 0x555555cf76d0 in pcap__scan_buffer [...]/scanner.c:5177:24
SUMMARY: AddressSanitizer: invalid-pointer-pair [...]/print-olsr.c:346:17
in olsr_print
2)
olsr-oobr-2 : TEST FAILED[...]
reading from file tests/olsr-oobr-2.pcap, link-type EN10MB (Ethernet),
snapshot length 81
=================================================================
==ERROR: AddressSanitizer: invalid-pointer-pair: 0x608000000062
0x60800000156f
#0 0x555555c32d61 in olsr_print [...]/print-olsr.c:346:17
0x608000000062 is located 66 bytes inside of 81-byte region
[0x608000000020,0x608000000071)
allocated by thread T0 here:
#0 0x5555558d18ee in malloc ([...]/tcpdump+0x37d8ee)
the-tcpdump-group#1 0x555555cf37dc in pcap_check_header [...]/sf-pcap.c:480:14
Address 0x60800000156f is a wild pointer inside of access range of size
0x000000000001.
SUMMARY: AddressSanitizer: invalid-pointer-pair [...]/print-olsr.c:346:17
in olsr_print
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.