Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libnixf: fix out-of-bounds access in Lexer::consumeManyOf #443

Merged
merged 1 commit into from
Apr 21, 2024
Merged

libnixf: fix out-of-bounds access in Lexer::consumeManyOf #443

merged 1 commit into from
Apr 21, 2024

Conversation

xokdvium
Copy link
Contributor

While bumping my system flake I ran into a test failing due to an out-of-bounds access. It got caught by _GLIBCXX_ASSERTIONS. I guess the not-so-recent bump of meson in nixpkgs brought in this commit from meson 1.4.0.

Here's the failing test logs and a backtrace:

nixd-nightly> >>> MALLOC_PERTURB_=222 LD_LIBRARY_PATH=/build/3gwj8jwd4ypvcahxqv3cn2fq617fm7v2-source/build/libnixbc:/build/3gwj8jwd4ypvcahxqv3cn2fq617fm7v2-source/build/libnixf:/build/3gwj8jwd4ypvcahxqv3cn2fq617fm7v2-source/build/libbc ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/3gwj8jwd4ypvcahxqv3cn2fq617fm7v2-source/build/libnixf/unit-libnixf-parse
nixd-nightly>  ✀
nixd-nightly> stdout:
nixd-nightly> Running main() from /build/source/googletest/src/gtest_main.cc
nixd-nightly> [==========] Running 90 tests from 2 test suites.
nixd-nightly> [----------] Global test environment set-up.
nixd-nightly> [----------] 15 tests from LexerTest
nixd-nightly> [ RUN      ] LexerTest.Integer
nixd-nightly> stderr:
nixd-nightly> /nix/store/NN152MGPDFCW92B3B03G9KMNLPD9JRIS-gcc-13.2.0/include/c++/13.2.0/string_view:258: constexpr const std::basic_string_view<_CharT, _Traits>::value_type& std::basic_string_view<_CharT, _Traits>::operator[](size_type) const [with _CharT = char; _Traits = std::char_traits<char>; const_reference = const char&; size_type = long unsigned int]: Assertion '__pos < this->_M_len' failed.

lldb backtrace:

(lldb) process launch --environment LD_LIBRARY_PATH=/home/xokdvium/Work/Programming/nixd/build/libnixf:/home/xokdvium/Work/Programming/nixd/build/libbc:/home/xokdvium/Work/Programming/nixd/build/libnixbc:/nix/store/fivm0vvpkfm933fd5gqj3dzni0pp50cg-pipewire-1.0.4-jack/lib ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=239 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1
Process 433026 launched: '/home/xokdvium/Work/Programming/nixd/build/libnixf/unit-libnixf-parse' (x86_64)
Running main() from /build/source/googletest/src/gtest_main.cc
[==========] Running 90 tests from 2 test suites.
[----------] Global test environment set-up.
[----------] 15 tests from LexerTest
[ RUN      ] LexerTest.Integer
/nix/store/NN152MGPDFCW92B3B03G9KMNLPD9JRIS-gcc-13.2.0/include/c++/13.2.0/string_view:258: constexpr const std::basic_string_view<_CharT, _Traits>::value_type& std::basic_string_view<_CharT, _Traits>::operator[](size_type) const [with _CharT = char; _Traits = std::char_traits<char>; const_reference = const char&; size_type = long unsigned int]: Assertion '__pos < this->_M_len' failed.
Process 433026 stopped
* thread #1, name = 'unit-libnixf-pa', stop reason = signal SIGABRT
    frame #0: 0x00007ffff7abfefc libc.so.6`__pthread_kill_implementation + 268
libc.so.6`__pthread_kill_implementation:
->  0x7ffff7abfefc <+268>: movl   %eax, %ebx
    0x7ffff7abfefe <+270>: negl   %ebx
    0x7ffff7abff00 <+272>: cmpl   $0xfffff000, %eax         ; imm = 0xFFFFF000
    0x7ffff7abff05 <+277>: movl   $0x0, %eax
(lldb) bt
* thread #1, name = 'unit-libnixf-pa', stop reason = signal SIGABRT
  * frame #0: 0x00007ffff7abfefc libc.so.6`__pthread_kill_implementation + 268
    frame #1: 0x00007ffff7a6fe86 libc.so.6`raise + 22
    frame #2: 0x00007ffff7a58935 libc.so.6`abort + 215
    frame #3: 0x00007ffff7d289fe libstdc++.so.6`std::__glibcxx_assert_fail(char const*, int, char const*, char const*) + 94
    frame #4: 0x00007ffff7f79f60 libnixf.so`std::basic_string_view<char, std::char_traits<char>>::operator[](this=<unavailable>, __pos=<unavailable>) const at string_view:258:2
    frame #5: 0x00007ffff7f782d6 libnixf.so`nixf::Lexer::consumeManyOf(std::basic_string_view<char, std::char_traits<char>>) [inlined] nixf::Lexer::peekUnwrap(this=0x00007fffffff73b0) const at Lexer.h:113:64
    frame #6: 0x00007ffff7f782ca libnixf.so`nixf::Lexer::consumeManyOf(this=0x00007fffffff73b0, Chars=<unavailable>) at Lexer.cpp:57:33
    frame #7: 0x00007ffff7f79258 libnixf.so`nixf::Lexer::lexNumbers() [inlined] nixf::Lexer::consumeManyDigits(this=0x00007fffffff73b0) at Lexer.h:81:25
    frame #8: 0x00007ffff7f7923f libnixf.so`nixf::Lexer::lexNumbers(this=0x00007fffffff73b0) at Lexer.cpp:195:30
    frame #9: 0x00007ffff7f79587 libnixf.so`nixf::Lexer::lex(this=0x00007fffffff73b0) at Lexer.cpp:471:15
    frame #10: 0x0000000000408a77 unit-libnixf-parse`(anonymous namespace)::LexerTest_Integer_Test::TestBody(this=0x00000000004844b0) const at Lexer.cpp:32:21
    frame #11: 0x00007ffff7f0625d libgtest.so.1.14.0`void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) + 77
    frame #12: 0x00007ffff7eed06e libgtest.so.1.14.0`testing::Test::Run() + 206
    frame #13: 0x00007ffff7eed225 libgtest.so.1.14.0`testing::TestInfo::Run() + 405
    frame #14: 0x00007ffff7eed457 libgtest.so.1.14.0`testing::TestSuite::Run() + 519
    frame #15: 0x00007ffff7efc9e7 libgtest.so.1.14.0`testing::internal::UnitTestImpl::RunAllTests() + 1143
    frame #16: 0x00007ffff7eed65b libgtest.so.1.14.0`testing::UnitTest::Run() + 123
    frame #17: 0x00007ffff7f230c0 libgtest_main.so.1.14.0`main + 64
    frame #18: 0x00007ffff7a5a10e libc.so.6`__libc_start_call_main + 126
    frame #19: 0x00007ffff7a5a1c9 libc.so.6`__libc_start_main@@GLIBC_2.34 + 137
    frame #20: 0x00000000004073a5 unit-libnixf-parse`_start + 37

Maybe it's a good idea to bump nixpkgs for the new default meson behavior
or enable stdlib assertions with bounds-checking explicitly?

@xokdvium xokdvium requested a review from inclyc as a code owner April 20, 2024 17:30
@inclyc
Copy link
Member

inclyc commented Apr 21, 2024
edited
Loading

Are there any other test failures caught by this assertion?

@inclyc inclyc merged commit 9ab3f1f into nix-community:main Apr 21, 2024
18 checks passed
@inclyc inclyc added the bug Something isn't working label Apr 21, 2024
inclyc added a commit that referenced this pull request Apr 21, 2024
@inclyc
flake: update the lock
d2fabed 
#443 mentioned
meson updates with assertion enabled caught some out-of-bounds violation in our lexer,
bump flake version to make sure it is coveraged in our CI.
@inclyc inclyc mentioned this pull request Apr 21, 2024
Merged
inclyc added a commit that referenced this pull request Apr 21, 2024
@inclyc
flake: update the lock (#444)
b8a8581 
#443 mentioned meson updates
with assertion enabled caught some out-of-bounds violation in our lexer,
bump flake version to make sure it is coveraged in our CI.
@inclyc inclyc added the libnixf:parse The nixf parser label Apr 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@inclyc inclyc inclyc approved these changes

Assignees
No one assigned
Labels
bug Something isn't working libnixf:parse The nixf parser
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@xokdvium @inclyc