integrate util-linux with Coverity #1

evverx · 2020-07-13T16:03:57Z

No description provided.

For this to work, a daily cron job running on the master branch should be added: https://docs.travis-ci.com/user/cron-jobs/ The report can found at https://scan.coverity.com/projects/karelzak-util-linux Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

The fuzzer is supposed to cover `mnt_table_parse_stream`, which is used by systemd to parse /proc/self/mountinfo. The systemd project has run into memory leaks there at least twice: systemd/systemd#12252 (comment) systemd/systemd#8504 so it seems to be a good idea to continuously fuzz that particular function. The patch can be tested locally by installing clang and running ./tools/oss-fuzz.sh. Currently the fuzzer is failing with ``` ================================================================= ==96638==ERROR: LeakSanitizer: detected memory leaks Direct leak of 216 byte(s) in 1 object(s) allocated from: #0 0x50cd77 in calloc (/home/vagrant/util-linux/out/test_mount_fuzz+0x50cd77) #1 0x58716a in mnt_new_fs /home/vagrant/util-linux/libmount/src/fs.c:36:25 #2 0x54f224 in __table_parse_stream /home/vagrant/util-linux/libmount/src/tab_parse.c:728:9 #3 0x54eed8 in mnt_table_parse_stream /home/vagrant/util-linux/libmount/src/tab_parse.c:804:8 #4 0x5448b2 in LLVMFuzzerTestOneInput /home/vagrant/util-linux/libmount/src/fuzz.c:19:16 util-linux#5 0x44cc88 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/util-linux/out/test_mount_fuzz+0x44cc88) util-linux#6 0x44d8b0 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/home/vagrant/util-linux/out/test_mount_fuzz+0x44d8b0) util-linux#7 0x44e270 in fuzzer::Fuzzer::MutateAndTestOne() (/home/vagrant/util-linux/out/test_mount_fuzz+0x44e270) util-linux#8 0x450617 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/vagrant/util-linux/out/test_mount_fuzz+0x450617) util-linux#9 0x43adbb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/util-linux/out/test_mount_fuzz+0x43adbb) util-linux#10 0x42ad46 in main (/home/vagrant/util-linux/out/test_mount_fuzz+0x42ad46) util-linux#11 0x7fa084f621a2 in __libc_start_main (/lib64/libc.so.6+0x271a2) SUMMARY: AddressSanitizer: 216 byte(s) leaked in 1 allocation(s). INFO: to ignore leaks on libFuzzer side use -detect_leaks=0. ``` Once the bug is fixed and the OSS-Fuzz counterpart is merged it should be possible to turn on CIFuzz to make sure the fuzz target can be built and run for some time without crashing: https://google.github.io/oss-fuzz/getting-started/continuous-integration/

The fuzzer is supposed to cover `mnt_table_parse_stream`, which is used by systemd to parse /proc/self/mountinfo. The systemd project has run into memory leaks there at least twice: systemd/systemd#12252 (comment) systemd/systemd#8504 so it seems to be a good idea to continuously fuzz that particular function. The patch can be tested locally by installing clang and running ./tools/oss-fuzz.sh. Currently the fuzzer is failing with ``` ================================================================= ==96638==ERROR: LeakSanitizer: detected memory leaks Direct leak of 216 byte(s) in 1 object(s) allocated from: #0 0x50cd77 in calloc (/home/vagrant/util-linux/out/test_mount_fuzz+0x50cd77) #1 0x58716a in mnt_new_fs /home/vagrant/util-linux/libmount/src/fs.c:36:25 #2 0x54f224 in __table_parse_stream /home/vagrant/util-linux/libmount/src/tab_parse.c:728:9 #3 0x54eed8 in mnt_table_parse_stream /home/vagrant/util-linux/libmount/src/tab_parse.c:804:8 #4 0x5448b2 in LLVMFuzzerTestOneInput /home/vagrant/util-linux/libmount/src/fuzz.c:19:16 util-linux#5 0x44cc88 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/util-linux/out/test_mount_fuzz+0x44cc88) util-linux#6 0x44d8b0 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/home/vagrant/util-linux/out/test_mount_fuzz+0x44d8b0) util-linux#7 0x44e270 in fuzzer::Fuzzer::MutateAndTestOne() (/home/vagrant/util-linux/out/test_mount_fuzz+0x44e270) util-linux#8 0x450617 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/vagrant/util-linux/out/test_mount_fuzz+0x450617) util-linux#9 0x43adbb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/util-linux/out/test_mount_fuzz+0x43adbb) util-linux#10 0x42ad46 in main (/home/vagrant/util-linux/out/test_mount_fuzz+0x42ad46) util-linux#11 0x7fa084f621a2 in __libc_start_main (/lib64/libc.so.6+0x271a2) SUMMARY: AddressSanitizer: 216 byte(s) leaked in 1 allocation(s). INFO: to ignore leaks on libFuzzer side use -detect_leaks=0. ``` Once the bug is fixed and the OSS-Fuzz counterpart is merged it should be possible to turn on CIFuzz to make sure the fuzz target can be built and run for some time without crashing: https://google.github.io/oss-fuzz/getting-started/continuous-integration/ Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

Looks like those specifiers haven't been used since 6c9ab25 (where sscanf was removed) was merged. This should help to get util-linux to compile with MSan. Currently it's failing with ``` ... configure: error: libmount selected, but required scanf string alloc modifier not available ... configure:20240: ./conftest ==116617==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x496fd6 in main /home/vagrant/util-linux/conftest.c:171:6 #1 0x7f5eb85ea1a2 in __libc_start_main (/lib64/libc.so.6+0x271a2) #2 0x41c2cd in _start (/home/vagrant/util-linux/conftest+0x41c2cd) SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/vagrant/util-linux/conftest.c:171:6 in main Exiting configure:20240: $? = 77 ... configure:20265: $? = 0 configure:20265: ./conftest MemorySanitizer: bad pointer 0x000000496e60 ==116627==MemorySanitizer CHECK failed: /builddir/build/BUILD/compiler-rt-9.0.1.src/lib/msan/../sanitizer_common/sanitizer_allocator_secondary.h:177 "((IsAligned(reinterpret_cast<uptr>(p), page_size_))) != (0)" (0x0, 0x0) #0 0x41d1d8 in MsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/home/vagrant/util-linux/conftest+0x41d1d8) #1 0x484e1e in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/home/vagrant/util-linux/conftest+0x484e1e) #2 0x42066c in __msan::MsanDeallocate(__sanitizer::StackTrace*, void*) (/home/vagrant/util-linux/conftest+0x42066c) #3 0x424bc9 in free (/home/vagrant/util-linux/conftest+0x424bc9) #4 0x496fae in main /home/vagrant/util-linux/conftest.c:173:2 util-linux#5 0x7f2245f311a2 in __libc_start_main (/lib64/libc.so.6+0x271a2) util-linux#6 0x41c2cd in _start (/home/vagrant/util-linux/conftest+0x41c2cd) configure:20265: $? = 77 configure: program exited with status 77 ... | } configure:22568: result: no configure:22926: error: libmount selected, but required scanf string alloc modifier not available ```

Looks like those specifiers haven't been used since 6c9ab25 (where sscanf was removed) was merged. This should help to get util-linux to compile with MSan. Currently it's failing with ``` ... configure: error: libmount selected, but required scanf string alloc modifier not available ... configure:20240: ./conftest ==116617==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x496fd6 in main /home/vagrant/util-linux/conftest.c:171:6 #1 0x7f5eb85ea1a2 in __libc_start_main (/lib64/libc.so.6+0x271a2) #2 0x41c2cd in _start (/home/vagrant/util-linux/conftest+0x41c2cd) SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/vagrant/util-linux/conftest.c:171:6 in main Exiting configure:20240: $? = 77 ... configure:20265: $? = 0 configure:20265: ./conftest MemorySanitizer: bad pointer 0x000000496e60 ==116627==MemorySanitizer CHECK failed: /builddir/build/BUILD/compiler-rt-9.0.1.src/lib/msan/../sanitizer_common/sanitizer_allocator_secondary.h:177 "((IsAligned(reinterpret_cast<uptr>(p), page_size_))) != (0)" (0x0, 0x0) #0 0x41d1d8 in MsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/home/vagrant/util-linux/conftest+0x41d1d8) #1 0x484e1e in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/home/vagrant/util-linux/conftest+0x484e1e) #2 0x42066c in __msan::MsanDeallocate(__sanitizer::StackTrace*, void*) (/home/vagrant/util-linux/conftest+0x42066c) #3 0x424bc9 in free (/home/vagrant/util-linux/conftest+0x424bc9) #4 0x496fae in main /home/vagrant/util-linux/conftest.c:173:2 util-linux#5 0x7f2245f311a2 in __libc_start_main (/lib64/libc.so.6+0x271a2) util-linux#6 0x41c2cd in _start (/home/vagrant/util-linux/conftest+0x41c2cd) configure:20265: $? = 77 configure: program exited with status 77 ... | } configure:22568: result: no configure:22926: error: libmount selected, but required scanf string alloc modifier not available ``` Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

It seems to be failing with ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==13==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000055f428 bp 0x7ffc3743a170 sp 0x7ffc3743a080 T0) ==13==The signal is caused by a WRITE memory access. ==13==Hint: address points to the zero page. SCARINESS: 10 (null-deref) #0 0x55f428 in mnt_table_parse_next /src/util-linux/libmount/src/tab_parse.c:587:6 #1 0x55c200 in __table_parse_stream /src/util-linux/libmount/src/tab_parse.c:737:8 #2 0x55be38 in mnt_table_parse_stream /src/util-linux/libmount/src/tab_parse.c:809:8 #3 0x5511ff in LLVMFuzzerTestOneInput /src/util-linux/libmount/src/fuzz.c:21:16 #4 0x458a31 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:558:15 util-linux#5 0x458175 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3 util-linux#6 0x45a117 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:770:7 util-linux#7 0x45a319 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:799:3 util-linux#8 0x44a055 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:846:6 util-linux#9 0x471bf2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10 util-linux#10 0x7fe3bd93b83f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) util-linux#11 0x41f208 in _start (/out/test_mount_fuzz+0x41f208) DEDUP_TOKEN: mnt_table_parse_next--__table_parse_stream--mnt_table_parse_stream ```

Asciidoc for mario

This commit adds zone-aware magics and probing functions for zoned btrfs. The superblock (and its copies) are the only data structure in btrfs with a fixed location on a device. Since we cannot do overwrites in a sequential write required zone, we cannot place the superblock in the zone. Thus, zoned btrfs uses superblock log writing to update superblocks on sequential write required zones. It uses two zones as a circular buffer to write updated superblocks. Once the first zone is filled up, start writing into the second buffer. When both zones are filled up, and before starting to write to the first zone again, it reset the first zone. We can determine the position of the latest superblock by reading the write pointer information from a device. One corner case is when both zones are full. For this situation, we read out the last superblock of each zone and compare them to determine which zone is older. The magics can detect a superblock magic ("_BHRfs_M") at the beginning of zone #0 or zone #1 to see if it is zoned btrfs. When both zones are filled up, zoned btrfs resets the first zone to write a new superblock. If btrfs crashes at the moment, we do not see a superblock at zone #0. Thus, we need to check not only zone #0 but also zone #1. It also supports the temporary magic ("!BHRfS_M") in zone #0. Mkfs.btrfs first writes the temporary superblock to the zone during the mkfs process. It will survive there until the zones are filled up and reset. So, we also need to detect this temporary magic. Finally, this commit extends probe_btrfs() to load the latest superblock determined by the write pointers. Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>

Use the appropriate ioctl, if available, to check if a device is locked when we get an I/O error. Save the information so that we don't have to repeat the ioctl. Before: LIBBLKID_DEBUG=all blkid -p /dev/sdd2 206326: libblkid: INIT: library debug mask: 0xffff 206326: libblkid: INIT: library version: 2.38.1 [04-Aug-2022] Available "LIBBLKID_DEBUG=<name>[,...]|<mask>" debug masks: all [0xffff] : info about all subsystems cache [0x0004] : blkid tags cache config [0x0008] : config file utils dev [0x0010] : device utils devname [0x0020] : /proc/partitions evaluation devno [0x0040] : conversions to device name evaluate [0x0080] : tags resolving help [0x0001] : this help lowprobe [0x0100] : superblock/raids/partitions probing buffer [0x2000] : low-probing buffers probe [0x0200] : devices verification read [0x0400] : cache parsing save [0x0800] : cache writing tag [0x1000] : tags utils 206326: libblkid: LOWPROBE: allocate a new probe 206326: libblkid: LOWPROBE: zeroize wiper 206326: libblkid: LOWPROBE: ready for low-probing, offset=0, size=234584276992, zonesize=0 206326: libblkid: LOWPROBE: whole-disk: NO, regfile: NO 206326: libblkid: LOWPROBE: start probe 206326: libblkid: LOWPROBE: zeroize wiper 206326: libblkid: LOWPROBE: chain safeprobe superblocks ENABLED 206326: libblkid: LOWPROBE: --> starting probing loop [SUBLKS idx=-1] 206326: libblkid: LOWPROBE: [0] linux_raid_member: 206326: libblkid: LOWPROBE: call probefunc() 206326: libblkid: LOWPROBE: read: off=234584211456 len=64 206326: libblkid: LOWPROBE: read failed: Input/output error 206326: libblkid: LOWPROBE: <-- leaving probing loop (failed=-5) [SUBLKS idx=0] 206326: libblkid: LOWPROBE: freeing values list 206326: libblkid: LOWPROBE: end probe 206326: libblkid: LOWPROBE: zeroize wiper 206326: libblkid: LOWPROBE: free probe After: LIBBLKID_DEBUG=all blkid -p /dev/sdd2 206221: libblkid: INIT: library debug mask: 0xffff 206221: libblkid: INIT: library version: 2.38.1119 [28-Mar-2022] Available "LIBBLKID_DEBUG=<name>[,...]|<mask>" debug masks: all [0x00ffff] : info about all subsystems cache [0x000004] : blkid tags cache config [0x000008] : config file utils dev [0x000010] : device utils devname [0x000020] : /proc/partitions evaluation devno [0x000040] : conversions to device name evaluate [0x000080] : tags resolving help [0x000001] : this help lowprobe [0x000100] : superblock/raids/partitions probing buffer [0x002000] : low-probing buffers probe [0x000200] : devices verification read [0x000400] : cache parsing save [0x000800] : cache writing tag [0x001000] : tags utils 206221: libblkid: LOWPROBE: allocate a new probe 206221: libblkid: LOWPROBE: zeroize wiper 206221: libblkid: LOWPROBE: ready for low-probing, offset=0, size=234584276992, zonesize=0 206221: libblkid: LOWPROBE: whole-disk: NO, regfile: NO 206221: libblkid: LOWPROBE: start probe 206221: libblkid: LOWPROBE: zeroize wiper 206221: libblkid: LOWPROBE: chain safeprobe superblocks ENABLED 206221: libblkid: LOWPROBE: --> starting probing loop [SUBLKS idx=-1] 206221: libblkid: LOWPROBE: [0] linux_raid_member: 206221: libblkid: LOWPROBE: call probefunc() 206221: libblkid: LOWPROBE: read: off=234584211456 len=64 206221: libblkid: LOWPROBE: read failed: Input/output error 206221: libblkid: LOWPROBE: read: off=234584268800 len=256 206221: libblkid: LOWPROBE: read failed: Input/output error 206221: libblkid: LOWPROBE: read: off=0 len=256 206221: libblkid: LOWPROBE: read: off=4096 len=256 206221: libblkid: LOWPROBE: [1] ddf_raid_member: 206221: libblkid: LOWPROBE: call probefunc() 206221: libblkid: LOWPROBE: read: off=234584276480 len=512 206221: libblkid: LOWPROBE: read failed: Input/output error 206221: libblkid: LOWPROBE: [2] isw_raid_member: 206221: libblkid: LOWPROBE: call probefunc() 206221: libblkid: LOWPROBE: [3] lsi_mega_raid_member: 206221: libblkid: LOWPROBE: call probefunc() 206221: libblkid: LOWPROBE: [4] via_raid_member: 206221: libblkid: LOWPROBE: call probefunc() 206221: libblkid: LOWPROBE: [5] silicon_medley_raid_member: 206221: libblkid: LOWPROBE: call probefunc() 206221: libblkid: LOWPROBE: [6] nvidia_raid_member: 206221: libblkid: LOWPROBE: call probefunc() 206221: libblkid: LOWPROBE: [7] promise_fasttrack_raid_member: 206221: libblkid: LOWPROBE: call probefunc() 206221: libblkid: LOWPROBE: [8] hpt45x_raid_member: 206221: libblkid: LOWPROBE: call probefunc() 206221: libblkid: LOWPROBE: [9] hpt37x_raid_member: 206221: libblkid: LOWPROBE: read: off=4096 len=1024 206221: libblkid: BUFFER: reuse: off=4096 len=1024 (for off=4096 len=1024) 206221: libblkid: LOWPROBE: [10] adaptec_raid_member: 206221: libblkid: LOWPROBE: call probefunc() 206221: libblkid: LOWPROBE: [11] jmicron_raid_member: 206221: libblkid: LOWPROBE: call probefunc() 206221: libblkid: LOWPROBE: [12] bcache: 206221: libblkid: BUFFER: reuse: off=4096 len=1024 (for off=4096 len=1024) 206221: libblkid: LOWPROBE: [13] bcachefs: 206221: libblkid: BUFFER: reuse: off=4096 len=1024 (for off=4096 len=1024) 206221: libblkid: BUFFER: reuse: off=4096 len=1024 (for off=4096 len=1024) 206221: libblkid: LOWPROBE: [14] ceph_bluestore: 206221: libblkid: LOWPROBE: read: off=0 len=1024 206221: libblkid: LOWPROBE: [15] drbd: 206221: libblkid: LOWPROBE: call probefunc() 206221: libblkid: LOWPROBE: read: off=234584272896 len=104 206221: libblkid: LOWPROBE: read failed: Input/output error 206221: libblkid: LOWPROBE: read: off=234584272896 len=1392 206221: libblkid: LOWPROBE: read failed: Input/output error 206221: libblkid: LOWPROBE: [16] drbdmanage_control_volume: 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: LOWPROBE: [17] drbdproxy_datalog: 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: LOWPROBE: [18] LVM2_member: 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: LOWPROBE: read: off=1024 len=1024 206221: libblkid: BUFFER: reuse: off=1024 len=1024 (for off=1024 len=1024) 206221: libblkid: LOWPROBE: [19] LVM1_member: 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: LOWPROBE: [20] DM_snapshot_cow: 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: LOWPROBE: [21] DM_verity_hash: 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: LOWPROBE: [22] DM_integrity: 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: LOWPROBE: [23] crypto_LUKS: 206221: libblkid: LOWPROBE: call probefunc() 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=512) 206221: libblkid: LOWPROBE: assigning VERSION [superblocks] 206221: libblkid: LOWPROBE: assigning UUID [superblocks] 206221: libblkid: LOWPROBE: assigning LABEL [superblocks] 206221: libblkid: LOWPROBE: free value LABEL 206221: libblkid: LOWPROBE: assigning SUBSYSTEM [superblocks] 206221: libblkid: LOWPROBE: assigning TYPE [superblocks] 206221: libblkid: LOWPROBE: assigning USAGE [superblocks] 206221: libblkid: LOWPROBE: <-- leaving probing loop (type=crypto_LUKS) [SUBLKS idx=23] 206221: libblkid: LOWPROBE: freeing values list 206221: libblkid: LOWPROBE: chain safeprobe topology DISABLED 206221: libblkid: LOWPROBE: chain safeprobe partitions ENABLED 206221: libblkid: LOWPROBE: Resetting partitions values 206221: libblkid: LOWPROBE: --> starting probing loop [PARTS idx=-1] 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: LOWPROBE: gpt: ---> call probefunc() 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=512) 206221: libblkid: LOWPROBE: gpt: <--- (rc = 1) 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: LOWPROBE: ultrix: ---> call probefunc() 206221: libblkid: LOWPROBE: read: off=15872 len=512 206221: libblkid: LOWPROBE: ultrix: <--- (rc = 1) 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: LOWPROBE: read: off=28672 len=1024 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: LOWPROBE: atari: ---> call probefunc() 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=512) 206221: libblkid: LOWPROBE: atari: <--- (rc = 1) 206221: libblkid: LOWPROBE: <-- leaving probing loop (failed=1) [PARTS idx=12] 206221: libblkid: LOWPROBE: parts: start probing for partition entry 206221: libblkid: DEVNO: found devno 0x0830 as /dev/sdd 206221: libblkid: LOWPROBE: allocate a wholedisk probe 206221: libblkid: LOWPROBE: allocate a new probe 206221: libblkid: LOWPROBE: zeroize wiper 206221: libblkid: LOWPROBE: ready for low-probing, offset=0, size=256060514304, zonesize=0 206221: libblkid: LOWPROBE: whole-disk: YES, regfile: NO 206221: libblkid: LOWPROBE: partlist reset 206221: libblkid: LOWPROBE: parts: initialized partitions list (size=0) 206221: libblkid: LOWPROBE: --> starting probing loop [PARTS idx=-1] 206221: libblkid: LOWPROBE: read: off=0 len=1024 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=1024) 206221: libblkid: LOWPROBE: magic sboff=510, kboff=0 206221: libblkid: LOWPROBE: dos: ---> call probefunc() 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=512) 206221: libblkid: LOWPROBE: probably GPT -- ignore 206221: libblkid: LOWPROBE: dos: <--- (rc = 1) 206221: libblkid: LOWPROBE: gpt: ---> call probefunc() 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=0 len=512) 206221: libblkid: LOWPROBE: #1 valid PMBR partition 206221: libblkid: LOWPROBE: checking for GPT header at 1 206221: libblkid: BUFFER: reuse: off=0 len=1024 (for off=512 len=512) 206221: libblkid: LOWPROBE: read: off=1024 len=16384 206221: libblkid: LOWPROBE: parts: create a new partition table (type=gpt, offset=512) 206221: libblkid: LOWPROBE: parts: add partition (start=2048, size=41943040) 206221: libblkid: LOWPROBE: parts: add partition (start=41945088, size=458172416) 206221: libblkid: LOWPROBE: gpt: <--- (rc = 0) 206221: libblkid: LOWPROBE: <-- leaving probing loop (type=gpt) [PARTS idx=4] 206221: libblkid: LOWPROBE: partitions probe done [rc=0] 206221: libblkid: LOWPROBE: returning partitions binary data 206221: libblkid: LOWPROBE: trying to convert devno 0x832 to partition 206221: libblkid: LOWPROBE: searching by offset/size 206221: libblkid: LOWPROBE: assigning PART_ENTRY_SCHEME [partitions] 206221: libblkid: LOWPROBE: assigning PART_ENTRY_UUID [partitions] 206221: libblkid: LOWPROBE: assigning PART_ENTRY_TYPE [partitions] 206221: libblkid: LOWPROBE: assigning PART_ENTRY_NUMBER [partitions] 206221: libblkid: LOWPROBE: assigning PART_ENTRY_OFFSET [partitions] 206221: libblkid: LOWPROBE: assigning PART_ENTRY_SIZE [partitions] 206221: libblkid: LOWPROBE: assigning PART_ENTRY_DISK [partitions] 206221: libblkid: LOWPROBE: parts: end probing for partition entry [success] 206221: libblkid: LOWPROBE: partitions probe done [rc=0] 206221: libblkid: LOWPROBE: end probe 206221: libblkid: LOWPROBE: zeroize wiper 206221: libblkid: LOWPROBE: returning VERSION value 206221: libblkid: LOWPROBE: returning UUID value 206221: libblkid: LOWPROBE: returning SUBSYSTEM value 206221: libblkid: LOWPROBE: returning TYPE value 206221: libblkid: LOWPROBE: returning USAGE value 206221: libblkid: LOWPROBE: returning PART_ENTRY_SCHEME value 206221: libblkid: LOWPROBE: returning PART_ENTRY_UUID value 206221: libblkid: LOWPROBE: returning PART_ENTRY_TYPE value 206221: libblkid: LOWPROBE: returning PART_ENTRY_NUMBER value 206221: libblkid: LOWPROBE: returning PART_ENTRY_OFFSET value 206221: libblkid: LOWPROBE: returning PART_ENTRY_SIZE value 206221: libblkid: LOWPROBE: returning PART_ENTRY_DISK value /dev/sdd2: VERSION="2" UUID="a918f1d0-f1de-44f5-9d93-ce9dc15cc2c7" SUBSYSTEM="HW-OPAL" TYPE="crypto_LUKS" USAGE="crypto" PART_ENTRY_SCHEME="gpt" PART_ENTRY_UUID="39ed5135-46e4-ca44-837e-da3c0781367b" PART_ENTRY_TYPE="0fc63daf-8483-4772-8e79-3d69d8477de4" PART_ENTRY_NUMBER="2" PART_ENTRY_OFFSET="41945088" PART_ENTRY_SIZE="458172416" PART_ENTRY_DISK="8:48" 206221: libblkid: BUFFER: Resetting probing buffers 206221: libblkid: BUFFER: remove buffer: [off=0, len=256] 206221: libblkid: BUFFER: remove buffer: [off=4096, len=256] 206221: libblkid: BUFFER: remove buffer: [off=4096, len=1024] 206221: libblkid: BUFFER: remove buffer: [off=0, len=1024] 206221: libblkid: BUFFER: remove buffer: [off=1024, len=1024] 206221: libblkid: BUFFER: remove buffer: [off=15872, len=512] 206221: libblkid: BUFFER: remove buffer: [off=28672, len=1024] 206221: libblkid: LOWPROBE: buffers summary: 5120 bytes by 7 read() calls 206221: libblkid: LOWPROBE: resetting results 206221: libblkid: LOWPROBE: free value VERSION 206221: libblkid: LOWPROBE: free value UUID 206221: libblkid: LOWPROBE: free value SUBSYSTEM 206221: libblkid: LOWPROBE: free value TYPE 206221: libblkid: LOWPROBE: free value USAGE 206221: libblkid: LOWPROBE: free value PART_ENTRY_SCHEME 206221: libblkid: LOWPROBE: free value PART_ENTRY_UUID 206221: libblkid: LOWPROBE: free value PART_ENTRY_TYPE 206221: libblkid: LOWPROBE: free value PART_ENTRY_NUMBER 206221: libblkid: LOWPROBE: free value PART_ENTRY_OFFSET 206221: libblkid: LOWPROBE: free value PART_ENTRY_SIZE 206221: libblkid: LOWPROBE: free value PART_ENTRY_DISK 206221: libblkid: BUFFER: Resetting probing buffers 206221: libblkid: BUFFER: remove buffer: [off=0, len=1024] 206221: libblkid: BUFFER: remove buffer: [off=1024, len=16384] 206221: libblkid: LOWPROBE: buffers summary: 17408 bytes by 2 read() calls 206221: libblkid: LOWPROBE: free probe 206221: libblkid: LOWPROBE: free probe Signed-off-by: Luca Boccassi <bluca@debian.org>

If the fmt being parsed by block_size is exactly '%', *++fmt is the terminator and strchr will return a valid pointer to the terminator of spec rather than NULL, the while condition will pass and subsequent strchr will read past the end of fmt until a spec character is found again ASAN aborts with the following error on the first buffer overread: AddressSanitizer: heap-buffer-overflow on address 0x602000000212 at pc 0x55bf1c4b2d78 bp 0x7ffe33c8cff0 sp 0x7ffe33c8cfe0 READ of size 1 at 0x602000000212 thread T0 #0 0x55bf1c4b2d77 in block_size ../text-utils/hexdump-parse.c:207 #1 0x55bf1c4ad36f in main ../text-utils/hexdump.c:214 #2 0x7f15f063c78f (/usr/lib/libc.so.6+0x2378f) #3 0x7f15f063c849 in __libc_start_main (/usr/lib/libc.so.6+0x23849) #4 0x55bf1c4ac6c4 in _start (../build/hexdump+0x86c4)

evverx force-pushed the coverity branch 16 times, most recently from af3ee1e to 5096ab9 Compare July 13, 2020 19:52

evverx force-pushed the coverity branch from 5096ab9 to 94a387c Compare July 13, 2020 19:55

docs: mention Coverity Scan and the Fossies codespell report

2092de0

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

evverx force-pushed the coverity branch from 94a387c to 2092de0 Compare July 13, 2020 20:33

evverx closed this Jul 14, 2020

evverx deleted the coverity branch July 14, 2020 10:29

evverx pushed a commit that referenced this pull request Oct 30, 2021

Merge pull request #1 from karelzak/asciidoc-for-mario

fc86ec9

Asciidoc for mario

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

integrate util-linux with Coverity #1

integrate util-linux with Coverity #1

Uh oh!

Uh oh!

Uh oh!

integrate util-linux with Coverity #1

integrate util-linux with Coverity #1

Uh oh!

Conversation

Uh oh!

Uh oh!