Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix several cases of undefined behaviour, memory corruption and memory leaks #1060

Merged
merged 63 commits into from
Mar 2, 2022
Merged

Fix several cases of undefined behaviour, memory corruption and memory leaks #1060

merged 63 commits into from
Mar 2, 2022

Conversation

arogge
Copy link
Member

@arogge arogge commented Jan 31, 2022
edited
Loading

This PR fixes a lot (hopefully most) of the issues that you will uncover when running ctest after building with -fsanitize=address and -fsanitize=undefined.

Besides a lot of smaller changes fixing undefined behaviour and memory leaks, this PR fixes a long-standing bug in Bvsnprintf() and refactors dlist and htable to be templatized and type-safe.
We also disable warnings for invalid uses of offsetof (see specific commit for details) and stop building packages for Debian 9 and Univention 4.4.

Thank you for contributing to the Bareos Project!

Please check

  • Short description and the purpose of this PR is present above this paragraph
  • Your name is present in the AUTHORS file (optional)

If you have any questions or problems, please give a comment in the PR.

Helpful documentation and best practices

Checklist for the reviewer of the PR (will be processed by the Bareos team)

General
  • PR name is meaningful
  • Purpose of the PR is understood
  • Separate commit for this PR in the CHANGELOG.md, PR number referenced is same
  • Commit descriptions are understandable and well formatted
Source code quality
  • Source code changes are understandable
  • Variable and function names are meaningful
  • Code comments are correct (logically and spelling)
  • Required documentation changes are present and part of the PR
  • bareos-check-sources --since-merge does not report any problems
  • git status should not report modifications in the source tree after building and testing

@arogge arogge marked this pull request as draft January 31, 2022 18:45
@arogge arogge force-pushed the dev/arogge/master/fix-ub branch 5 times, most recently from 2e374eb to 8d5c3e6 Compare February 1, 2022 16:16
@arogge arogge changed the title Fix several cases of undefined behaviour Fix several cases of undefined behaviour, memory corruption and memory leaks Feb 3, 2022
@arogge arogge mentioned this pull request Feb 4, 2022
Closed
16 tasks
@arogge arogge force-pushed the dev/arogge/master/fix-ub branch 3 times, most recently from 65abc28 to 222a46d Compare February 7, 2022 20:52
@arogge arogge marked this pull request as ready for review February 8, 2022 14:14
@pstorz pstorz assigned pstorz and arogge and unassigned pstorz Feb 17, 2022
@arogge arogge force-pushed the dev/arogge/master/fix-ub branch 2 times, most recently from b66c94a to b655f2a Compare February 24, 2022 15:10
@arogge
build: stop building Debian 9
63f6296 
the Debian Project will EOL the LTS version of Debian 9 on 2022-06-20
which is way before the planned release of 22.0.0. As we will not build
Bareos 22 for Debian 9 we can disable it now. As Debian 9 was the last
system that did not have a compiler with full C++17 support, the
immediate benefit is that we can now finally use C++17.

We will also disable Univention 4.4, which is built on Debian 9.
@arogge
core: disable -Winvalid-offsetof if possible
8b66270 
Support for using offsetof() on non-standard-layout types is
conditionally-supported[1]. All compiler we're using seem to support
this, but are required to "emit a diagnostic" (i.e. warning).
This patch disables this warning to allow that non-portable usage.

[1] https://stackoverflow.com/q/47518542
@arogge
lib: fix undefined behaviour in ITEM() macro
aeed6f4 
Previously ITEM(c,m) was called with `c` being a NULL-pointer with the
type of one of BareosResource's children. It then took the address of
`c->m` as the offset of m within the type of `c`. This is undefined
behaviour. It also relies on `c == NULL`, which was never checked.

This patch replaces the existing method by using offsetof() with the
non-pointer type of `c` and its member `m`, removing all NULL-pointer
involvement and allowing to pass any pointer or non-pointer value of the
desired type.
@arogge
tests: fix linker-problem in test_dir_plugins.cc
c6ddc62 
When building with ubsan linking would fail, as RTTI for JobResource was
not available. With this patch all required objects are linked.
@arogge
tests: fix undefined behaviour in test_bsnprintf
2d5e9db 
Looks like underflowing a pointer is undefined behaviour, so we just
initialize with UINTPTR_MAX directly.
Also replaced macro-based conditional compile with constexpr-if.
@arogge
tests: split large dlist test into multiple tests
dc52a04 
and also stop calling dlist::init().
@arogge
findlib: improve initialization of include/exclude
c729ce4 
Instead of copy-initializing, we now call placement-new. Also contained
lists are default initialized by the constructor, so there is no need to
do this expliticly.
This will also allow us to remove dlist<T>::init() as this is the very
last use.
@arogge
win32: remove unused function
ec69fc0
@arogge
lib: extract dlistString from dlist.h
b79e9b6 
This patch extracts dlistString and implements some minor changes to
make it comply to the duck-typing that dlist<T> will expect in the
future (i.e. have a public member of type `dlist<T> link`).
@arogge
cats: make link member of database classes public
704032d 
In preparation of changes to dlink<T> we make the link member public, so
it can be accessed by dlink<T>'s constructor in a clean fashion.
alaaeddineelamri and others added 26 commits February 24, 2022 16:16
@alaaeddineelamri @arogge
address_conf.cc: removing unnecessary goto jump
dc84bf8
@alaaeddineelamri @arogge
lib: added missing pointer deletion
5f46c40
@alaaeddineelamri @arogge
dird: gtest: solved potential leak issues with prompts in UaContext
ae1e550 
prompts in `UaContext`s are created using `strdup()`,
but are not freed when destroying the `UaContext` they are in.
refactoring the multicolumn_prompts test
@arogge
fix memory leaks related to globbing_test
1813d6d
@arogge
tests: disable test_backtrace under asan
89f6df9 
Backtracing doesn't seem to be compatible to address sanitizing. So we
disable the backtrace test if asan is enabled.
@arogge
dird: fix memory leak in StoreRun()
a905815 
previously, StoreRun() allocated a new RunResource in pass 1, but didn't
free it. This patch converts StoreRun to use value semantics (i.e. just
use a local RunResource object) and copy that into a heap object if
needed during pass 2.
@arogge
tests: fix memory issues in bsock tests
8b76b2f
@arogge
fix memory leak in sd backends
8cad1bb
@arogge
stored: fix memory-leaks in droplet_device
02b8858
@arogge
test: fix leak in run_on_incoming_connect_interval
10dd9ec
@arogge
lib: fix use-after-free in timer_thread
ce3339d
@arogge
lib: support unterminated strings in Bvsnprintf()
16fd962 
previously fmtstr() only supported correctly null-terminated strings
when formatting %s, no matter what size specification was given. With
this patch, fmtstr() will no longer read past the specified bytes
required for the output that should be formatted.
@arogge
findlib: fix heap-overflow in xattr debug logging
7b9f072 
The debug logging for xattr did not limit the length of name even though
that value might not be null-terminated.
@arogge
lib: fix mem-leak in messages' DispatchMessage()
1c83b9a
@arogge
cats: fix memory issues in catalog-test
ff53655
@arogge
console: fix memory leaks
26e531d 
* free director's name when freeing a console resource
* remove `password` in favor of base class' `password_` to avoid
  confusion
@arogge
bscan: fix memory leak
e1426ab
@arogge
dir: fix memory leak in statistics thread
3b651fd
@arogge
stored: fix use-after-free in bextract
63254e9
@arogge
dbcheck: fix memory-leak in NameListHandler
755e2b3
@arogge
dird: fix mem-leak in DumpResource()
2e90b3b
@arogge
ndmp: fix compiler warnings in ndmjob program
e136cc0 
Fixes bareos#1412: Unable to build it, because of the default compiler flags on Fedora and unclean code
@arogge
plugins: reconfigure ASAN/LSAN for python code
9875e82 
This patch configures ASAN/LSAN to work correctly with python code. As
the embedded python interpreter will leak memory, we add a suppression
to ignore the problematic parts.
We also disable leak-detection and asan checking in the python module
tests, as these will not give reasonable results.
@alaaeddineelamri @arogge
globbing_test.cc: refactoring globbing test
cb634fc
@arogge
cmake: add option ENABLE_SANITIZERS
02b8d10 
This option enables Sanitizers for Addresses, Leaks and Undefinied
Behaviour.
@alaaeddineelamri @arogge
addresses_and_ports.cc: refactor
41639b5 
use only one configuration
making use of test fixtures
@arogge arogge merged commit 12896f4 into bareos:master Mar 2, 2022
@arogge arogge deleted the dev/arogge/master/fix-ub branch March 2, 2022 15:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alaaeddineelamri alaaeddineelamri alaaeddineelamri approved these changes

Assignees

@arogge arogge

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@arogge @alaaeddineelamri @pstorz