Invalid format string in a call to die() #5
Comments
|
Hi, the github issue tracker doesn't get used a whole lot. I've made draft patches to fix this bug and add the printf warnings. Can you contact me by email to let me know your email so I can credit you in the commit messages. |
|
Fix has been pushed to master. |
elmarco
added a commit
to elmarco/dtc
that referenced
this issue
Feb 28, 2023
./dtc -I dts -O dtb -o aliases.dtb /home/elmarco/src/dtc/tests/aliases.dts
=================================================================
==882911==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000113 at pc 0x7f34ba0abf50 bp 0x7ffc8db22450 sp 0x7ffc8db21c00
READ of size 4 at 0x602000000113 thread T0
#0 0x7f34ba0abf4f in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) (/lib64/libasan.so.8+0xabf4f)
#1 0x7f34ba0ac5e8 in memcmp (/lib64/libasan.so.8+0xac5e8)
dgibson#2 0x4282dc in check_spi_bus_bridge ../checks.c:1110
dgibson#3 0x41b08d in check_nodes_props ../checks.c:140
dgibson#4 0x41b9c4 in run_check ../checks.c:180
dgibson#5 0x430a3b in process_checks ../checks.c:2056
dgibson#6 0x436a90 in main ../dtc.c:327
dgibson#7 0x7f34b964a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
dgibson#8 0x7f34b964a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8)
dgibson#9 0x4025c4 in _start (/home/elmarco/src/dtc/build/dtc+0x4025c4)
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
elmarco
added a commit
to elmarco/dtc
that referenced
this issue
Feb 28, 2023
./dtc -I dts -O dtb -o overlay_base_manual_symbols.test.dtb /home/elmarco/src/dtc/tests/overlay_base_manual_symbols.dts
../data.c:109:2: runtime error: null pointer passed as argument 2, which is declared to never be null
=================================================================
==933317==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7f49a2aba6af in __interceptor_malloc (/lib64/libasan.so.8+0xba6af)
#1 0x43183d in xmalloc ../util.h:45
dgibson#2 0x43482f in data_add_marker ../data.c:230
dgibson#3 0x449bb8 in get_node_phandle ../livetree.c:632
dgibson#4 0x421058 in fixup_phandle_references ../checks.c:627
dgibson#5 0x41b0ba in check_nodes_props ../checks.c:141
dgibson#6 0x41b1c8 in check_nodes_props ../checks.c:144
dgibson#7 0x41b9f1 in run_check ../checks.c:181
dgibson#8 0x430a68 in process_checks ../checks.c:2057
dgibson#9 0x436abd in main ../dtc.c:327
dgibson#10 0x7f49a30d850f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
dgibson
pushed a commit
that referenced
this issue
Mar 1, 2023
./dtc -I dts -O dtb -o aliases.dtb /home/elmarco/src/dtc/tests/aliases.dts
=================================================================
==882911==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000113 at pc 0x7f34ba0abf50 bp 0x7ffc8db22450 sp 0x7ffc8db21c00
READ of size 4 at 0x602000000113 thread T0
#0 0x7f34ba0abf4f in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) (/lib64/libasan.so.8+0xabf4f)
#1 0x7f34ba0ac5e8 in memcmp (/lib64/libasan.so.8+0xac5e8)
#2 0x4282dc in check_spi_bus_bridge ../checks.c:1110
#3 0x41b08d in check_nodes_props ../checks.c:140
#4 0x41b9c4 in run_check ../checks.c:180
#5 0x430a3b in process_checks ../checks.c:2056
#6 0x436a90 in main ../dtc.c:327
#7 0x7f34b964a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
#8 0x7f34b964a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8)
#9 0x4025c4 in _start (/home/elmarco/src/dtc/build/dtc+0x4025c4)
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
elmarco
added a commit
to elmarco/dtc
that referenced
this issue
Mar 1, 2023
./dtc -I dts -O dtb -o overlay_base_manual_symbols.test.dtb /home/elmarco/src/dtc/tests/overlay_base_manual_symbols.dts
../data.c:109:2: runtime error: null pointer passed as argument 2, which is declared to never be null
=================================================================
==933317==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7f49a2aba6af in __interceptor_malloc (/lib64/libasan.so.8+0xba6af)
#1 0x43183d in xmalloc ../util.h:45
dgibson#2 0x43482f in data_add_marker ../data.c:230
dgibson#3 0x449bb8 in get_node_phandle ../livetree.c:632
dgibson#4 0x421058 in fixup_phandle_references ../checks.c:627
dgibson#5 0x41b0ba in check_nodes_props ../checks.c:141
dgibson#6 0x41b1c8 in check_nodes_props ../checks.c:144
dgibson#7 0x41b9f1 in run_check ../checks.c:181
dgibson#8 0x430a68 in process_checks ../checks.c:2057
dgibson#9 0x436abd in main ../dtc.c:327
dgibson#10 0x7f49a30d850f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
Only create data when necessary, and do not alias it.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
dgibson
pushed a commit
that referenced
this issue
Mar 1, 2023
./dtc -I dts -O dtb -o overlay_base_manual_symbols.test.dtb /home/elmarco/src/dtc/tests/overlay_base_manual_symbols.dts
../data.c:109:2: runtime error: null pointer passed as argument 2, which is declared to never be null
=================================================================
==933317==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7f49a2aba6af in __interceptor_malloc (/lib64/libasan.so.8+0xba6af)
#1 0x43183d in xmalloc ../util.h:45
#2 0x43482f in data_add_marker ../data.c:230
#3 0x449bb8 in get_node_phandle ../livetree.c:632
#4 0x421058 in fixup_phandle_references ../checks.c:627
#5 0x41b0ba in check_nodes_props ../checks.c:141
#6 0x41b1c8 in check_nodes_props ../checks.c:144
#7 0x41b9f1 in run_check ../checks.c:181
#8 0x430a68 in process_checks ../checks.c:2057
#9 0x436abd in main ../dtc.c:327
#10 0x7f49a30d850f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
Only create data when necessary, and do not alias it.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
[dwg: Small fixup for a slightly different approach to adjacent cleanups]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
In order to detect printf format issues, I am compiling Linux kernel with options like -Wmissing-format-attribute -Wformat=2. This lead me to add
__attribute__ ((format(printf, 1, 2)))tolexical_error()in dtc-lexer.l anddie()in util.h.Doing so triggered a compiler warning on the following code in dtc.c:
As variable
optargis a string, it should not be formatted with %d but with %s. As I have not found the mailing list archive of devicetree-compiler@vger.kernel.org (http://vger.kernel.org/vger-lists.html#devicetree-compiler references a link to http://dir.gmane.org/gmane.comp.devicetree.compiler which is empty), I do not know whether this bug has already been reported on the mailing list. This is why I am reporting it on Github.Thanks
The text was updated successfully, but these errors were encountered: