Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
196353002:
ensure that UnixDomainSocket::RecvMsgWithFlags doesn't memcpy from 0 (Closed)
|
Created:
6 years, 9 months ago by Mostyn Bramley-Moore Modified:
6 years, 9 months ago CC:
chromium-reviews, erikwright+watch_chromium.org Base URL:
svn://svn.chromium.org/chrome/trunk/src Visibility:
Public. |
Descriptionensure that UnixDomainSocket::RecvMsgWithFlags doesn't memcpy from 0
If wire_fds is never updated after being initialized to 0, then we should not memcpy from it.
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=257504
Patch Set 1 #
Messages
Total messages: 21 (0 generated)
@agl: I spotted this while testing static analyzer utils. I guess we could set errno to EPROTO in this case? Or use a DCHECK instead?
This is a false positive and it would be best if the static analyzer could be fixed. If that's too hard, then I guess I don't mind too much working around it.
It looks to me as though a malformed msghdr could hit this, but perhaps the source of this struct doesn't allow that to be the case? If we had a DCHECK(wire_fds) here it might be a little more understandable if such a problem occurs. This warning came from clang-analyzer, which suffers from lots of false positives, including a use-after-DCHECK unfortunately.
On 2014/03/12 15:38:53, Mostyn Bramley-Moore wrote: > It looks to me as though a malformed msghdr could hit this, but perhaps the > source of this struct doesn't allow that to be the case? If wire_fds is NULL then wire_fds_len is zero. The structure could contain an invalid length, but it comes from the kernel and the kernel doesn't need to do that sort of thing if it wants to mess with us. > This warning came from clang-analyzer, which suffers from lots of false > positives, including a use-after-DCHECK unfortunately. Does that mean that it's too hard to fix and we would prefer to workaround?
On 2014/03/12 15:57:53, agl wrote: > On 2014/03/12 15:38:53, Mostyn Bramley-Moore wrote: > > It looks to me as though a malformed msghdr could hit this, but perhaps the > > source of this struct doesn't allow that to be the case? > > If wire_fds is NULL then wire_fds_len is zero. The structure could contain an > invalid length, but it comes from the kernel and the kernel doesn't need to do > that sort of thing if it wants to mess with us. Oh I see. I guess the kernel is trustworthy. > > This warning came from clang-analyzer, which suffers from lots of false > > positives, including a use-after-DCHECK unfortunately. > > Does that mean that it's too hard to fix and we would prefer to workaround? I'm not sure how difficult it would be to fix clang-analyzer, I'm not familiar its internals. I suspect the use-after-dcheck warnings will probably be fixed at some point in the future, but that's just a guess. I'm happy to drop this CL if you want, or leave a DCHECK that might avoid the warning in a future version of clang-analyzer.
lgtm Eh, whatever. It's not a big deal and it's nice to be static-analysis clean.
The CQ bit was checked by mostynb@opera.com
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mostynb@opera.com/196353002/1
The CQ bit was unchecked by commit-bot@chromium.org
Retried try job too often on chromium_presubmit for step(s) presubmit http://build.chromium.org/p/tryserver.chromium/buildstatus?builder=chromium_p...
The CQ bit was checked by mostynb@opera.com
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mostynb@opera.com/196353002/1
The CQ bit was unchecked by commit-bot@chromium.org
Retried try job too often on chromium_presubmit for step(s) presubmit http://build.chromium.org/p/tryserver.chromium/buildstatus?builder=chromium_p...
@ajwong: can you OK this?
*ping* @willchan: perhaps you can give this a thumbs-up instead?
LGTM sorry for slow response...was at offsite most of last week.
> sorry for slow response...was at offsite most of last week. No problem- thanks for the review.
The CQ bit was checked by mostynb@opera.com
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mostynb@opera.com/196353002/1
Message was sent while issue was closed.
Change committed as 257504 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
