From 904050dd2dc09826e8ae59fd19eae95e8e7adcb7 Mon Sep 17 00:00:00 2001 From: Antonio Cardace Date: Wed, 12 Feb 2020 16:19:46 +0100 Subject: [PATCH] nm-logging: fix stack-use-after-scope error detected by asan asan error: ==6291==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffe6af12880 at pc 0x7fc8dd3321cd bp 0x7ffe6af11be0 sp 0x7ffe6af11388 READ of size 15 at 0x7ffe6af12880 thread T0 #0 0x7fc8dd3321cc (/lib64/libasan.so.5+0x4e1cc) #1 0x7fc8dcebcf29 in sd_journal_sendv ../src/journal/journal-send.c:226 #2 0x74d834 in _nm_log_impl ../src/nm-logging.c:778 #3 0x42485c in main ../src/main.c:379 #4 0x7fc8dca1b1a2 in __libc_start_main (/lib64/libc.so.6+0x271a2) #5 0x427e3d in _start (/work/NetworkManager/build/src/NetworkManager+0x427e3d) Address 0x7ffe6af12880 is located in stack of thread T0 at offset 736 in frame #0 0x74c26f in _nm_log_impl ../src/nm-logging.c:663 This frame has 9 object(s): [48, 56) 's_log_domains' (line 744) [80, 88) 'l_log_domains' (line 745) [112, 128) 'tv' (line 666) [144, 168) 'args' (line 664) [208, 240) 'g_copy' (line 670) [272, 312) 'cur_log_state_copy' (line 669) [352, 392) 'iov_free_data' (line 730) [432, 672) 'iov_data' (line 728) [736, 1024) 's_log_domains_buf' (line 743) <== Memory access at offset 736 is inside this variable --- src/nm-logging.c | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/src/nm-logging.c b/src/nm-logging.c index 9e0aa16563..d9764477f9 100644 --- a/src/nm-logging.c +++ b/src/nm-logging.c @@ -729,6 +729,11 @@ _nm_log_impl (const char *file, struct iovec *iov = iov_data; char *iov_free_data[5]; char **iov_free = iov_free_data; + const LogDesc *diter; + NMLogDomain dom_all; + char s_log_domains_buf[NM_STRLEN ("NM_LOG_DOMAINS=") + sizeof (_all_logging_domains_to_str)]; + char *s_log_domains; + gsize l_log_domains; now = nm_utils_get_monotonic_timestamp_nsec (); boottime = nm_utils_monotonic_timestamp_as_boottime (now, 1); @@ -737,25 +742,23 @@ _nm_log_impl (const char *file, _iovec_set_format (iov++, iov_free++, "MESSAGE="MESSAGE_FMT, MESSAGE_ARG (g->prefix, tv, msg)); _iovec_set_string (iov++, syslog_identifier_full (g->syslog_identifier)); _iovec_set_format_a (iov++, 30, "SYSLOG_PID=%ld", (long) getpid ()); - { - const LogDesc *diter; - NMLogDomain dom_all = domain; - char s_log_domains_buf[NM_STRLEN ("NM_LOG_DOMAINS=") + sizeof (_all_logging_domains_to_str)]; - char *s_log_domains = s_log_domains_buf; - gsize l_log_domains = sizeof (s_log_domains_buf); - nm_utils_strbuf_append_str (&s_log_domains, &l_log_domains, "NM_LOG_DOMAINS="); - for (diter = &domain_desc[0]; dom_all != 0 && diter->name; diter++) { - if (!NM_FLAGS_ANY (dom_all, diter->num)) - continue; - if (dom_all != domain) - nm_utils_strbuf_append_c (&s_log_domains, &l_log_domains, ','); - nm_utils_strbuf_append_str (&s_log_domains, &l_log_domains, diter->name); - dom_all &= ~diter->num; - } - nm_assert (l_log_domains > 0); - _iovec_set (iov++, s_log_domains_buf, s_log_domains - s_log_domains_buf); + dom_all = domain; + s_log_domains = s_log_domains_buf; + l_log_domains = sizeof (s_log_domains_buf); + + nm_utils_strbuf_append_str (&s_log_domains, &l_log_domains, "NM_LOG_DOMAINS="); + for (diter = &domain_desc[0]; dom_all != 0 && diter->name; diter++) { + if (!NM_FLAGS_ANY (dom_all, diter->num)) + continue; + if (dom_all != domain) + nm_utils_strbuf_append_c (&s_log_domains, &l_log_domains, ','); + nm_utils_strbuf_append_str (&s_log_domains, &l_log_domains, diter->name); + dom_all &= ~diter->num; } + nm_assert (l_log_domains > 0); + _iovec_set (iov++, s_log_domains_buf, s_log_domains - s_log_domains_buf); + G_STATIC_ASSERT_EXPR (LOG_FAC (LOG_DAEMON) == 3); _iovec_set_string_literal (iov++, "SYSLOG_FACILITY=3"); _iovec_set_format_str_a (iov++, 15, "NM_LOG_LEVEL=%s", level_desc[level].name);