udev: input_id - extended device detection for touch screens#13
Conversation
This change switches to bools and separates bit flag evaluation from decision making and application of udev properties, while hopefully keeping the same semantics. Apart from using BTN_LEFT instead of BTN_MOUSE for mouse detection.
…ection A lot of touch screens use INPUT_PROP_DIRECT to indicate that touch input maps directly to the underlying screen, while the BTN_TOUCH bit might not be set.
Require touch screens to have a ABS_MT_SLOT axis while exclude devices that overlap with the MT range of axes.
Contributor
Closed
evverx
referenced
this pull request
in evverx/systemd
Mar 14, 2016
Fixes:
Message: Process 806 (systemd-importd) of user 0 dumped core.
Stack trace of thread 806:
#0 0x00007f5eaeff7227 raise (libc.so.6)
#1 0x00007f5eaeff8e8a abort (libc.so.6)
#2 0x000055b6d3418f4f log_assert_failed (systemd-importd)
#3 0x000055b6d3409daf safe_close (systemd-importd)
#4 0x000055b6d33c25ea closep (systemd-importd)
#5 0x000055b6d33c38d9 setup_machine_directory (systemd-importd)
#6 0x000055b6d33b8536 method_pull_tar_or_raw (systemd-importd)
#7 0x000055b6d33ed097 method_callbacks_run (systemd-importd)
#8 0x000055b6d33ef929 object_find_and_run (systemd-importd)
#9 0x000055b6d33eff6b bus_process_object (systemd-importd)
#10 0x000055b6d3447f77 process_message (systemd-importd)
#11 0x000055b6d344815a process_running (systemd-importd)
#12 0x000055b6d3448a10 bus_process_internal (systemd-importd)
#13 0x000055b6d3448ae1 sd_bus_process (systemd-importd)
#14 0x000055b6d3449779 time_callback (systemd-importd)
#15 0x000055b6d3454ff4 source_dispatch (systemd-importd)
#16 0x000055b6d34562b9 sd_event_dispatch (systemd-importd)
#17 0x000055b6d34566f8 sd_event_run (systemd-importd)
#18 0x000055b6d33ba72a bus_event_loop_with_idle (systemd-importd)
#19 0x000055b6d33b95bc manager_run (systemd-importd)
#20 0x000055b6d33b9766 main (systemd-importd)
#21 0x00007f5eaefe2a00 __libc_start_main (libc.so.6)
#22 0x000055b6d33b5569 _start (systemd-importd)
evverx
referenced
this pull request
in evverx/systemd
Jun 4, 2016
This makes systemctl robust regarding journal truncation. This is a follow-up for 2cf4172 Fixes: Core was generated by `./systemctl status systemd-journald'. Program terminated with signal SIGBUS, Bus error. PID 8569 - core TID 8569: #0 0x00007f246cc89ed6 __memcmp_sse4_1 #1 0x0000557ebbc6f42c journal_file_init_header #2 0x0000557ebbc77262 journal_file_open #3 0x0000557ebbc42999 file_type_wanted #4 0x0000557ebbc42e08 add_any_file #5 0x0000557ebbc43832 add_directory #6 0x0000557ebbc4401c add_root_directory #7 0x0000557ebbc442e9 add_root_directory #8 0x0000557ebbc446fc add_search_paths #9 0x0000557ebbbacb5e show_journal_by_unit #10 0x0000557ebbb8376d print_status_info #11 0x0000557ebbb86a0b show_one #12 0x0000557ebbb87954 show #13 0x0000557ebbc20b1f dispatch_verb #14 0x0000557ebbb90615 systemctl_main #15 0x0000557ebbb9159f main #16 0x00007f246cb3e731 __libc_start_main #17 0x0000557ebbb75ae9 _start
keszybz
pushed a commit
that referenced
this pull request
Jun 4, 2016
This makes systemctl robust regarding journal truncation. This is a follow-up for 2cf4172 Fixes: Core was generated by `./systemctl status systemd-journald'. Program terminated with signal SIGBUS, Bus error. PID 8569 - core TID 8569: #0 0x00007f246cc89ed6 __memcmp_sse4_1 #1 0x0000557ebbc6f42c journal_file_init_header #2 0x0000557ebbc77262 journal_file_open #3 0x0000557ebbc42999 file_type_wanted #4 0x0000557ebbc42e08 add_any_file #5 0x0000557ebbc43832 add_directory #6 0x0000557ebbc4401c add_root_directory #7 0x0000557ebbc442e9 add_root_directory #8 0x0000557ebbc446fc add_search_paths #9 0x0000557ebbbacb5e show_journal_by_unit #10 0x0000557ebbb8376d print_status_info #11 0x0000557ebbb86a0b show_one #12 0x0000557ebbb87954 show #13 0x0000557ebbc20b1f dispatch_verb #14 0x0000557ebbb90615 systemctl_main #15 0x0000557ebbb9159f main #16 0x00007f246cb3e731 __libc_start_main #17 0x0000557ebbb75ae9 _start
evverx
referenced
this pull request
in evverx/systemd
Jan 9, 2017
Fixes:
```
touch hola.service
systemctl link $(pwd)/hola.service $(pwd)/hola.service
```
```
==1==ERROR: AddressSanitizer: attempting double-free on 0x60300002c560 in thread T0 (systemd):
#0 0x7fc8c961cb00 in free (/lib64/libasan.so.3+0xc6b00)
#1 0x7fc8c90ebd3b in strv_clear src/basic/strv.c:83
#2 0x7fc8c90ebdb6 in strv_free src/basic/strv.c:89
#3 0x55637c758c77 in strv_freep src/basic/strv.h:37
#4 0x55637c763ba9 in method_enable_unit_files_generic src/core/dbus-manager.c:1960
#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
#18 0x55637c6a2194 in main src/core/main.c:1920
#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
#20 0x55637c697339 in _start (/usr/lib/systemd/systemd+0xcd339)
0x60300002c560 is located 0 bytes inside of 19-byte region [0x60300002c560,0x60300002c573)
freed by thread T0 (systemd) here:
#0 0x7fc8c961cb00 in free (/lib64/libasan.so.3+0xc6b00)
#1 0x7fc8c90ee320 in strv_remove src/basic/strv.c:630
#2 0x7fc8c90ee190 in strv_uniq src/basic/strv.c:602
#3 0x7fc8c9180533 in unit_file_link src/shared/install.c:1996
#4 0x55637c763b25 in method_enable_unit_files_generic src/core/dbus-manager.c:1985
#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
#18 0x55637c6a2194 in main src/core/main.c:1920
#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
previously allocated by thread T0 (systemd) here:
#0 0x7fc8c95b0160 in strdup (/lib64/libasan.so.3+0x5a160)
#1 0x7fc8c90edf32 in strv_extend src/basic/strv.c:552
#2 0x7fc8c923ae41 in bus_message_read_strv_extend src/libsystemd/sd-bus/bus-message.c:5578
#3 0x7fc8c923b0de in sd_bus_message_read_strv src/libsystemd/sd-bus/bus-message.c:5600
#4 0x55637c7639d1 in method_enable_unit_files_generic src/core/dbus-manager.c:1969
#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
#18 0x55637c6a2194 in main src/core/main.c:1920
#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
SUMMARY: AddressSanitizer: double-free (/lib64/libasan.so.3+0xc6b00) in free
==1==ABORTING
```
Closes systemd#5015
evverx
referenced
this pull request
in evverx/systemd
Jan 9, 2017
Fixes:
```
touch hola.service
systemctl link $(pwd)/hola.service $(pwd)/hola.service
```
```
==1==ERROR: AddressSanitizer: attempting double-free on 0x60300002c560 in thread T0 (systemd):
#0 0x7fc8c961cb00 in free (/lib64/libasan.so.3+0xc6b00)
#1 0x7fc8c90ebd3b in strv_clear src/basic/strv.c:83
#2 0x7fc8c90ebdb6 in strv_free src/basic/strv.c:89
#3 0x55637c758c77 in strv_freep src/basic/strv.h:37
#4 0x55637c763ba9 in method_enable_unit_files_generic src/core/dbus-manager.c:1960
#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
#18 0x55637c6a2194 in main src/core/main.c:1920
#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
#20 0x55637c697339 in _start (/usr/lib/systemd/systemd+0xcd339)
0x60300002c560 is located 0 bytes inside of 19-byte region [0x60300002c560,0x60300002c573)
freed by thread T0 (systemd) here:
#0 0x7fc8c961cb00 in free (/lib64/libasan.so.3+0xc6b00)
#1 0x7fc8c90ee320 in strv_remove src/basic/strv.c:630
#2 0x7fc8c90ee190 in strv_uniq src/basic/strv.c:602
#3 0x7fc8c9180533 in unit_file_link src/shared/install.c:1996
#4 0x55637c763b25 in method_enable_unit_files_generic src/core/dbus-manager.c:1985
#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
#18 0x55637c6a2194 in main src/core/main.c:1920
#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
previously allocated by thread T0 (systemd) here:
#0 0x7fc8c95b0160 in strdup (/lib64/libasan.so.3+0x5a160)
#1 0x7fc8c90edf32 in strv_extend src/basic/strv.c:552
#2 0x7fc8c923ae41 in bus_message_read_strv_extend src/libsystemd/sd-bus/bus-message.c:5578
#3 0x7fc8c923b0de in sd_bus_message_read_strv src/libsystemd/sd-bus/bus-message.c:5600
#4 0x55637c7639d1 in method_enable_unit_files_generic src/core/dbus-manager.c:1969
#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
#18 0x55637c6a2194 in main src/core/main.c:1920
#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
SUMMARY: AddressSanitizer: double-free (/lib64/libasan.so.3+0xc6b00) in free
==1==ABORTING
```
Closes systemd#5015
evverx
referenced
this pull request
in evverx/systemd
Jan 20, 2017
The simplest way to reproduce: ```diff diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c index bd289fa..7b0a5ef 100644 --- a/src/libsystemd-network/test-dhcp6-client.c +++ b/src/libsystemd-network/test-dhcp6-client.c @@ -168,7 +168,7 @@ static uint8_t msg_advertise[198] = { 0x00, 0x17, 0x00, 0x10, 0x20, 0x01, 0x0d, 0xb8, 0xde, 0xad, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x18, 0x00, 0x0b, - 0x03, 0x6c, 0x61, 0x62, 0x05, 0x69, 0x6e, 0x74, + 0x01, 0x6c, 0x01, 0x62, 0x00, 0x0a, 0x6e, 0x74, 0x72, 0x61, 0x00, 0x00, 0x1f, 0x00, 0x10, 0x20, 0x01, 0x0d, 0xb8, 0xde, 0xad, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, @@ -338,9 +338,7 @@ static int test_advertise_option(sd_event *e) { assert_se(!memcmp(addrs, &msg_advertise[124], r * 16)); r = sd_dhcp6_lease_get_domains(lease, &domains); - assert_se(r == 1); - assert_se(!strcmp("lab.intra", domains[0])); - assert_se(domains[1] == NULL); + assert_se(r == -ENOENT); r = sd_dhcp6_lease_get_ntp_addrs(lease, &addrs); assert_se(r == 1); ``` Fixes: ``` ================================================================= ==15043==ERROR: LeakSanitizer: detected memory leaks Direct leak of 4 byte(s) in 1 object(s) allocated from: #0 0x7f13c8564160 in strdup (/lib64/libasan.so.3+0x5a160) #1 0x7f13c7caaf69 in strv_extend src/basic/strv.c:552 #2 0x55f775787230 in dhcp6_option_parse_domainname src/libsystemd-network/dhcp6-option.c:399 #3 0x55f775788b96 in dhcp6_lease_set_domains src/libsystemd-network/sd-dhcp6-lease.c:225 #4 0x55f775774b95 in test_advertise_option src/libsystemd-network/test-dhcp6-client.c:287 #5 0x55f77577883e in main src/libsystemd-network/test-dhcp6-client.c:759 #6 0x7f13c7589400 in __libc_start_main (/lib64/libc.so.6+0x20400) Direct leak of 4 byte(s) in 1 object(s) allocated from: #0 0x7f13c8564160 in strdup (/lib64/libasan.so.3+0x5a160) #1 0x7f13c7caaf69 in strv_extend src/basic/strv.c:552 #2 0x55f775787230 in dhcp6_option_parse_domainname src/libsystemd-network/dhcp6-option.c:399 #3 0x55f775788b96 in dhcp6_lease_set_domains src/libsystemd-network/sd-dhcp6-lease.c:225 #4 0x55f775781348 in client_parse_message src/libsystemd-network/sd-dhcp6-client.c:807 #5 0x55f775781ba2 in client_receive_advertise src/libsystemd-network/sd-dhcp6-client.c:895 #6 0x55f775782453 in client_receive_message src/libsystemd-network/sd-dhcp6-client.c:994 #7 0x7f13c7e447f4 in source_dispatch src/libsystemd/sd-event/sd-event.c:2268 #8 0x7f13c7e471b0 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627 #9 0x7f13c7e47ab3 in sd_event_run src/libsystemd/sd-event/sd-event.c:2686 #10 0x7f13c7e47c21 in sd_event_loop src/libsystemd/sd-event/sd-event.c:2706 #11 0x55f77577863c in test_client_solicit src/libsystemd-network/test-dhcp6-client.c:737 #12 0x55f77577884b in main src/libsystemd-network/test-dhcp6-client.c:760 #13 0x7f13c7589400 in __libc_start_main (/lib64/libc.so.6+0x20400) SUMMARY: AddressSanitizer: 8 byte(s) leaked in 2 allocation(s). ```
keszybz
pushed a commit
that referenced
this pull request
Jan 24, 2017
The simplest way to reproduce: ```diff diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c index bd289fa..7b0a5ef 100644 --- a/src/libsystemd-network/test-dhcp6-client.c +++ b/src/libsystemd-network/test-dhcp6-client.c @@ -168,7 +168,7 @@ static uint8_t msg_advertise[198] = { 0x00, 0x17, 0x00, 0x10, 0x20, 0x01, 0x0d, 0xb8, 0xde, 0xad, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x18, 0x00, 0x0b, - 0x03, 0x6c, 0x61, 0x62, 0x05, 0x69, 0x6e, 0x74, + 0x01, 0x6c, 0x01, 0x62, 0x00, 0x0a, 0x6e, 0x74, 0x72, 0x61, 0x00, 0x00, 0x1f, 0x00, 0x10, 0x20, 0x01, 0x0d, 0xb8, 0xde, 0xad, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, @@ -338,9 +338,7 @@ static int test_advertise_option(sd_event *e) { assert_se(!memcmp(addrs, &msg_advertise[124], r * 16)); r = sd_dhcp6_lease_get_domains(lease, &domains); - assert_se(r == 1); - assert_se(!strcmp("lab.intra", domains[0])); - assert_se(domains[1] == NULL); + assert_se(r == -ENOENT); r = sd_dhcp6_lease_get_ntp_addrs(lease, &addrs); assert_se(r == 1); ``` Fixes: ``` ================================================================= ==15043==ERROR: LeakSanitizer: detected memory leaks Direct leak of 4 byte(s) in 1 object(s) allocated from: #0 0x7f13c8564160 in strdup (/lib64/libasan.so.3+0x5a160) #1 0x7f13c7caaf69 in strv_extend src/basic/strv.c:552 #2 0x55f775787230 in dhcp6_option_parse_domainname src/libsystemd-network/dhcp6-option.c:399 #3 0x55f775788b96 in dhcp6_lease_set_domains src/libsystemd-network/sd-dhcp6-lease.c:225 #4 0x55f775774b95 in test_advertise_option src/libsystemd-network/test-dhcp6-client.c:287 #5 0x55f77577883e in main src/libsystemd-network/test-dhcp6-client.c:759 #6 0x7f13c7589400 in __libc_start_main (/lib64/libc.so.6+0x20400) Direct leak of 4 byte(s) in 1 object(s) allocated from: #0 0x7f13c8564160 in strdup (/lib64/libasan.so.3+0x5a160) #1 0x7f13c7caaf69 in strv_extend src/basic/strv.c:552 #2 0x55f775787230 in dhcp6_option_parse_domainname src/libsystemd-network/dhcp6-option.c:399 #3 0x55f775788b96 in dhcp6_lease_set_domains src/libsystemd-network/sd-dhcp6-lease.c:225 #4 0x55f775781348 in client_parse_message src/libsystemd-network/sd-dhcp6-client.c:807 #5 0x55f775781ba2 in client_receive_advertise src/libsystemd-network/sd-dhcp6-client.c:895 #6 0x55f775782453 in client_receive_message src/libsystemd-network/sd-dhcp6-client.c:994 #7 0x7f13c7e447f4 in source_dispatch src/libsystemd/sd-event/sd-event.c:2268 #8 0x7f13c7e471b0 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627 #9 0x7f13c7e47ab3 in sd_event_run src/libsystemd/sd-event/sd-event.c:2686 #10 0x7f13c7e47c21 in sd_event_loop src/libsystemd/sd-event/sd-event.c:2706 #11 0x55f77577863c in test_client_solicit src/libsystemd-network/test-dhcp6-client.c:737 #12 0x55f77577884b in main src/libsystemd-network/test-dhcp6-client.c:760 #13 0x7f13c7589400 in __libc_start_main (/lib64/libc.so.6+0x20400) SUMMARY: AddressSanitizer: 8 byte(s) leaked in 2 allocation(s). ```
2 tasks
keszybz
referenced
this pull request
in keszybz/systemd
May 25, 2017
…h file This adds a set of events CA_ENCODER_DONE_FILE, CA_DECODER_DONE_FILE and CA_SYNC_DONE_FILE which are returned whenever the state machines finished processing a file. This state may be used as local EOF marker. "casync mtree" now makes use of this to show the digest for eahc file after is is complete. The "casync" tool will now process events with the same generic handler function if possible, shortening the code a bit. Fixes: #13
whot
pushed a commit
to whot/systemd
that referenced
this pull request
Oct 10, 2017
Fixes:
```
touch hola.service
systemctl link $(pwd)/hola.service $(pwd)/hola.service
```
```
==1==ERROR: AddressSanitizer: attempting double-free on 0x60300002c560 in thread T0 (systemd):
#0 0x7fc8c961cb00 in free (/lib64/libasan.so.3+0xc6b00)
systemd#1 0x7fc8c90ebd3b in strv_clear src/basic/strv.c:83
systemd#2 0x7fc8c90ebdb6 in strv_free src/basic/strv.c:89
systemd#3 0x55637c758c77 in strv_freep src/basic/strv.h:37
systemd#4 0x55637c763ba9 in method_enable_unit_files_generic src/core/dbus-manager.c:1960
systemd#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
systemd#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
systemd#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
systemd#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
systemd#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
systemd#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
systemd#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
systemd#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
systemd#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
systemd#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
systemd#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
systemd#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
systemd#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
systemd#18 0x55637c6a2194 in main src/core/main.c:1920
systemd#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
systemd#20 0x55637c697339 in _start (/usr/lib/systemd/systemd+0xcd339)
0x60300002c560 is located 0 bytes inside of 19-byte region [0x60300002c560,0x60300002c573)
freed by thread T0 (systemd) here:
#0 0x7fc8c961cb00 in free (/lib64/libasan.so.3+0xc6b00)
systemd#1 0x7fc8c90ee320 in strv_remove src/basic/strv.c:630
systemd#2 0x7fc8c90ee190 in strv_uniq src/basic/strv.c:602
systemd#3 0x7fc8c9180533 in unit_file_link src/shared/install.c:1996
systemd#4 0x55637c763b25 in method_enable_unit_files_generic src/core/dbus-manager.c:1985
systemd#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
systemd#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
systemd#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
systemd#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
systemd#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
systemd#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
systemd#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
systemd#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
systemd#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
systemd#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
systemd#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
systemd#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
systemd#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
systemd#18 0x55637c6a2194 in main src/core/main.c:1920
systemd#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
previously allocated by thread T0 (systemd) here:
#0 0x7fc8c95b0160 in strdup (/lib64/libasan.so.3+0x5a160)
systemd#1 0x7fc8c90edf32 in strv_extend src/basic/strv.c:552
systemd#2 0x7fc8c923ae41 in bus_message_read_strv_extend src/libsystemd/sd-bus/bus-message.c:5578
systemd#3 0x7fc8c923b0de in sd_bus_message_read_strv src/libsystemd/sd-bus/bus-message.c:5600
systemd#4 0x55637c7639d1 in method_enable_unit_files_generic src/core/dbus-manager.c:1969
systemd#5 0x55637c763d16 in method_link_unit_files src/core/dbus-manager.c:2001
systemd#6 0x7fc8c92537ec in method_callbacks_run src/libsystemd/sd-bus/bus-objects.c:418
systemd#7 0x7fc8c9258830 in object_find_and_run src/libsystemd/sd-bus/bus-objects.c:1255
systemd#8 0x7fc8c92594d7 in bus_process_object src/libsystemd/sd-bus/bus-objects.c:1371
systemd#9 0x7fc8c91e7553 in process_message src/libsystemd/sd-bus/sd-bus.c:2563
systemd#10 0x7fc8c91e78ce in process_running src/libsystemd/sd-bus/sd-bus.c:2605
systemd#11 0x7fc8c91e8f61 in bus_process_internal src/libsystemd/sd-bus/sd-bus.c:2837
systemd#12 0x7fc8c91e90d2 in sd_bus_process src/libsystemd/sd-bus/sd-bus.c:2856
systemd#13 0x7fc8c91ea8f9 in io_callback src/libsystemd/sd-bus/sd-bus.c:3126
systemd#14 0x7fc8c928333b in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
systemd#15 0x7fc8c9285cf7 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
systemd#16 0x7fc8c92865fa in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
systemd#17 0x55637c6b5257 in manager_loop src/core/manager.c:2274
systemd#18 0x55637c6a2194 in main src/core/main.c:1920
systemd#19 0x7fc8c7ac7400 in __libc_start_main (/lib64/libc.so.6+0x20400)
SUMMARY: AddressSanitizer: double-free (/lib64/libasan.so.3+0xc6b00) in free
==1==ABORTING
```
Closes systemd#5015
(cherry picked from commit 8af35ba)
Related: #1409997
keszybz
referenced
this pull request
in keszybz/systemd
Dec 20, 2017
In general we'd leak anything that was allocated in the first parsing of
netdev, e.g. netdev name, host name, etc. Use normal netdev_unref to make sure
everything is freed.
--- command ---
/home/zbyszek/src/systemd/build2/test-network
--- stderr ---
/etc/systemd/network/wg0.netdev:3: Failed to parse netdev kind, ignoring: wireguard
/etc/systemd/network/wg0.netdev:5: Unknown section 'WireGuard'. Ignoring.
/etc/systemd/network/wg0.netdev:9: Unknown section 'WireGuardPeer'. Ignoring.
NetDev has no Kind configured in /etc/systemd/network/wg0.netdev. Ignoring
/etc/systemd/network/br0.network:13: Unknown lvalue 'NetDev' in section 'Network'
br0: netdev ready
=================================================================
==11666==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x7f3a314cf238 in __interceptor_strdup (/lib64/libasan.so.4+0x77238)
#1 0x7f3a30e71ad1 in free_and_strdup ../src/basic/string-util.c:870
#2 0x7f3a30d34fba in config_parse_ifname ../src/shared/conf-parser.c:981
#3 0x7f3a30d2f5b0 in next_assignment ../src/shared/conf-parser.c:155
#4 0x7f3a30d30303 in parse_line ../src/shared/conf-parser.c:273
#5 0x7f3a30d30dee in config_parse ../src/shared/conf-parser.c:390
#6 0x7f3a30d310a5 in config_parse_many_files ../src/shared/conf-parser.c:428
#7 0x7f3a30d3181c in config_parse_many ../src/shared/conf-parser.c:487
#8 0x55b4200f9b00 in netdev_load_one ../src/network/netdev/netdev.c:634
#9 0x55b4200fb562 in netdev_load ../src/network/netdev/netdev.c:778
#10 0x55b4200c607a in manager_load_config ../src/network/networkd-manager.c:1299
#11 0x55b4200818e0 in test_load_config ../src/network/test-network.c:128
#12 0x55b42008343b in main ../src/network/test-network.c:254
#13 0x7f3a305f8889 in __libc_start_main (/lib64/libc.so.6+0x20889)
SUMMARY: AddressSanitizer: 4 byte(s) leaked in 1 allocation(s).
-------
poettering
pushed a commit
that referenced
this pull request
Dec 20, 2017
In general we'd leak anything that was allocated in the first parsing of
netdev, e.g. netdev name, host name, etc. Use normal netdev_unref to make sure
everything is freed.
--- command ---
/home/zbyszek/src/systemd/build2/test-network
--- stderr ---
/etc/systemd/network/wg0.netdev:3: Failed to parse netdev kind, ignoring: wireguard
/etc/systemd/network/wg0.netdev:5: Unknown section 'WireGuard'. Ignoring.
/etc/systemd/network/wg0.netdev:9: Unknown section 'WireGuardPeer'. Ignoring.
NetDev has no Kind configured in /etc/systemd/network/wg0.netdev. Ignoring
/etc/systemd/network/br0.network:13: Unknown lvalue 'NetDev' in section 'Network'
br0: netdev ready
=================================================================
==11666==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x7f3a314cf238 in __interceptor_strdup (/lib64/libasan.so.4+0x77238)
#1 0x7f3a30e71ad1 in free_and_strdup ../src/basic/string-util.c:870
#2 0x7f3a30d34fba in config_parse_ifname ../src/shared/conf-parser.c:981
#3 0x7f3a30d2f5b0 in next_assignment ../src/shared/conf-parser.c:155
#4 0x7f3a30d30303 in parse_line ../src/shared/conf-parser.c:273
#5 0x7f3a30d30dee in config_parse ../src/shared/conf-parser.c:390
#6 0x7f3a30d310a5 in config_parse_many_files ../src/shared/conf-parser.c:428
#7 0x7f3a30d3181c in config_parse_many ../src/shared/conf-parser.c:487
#8 0x55b4200f9b00 in netdev_load_one ../src/network/netdev/netdev.c:634
#9 0x55b4200fb562 in netdev_load ../src/network/netdev/netdev.c:778
#10 0x55b4200c607a in manager_load_config ../src/network/networkd-manager.c:1299
#11 0x55b4200818e0 in test_load_config ../src/network/test-network.c:128
#12 0x55b42008343b in main ../src/network/test-network.c:254
#13 0x7f3a305f8889 in __libc_start_main (/lib64/libc.so.6+0x20889)
SUMMARY: AddressSanitizer: 4 byte(s) leaked in 1 allocation(s).
-------
floppym
pushed a commit
to gentoo/systemd
that referenced
this pull request
Jan 13, 2018
In general we'd leak anything that was allocated in the first parsing of
netdev, e.g. netdev name, host name, etc. Use normal netdev_unref to make sure
everything is freed.
--- command ---
/home/zbyszek/src/systemd/build2/test-network
--- stderr ---
/etc/systemd/network/wg0.netdev:3: Failed to parse netdev kind, ignoring: wireguard
/etc/systemd/network/wg0.netdev:5: Unknown section 'WireGuard'. Ignoring.
/etc/systemd/network/wg0.netdev:9: Unknown section 'WireGuardPeer'. Ignoring.
NetDev has no Kind configured in /etc/systemd/network/wg0.netdev. Ignoring
/etc/systemd/network/br0.network:13: Unknown lvalue 'NetDev' in section 'Network'
br0: netdev ready
=================================================================
==11666==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x7f3a314cf238 in __interceptor_strdup (/lib64/libasan.so.4+0x77238)
systemd#1 0x7f3a30e71ad1 in free_and_strdup ../src/basic/string-util.c:870
systemd#2 0x7f3a30d34fba in config_parse_ifname ../src/shared/conf-parser.c:981
systemd#3 0x7f3a30d2f5b0 in next_assignment ../src/shared/conf-parser.c:155
systemd#4 0x7f3a30d30303 in parse_line ../src/shared/conf-parser.c:273
systemd#5 0x7f3a30d30dee in config_parse ../src/shared/conf-parser.c:390
systemd#6 0x7f3a30d310a5 in config_parse_many_files ../src/shared/conf-parser.c:428
systemd#7 0x7f3a30d3181c in config_parse_many ../src/shared/conf-parser.c:487
systemd#8 0x55b4200f9b00 in netdev_load_one ../src/network/netdev/netdev.c:634
systemd#9 0x55b4200fb562 in netdev_load ../src/network/netdev/netdev.c:778
systemd#10 0x55b4200c607a in manager_load_config ../src/network/networkd-manager.c:1299
systemd#11 0x55b4200818e0 in test_load_config ../src/network/test-network.c:128
systemd#12 0x55b42008343b in main ../src/network/test-network.c:254
systemd#13 0x7f3a305f8889 in __libc_start_main (/lib64/libc.so.6+0x20889)
SUMMARY: AddressSanitizer: 4 byte(s) leaked in 1 allocation(s).
-------
(cherry picked from commit 281bb5c)
iaguis
pushed a commit
to kinvolk/systemd
that referenced
this pull request
Feb 6, 2018
escape: fix exit code
keszybz
referenced
this pull request
in keszybz/systemd
Mar 10, 2018
Fuzzing with AddressSanitizer reports an error here:
==11==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fe53f5497d8 at pc 0x7fe53ef055c9 bp 0x7ffd344e9380 sp 0x7ffd344e9378
READ of size 4 at 0x7fe53f5497d8 thread T0
SCARINESS: 27 (4-byte-read-global-buffer-overflow-far-from-bounds)
#0 0x7fe53ef055c8 in bus_error_name_to_errno /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:118:24
#1 0x7fe53ef0577b in bus_error_setfv /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:274:17
#2 0x7fe53ef0595a in sd_bus_error_setf /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:284:21
#3 0x561059 in manager_load_unit_prepare /work/build/../../src/systemd/src/core/manager.c
#4 0x560680 in manager_load_unit /work/build/../../src/systemd/src/core/manager.c:1773:13
#5 0x5d49a6 in unit_add_dependency_by_name /work/build/../../src/systemd/src/core/unit.c:2882:13
#6 0x538996 in config_parse_unit_deps /work/build/../../src/systemd/src/core/load-fragment.c:152:21
#7 0x6db771 in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:155:32
#8 0x6d697e in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:273:16
#9 0x6d5c48 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:390:21
#10 0x535678 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-unit-file.c:41:16
#11 0x73bd60 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:517:13
#12 0x73a39f in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:442:3
#13 0x73d9bc in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:650:19
#14 0x73fa05 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:773:5
#15 0x71f75d in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:754:6
#16 0x71285c in main /src/libfuzzer/FuzzerMain.cpp:20:10
#17 0x7fe53da0482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#18 0x430e68 in _start (/out/fuzz-unit-file+0x430e68)
0x7fe53f5497d8 is located 8 bytes to the right of global variable 'bus_common_errors' defined in '../../src/systemd/src/libsystemd/sd-bus/bus-common-errors.c:28:51' (0x7fe53f549300) of size 1232
SUMMARY: AddressSanitizer: global-buffer-overflow /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:118:24 in bus_error_name_to_errno
Shadow bytes around the buggy address:
0x0ffd27ea12a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ffd27ea12f0: 00 00 00 00 00 00 00 00 00 00 f9[f9]f9 f9 f9 f9
0x0ffd27ea1300: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0ffd27ea1310: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0ffd27ea1320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea1330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea1340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==11==ABORTING
but I think it's a false positive because of our low-level magic in how this
area is constructed.
keszybz
referenced
this pull request
in keszybz/systemd
Mar 10, 2018
Fuzzing with AddressSanitizer reports an error here:
==11==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fe53f5497d8 at pc 0x7fe53ef055c9 bp 0x7ffd344e9380 sp 0x7ffd344e9378
READ of size 4 at 0x7fe53f5497d8 thread T0
SCARINESS: 27 (4-byte-read-global-buffer-overflow-far-from-bounds)
#0 0x7fe53ef055c8 in bus_error_name_to_errno /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:118:24
#1 0x7fe53ef0577b in bus_error_setfv /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:274:17
#2 0x7fe53ef0595a in sd_bus_error_setf /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:284:21
#3 0x561059 in manager_load_unit_prepare /work/build/../../src/systemd/src/core/manager.c
#4 0x560680 in manager_load_unit /work/build/../../src/systemd/src/core/manager.c:1773:13
#5 0x5d49a6 in unit_add_dependency_by_name /work/build/../../src/systemd/src/core/unit.c:2882:13
#6 0x538996 in config_parse_unit_deps /work/build/../../src/systemd/src/core/load-fragment.c:152:21
#7 0x6db771 in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:155:32
#8 0x6d697e in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:273:16
#9 0x6d5c48 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:390:21
#10 0x535678 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-unit-file.c:41:16
#11 0x73bd60 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:517:13
#12 0x73a39f in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:442:3
#13 0x73d9bc in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:650:19
#14 0x73fa05 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:773:5
#15 0x71f75d in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:754:6
#16 0x71285c in main /src/libfuzzer/FuzzerMain.cpp:20:10
#17 0x7fe53da0482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#18 0x430e68 in _start (/out/fuzz-unit-file+0x430e68)
0x7fe53f5497d8 is located 8 bytes to the right of global variable 'bus_common_errors' defined in '../../src/systemd/src/libsystemd/sd-bus/bus-common-errors.c:28:51' (0x7fe53f549300) of size 1232
SUMMARY: AddressSanitizer: global-buffer-overflow /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:118:24 in bus_error_name_to_errno
Shadow bytes around the buggy address:
0x0ffd27ea12a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea12e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ffd27ea12f0: 00 00 00 00 00 00 00 00 00 00 f9[f9]f9 f9 f9 f9
0x0ffd27ea1300: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0ffd27ea1310: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0ffd27ea1320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea1330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffd27ea1340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==11==ABORTING
but I think it's a false positive because of our low-level magic in how this
area is constructed.
keszybz
referenced
this pull request
in keszybz/systemd
Jun 22, 2020
…tches
AddressSanitizer:DEADLYSIGNAL
=================================================================
==12==ERROR: AddressSanitizer: ABRT on unknown address 0x00000000000c (pc 0x7f0a518b3428 bp 0x7fffa463bfd0 sp 0x7fffa463be68 T0)
SCARINESS: 10 (signal)
#0 0x7f0a518b3428 in raise (/lib/x86_64-linux-gnu/libc.so.6+0x35428)
#1 0x7f0a518b5029 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x37029)
#2 0x7f0a52ca635a in log_assert_failed_realm /work/build/../../src/systemd/src/basic/log.c:819:9
#3 0x4eea92 in config_parse_wireguard_endpoint /work/build/../../src/systemd/src/network/netdev/wireguard.c:808:9
#4 0x7f0a52b2f74e in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:133:32
#5 0x7f0a52b2954e in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:242:16
#6 0x7f0a52b28911 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:377:21
#7 0x7f0a52b29ec6 in config_parse_many_files /work/build/../../src/systemd/src/shared/conf-parser.c:439:21
#8 0x7f0a52b2a5a6 in config_parse_many /work/build/../../src/systemd/src/shared/conf-parser.c:507:16
#9 0x4d8d6c in netdev_load_one /work/build/../../src/systemd/src/network/netdev/netdev.c:732:13
#10 0x4d3e2b in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/network/fuzz-netdev-parser.c:23:16
#11 0x6b3266 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:558:15
#12 0x6af860 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:470:3
#13 0x6b6970 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/libfuzzer/FuzzerLoop.cpp:770:7
#14 0x6b7376 in fuzzer::Fuzzer::Loop(std::__1::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/libfuzzer/FuzzerLoop.cpp:799:3
#15 0x67573f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:846:6
#16 0x667097 in main /src/libfuzzer/FuzzerMain.cpp:19:10
#17 0x7f0a5189e82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#18 0x4295a8 in _start (out/fuzz-netdev-parser+0x4295a8)
DEDUP_TOKEN: raise--abort--log_assert_failed_realm
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x35428) in raise
==12==ABORTING
keszybz
referenced
this pull request
in keszybz/systemd
Jun 22, 2020
We'd try to map a zero-byte buffer from a NULL pointer, which is undefined behaviour.
src/systemd/src/libsystemd/sd-bus/bus-message.c:3161:60: runtime error: applying zero offset to null pointer
#0 0x7f6ff064e691 in find_part /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:3161:60
#1 0x7f6ff0640788 in message_peek_body /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:3283:16
#2 0x7f6ff064e8db in enter_struct_or_dict_entry /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:3967:21
#3 0x7f6ff06444ac in bus_message_enter_struct /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:4009:13
#4 0x7f6ff0641dde in sd_bus_message_enter_container /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:4136:21
#5 0x7f6ff0619874 in sd_bus_message_dump /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-dump.c:178:29
#6 0x4293d9 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-bus-message.c:39:9
#7 0x441986 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:558:15
#8 0x44121e in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:470:3
#9 0x443164 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/libfuzzer/FuzzerLoop.cpp:770:7
#10 0x4434bc in fuzzer::Fuzzer::Loop(std::__1::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/libfuzzer/FuzzerLoop.cpp:799:3
#11 0x42d2bc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:846:6
#12 0x42978a in main /src/libfuzzer/FuzzerMain.cpp:19:10
#13 0x7f6fef13c82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#14 0x407808 in _start (out/fuzz-bus-message+0x407808)
taskset
added a commit
to taskset/systemd
that referenced
this pull request
Sep 15, 2020
The stack is as follows:
(gdb) bt
#0 0x00007f644f19e8c7 in kill () from /lib64/libc.so.6
#1 0x00005556566edcdd in crash (sig=6) at src/core/main.c:206
#2 <signal handler called>
#3 0x00007f644f19e5f7 in raise () from /lib64/libc.so.6
systemd#4 0x00007f644f19fce8 in abort () from /lib64/libc.so.6
systemd#5 0x0000555656756882 in log_assert_failed (text=text@entry=0x5556567fc545 "dev_autofs_fd >= 0",
file=file@entry=0x5556567fc3b4 "src/core/automount.c", line=line@entry=370,
func=func@entry=0x5556567fd0b4 <__PRETTY_FUNCTION__.17397> "open_ioctl_fd") at src/shared/log.c:754
systemd#6 0x00005556567b064a in open_ioctl_fd (dev_autofs_fd=-1, where=<optimized out>, devid=<optimized out>) at src/core/automount.c:370
systemd#7 0x00005556567b10f6 in automount_send_ready (a=a@entry=0x555656b79110, tokens=0x555656c8b560, status=status@entry=0)
at src/core/automount.c:469
systemd#8 0x00005556567b360e in automount_update_mount (a=0x555656b79110, old_state=old_state@entry=MOUNT_DEAD, state=state@entry=MOUNT_MOUNTED)
at src/core/automount.c:509
systemd#9 0x00005556567ac9e8 in mount_notify_automount (state=MOUNT_MOUNTED, old_state=MOUNT_DEAD, m=0x555656b77000) at src/core/mount.c:588
systemd#10 mount_set_state (m=m@entry=0x555656b77000, state=MOUNT_MOUNTED) at src/core/mount.c:619
systemd#11 0x00005556567ad068 in mount_coldplug (u=0x555656b77000, deferred_work=<optimized out>) at src/core/mount.c:671
systemd#12 0x000055565679c589 in unit_coldplug (u=0x555656b77000, deferred_work=deferred_work@entry=0x555656d3e070) at src/core/unit.c:2886
systemd#13 0x00005556566f031e in manager_coldplug (m=m@entry=0x555656ac5980) at src/core/manager.c:1125
systemd#14 0x00005556566f4a7a in manager_startup (m=0x555656ac5980, serialization=0x555656ac5230, fds=<optimized out>) at src/core/manager.c:1288
systemd#15 0x00005556566ea4e3 in main (argc=4, argv=0x7ffe78ac9848) at src/core/main.c:1798
(gdb) frame 7
at src/core/automount.c:469
469 ioctl_fd = open_ioctl_fd(UNIT(a)->manager->dev_autofs_fd, a->where, a->dev_id);
(gdb) p *a
$1 = {meta = {manager = 0x555656ac5980, type = UNIT_AUTOMOUNT, load_state = UNIT_LOADED, merged_into = 0x0,
id = 0x555656b29ce0 "proc-sys-fs-binfmt_misc.automount", instance = 0x0, names = 0x555656b79450, dependencies = {0x555656b78500, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x555656b794f0, 0x0, 0x0, 0x0, 0x0, 0x555656b76980, 0x555656b784c0, 0x0, 0x555656b76710, 0x0, 0x0, 0x0, 0x0,
0x555656b769f0, 0x555656b79530}, requires_mounts_for = 0x555656b76750,
description = 0x555656b76eb0 "Arbitrary Executable File Formats File System Automount Point", documentation = 0x555656b76960,
fragment_path = 0x555656b6e540 "/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.automount", source_path = 0x0, dropin_paths = 0x0,
fragment_mtime = 1595213181000000, source_mtime = 0, dropin_mtime = 0, job = 0x0, nop_job = 0x0, job_timeout = 0,
job_timeout_action = EMERGENCY_ACTION_NONE, job_timeout_reboot_arg = 0x0, refs_by_target = 0x0, conditions = 0x555656b769c0, asserts = 0x0,
condition_timestamp = {realtime = 1591608832758220, monotonic = 70060990954163}, assert_timestamp = {realtime = 1591608832758232,
monotonic = 70060990954175}, inactive_exit_timestamp = {realtime = 1591608832758666, monotonic = 70060990954609}, active_enter_timestamp = {
realtime = 1591608832758666, monotonic = 70060990954609}, active_exit_timestamp = {realtime = 1591608832758141,
monotonic = 70060990954084}, inactive_enter_timestamp = {realtime = 1591608832758141, monotonic = 70060990954084}, slice = {source = 0x0,
target = 0x0, refs_by_target_next = 0x0, refs_by_target_prev = 0x0}, units_by_type_next = 0x0, units_by_type_prev = 0x0,
has_requires_mounts_for_next = 0x0, has_requires_mounts_for_prev = 0x0, load_queue_next = 0x0, load_queue_prev = 0x0, dbus_queue_next = 0x0,
dbus_queue_prev = 0x0, cleanup_queue_next = 0x0, cleanup_queue_prev = 0x0, gc_queue_next = 0x555656b78840, gc_queue_prev = 0x555656b796c0,
cgroup_queue_next = 0x0, cgroup_queue_prev = 0x0, target_deps_queue_next = 0x0, target_deps_queue_prev = 0x0, pids = 0x0, sigchldgen = 0,
gc_marker = 0, auto_stop_ratelimit = {interval = 10000000, begin = 0, burst = 16, num = 0}, deserialized_job = -1, load_error = 0,
unit_file_state = _UNIT_FILE_STATE_INVALID, unit_file_preset = -1, cgroup_path = 0x0, cgroup_realized_mask = 0, cgroup_subtree_mask = 0,
cgroup_members_mask = 0, on_failure_job_mode = JOB_REPLACE, stop_when_unneeded = false, default_dependencies = false,
refuse_manual_start = false, refuse_manual_stop = false, allow_isolate = false, ignore_on_isolate = true, ignore_on_snapshot = false,
condition_result = true, assert_result = true, transient = false, in_load_queue = false, in_dbus_queue = false, in_cleanup_queue = false,
in_gc_queue = true, in_cgroup_queue = false, in_target_deps_queue = false, sent_dbus_new_signal = true, no_gc = false, in_audit = false,
cgroup_realized = false, cgroup_members_mask_valid = true, cgroup_subtree_mask_valid = true}, state = AUTOMOUNT_DEAD,
deserialized_state = AUTOMOUNT_RUNNING, where = 0x555656b76fd0 "/proc/sys/fs/binfmt_misc", timeout_idle_usec = 0, pipe_fd = 24,
pipe_event_source = 0x0, directory_mode = 493, dev_id = 1048609, tokens = 0x555656c8b560, expire_tokens = 0x0, expire_event_source = 0x0,
result = AUTOMOUNT_SUCCESS}
Fix it by processing manager->dev_autofs_fd before calling open_ioctl_fd.
vbatts
pushed a commit
to kinvolk/systemd
that referenced
this pull request
Nov 12, 2020
We'd try to map a zero-byte buffer from a NULL pointer, which is undefined behaviour.
src/systemd/src/libsystemd/sd-bus/bus-message.c:3161:60: runtime error: applying zero offset to null pointer
#0 0x7f6ff064e691 in find_part /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:3161:60
#1 0x7f6ff0640788 in message_peek_body /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:3283:16
#2 0x7f6ff064e8db in enter_struct_or_dict_entry /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:3967:21
#3 0x7f6ff06444ac in bus_message_enter_struct /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:4009:13
#4 0x7f6ff0641dde in sd_bus_message_enter_container /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:4136:21
#5 0x7f6ff0619874 in sd_bus_message_dump /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-dump.c:178:29
#6 0x4293d9 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-bus-message.c:39:9
#7 0x441986 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:558:15
systemd#8 0x44121e in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:470:3
systemd#9 0x443164 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/libfuzzer/FuzzerLoop.cpp:770:7
systemd#10 0x4434bc in fuzzer::Fuzzer::Loop(std::__1::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/libfuzzer/FuzzerLoop.cpp:799:3
systemd#11 0x42d2bc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:846:6
systemd#12 0x42978a in main /src/libfuzzer/FuzzerMain.cpp:19:10
systemd#13 0x7f6fef13c82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
systemd#14 0x407808 in _start (out/fuzz-bus-message+0x407808)
(cherry picked from commit b17af3e)
vbatts
pushed a commit
to kinvolk/systemd
that referenced
this pull request
Nov 12, 2020
We'd try to map a zero-byte buffer from a NULL pointer, which is undefined behaviour.
src/systemd/src/libsystemd/sd-bus/bus-message.c:3161:60: runtime error: applying zero offset to null pointer
#0 0x7f6ff064e691 in find_part /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:3161:60
#1 0x7f6ff0640788 in message_peek_body /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:3283:16
#2 0x7f6ff064e8db in enter_struct_or_dict_entry /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:3967:21
#3 0x7f6ff06444ac in bus_message_enter_struct /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:4009:13
#4 0x7f6ff0641dde in sd_bus_message_enter_container /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-message.c:4136:21
#5 0x7f6ff0619874 in sd_bus_message_dump /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-dump.c:178:29
#6 0x4293d9 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-bus-message.c:39:9
#7 0x441986 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:558:15
systemd#8 0x44121e in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:470:3
systemd#9 0x443164 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/libfuzzer/FuzzerLoop.cpp:770:7
systemd#10 0x4434bc in fuzzer::Fuzzer::Loop(std::__1::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/libfuzzer/FuzzerLoop.cpp:799:3
systemd#11 0x42d2bc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:846:6
systemd#12 0x42978a in main /src/libfuzzer/FuzzerMain.cpp:19:10
systemd#13 0x7f6fef13c82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
systemd#14 0x407808 in _start (out/fuzz-bus-message+0x407808)
(cherry picked from commit b17af3e)
vbatts
pushed a commit
to kinvolk/systemd
that referenced
this pull request
Nov 12, 2020
```
p11-kit-0.23.20-1.fc32.x86_64 pam-1.3.1-26.fc33.x86_64 xz-libs-5.2.5-1.fc33.x86_64 zlib-1.2.11-21.fc32.x86_64
(gdb) bt
lvalue=0x560e10 "SendOption", ltype=2, rvalue=0x560e1b "11:string", data=0x561e20, userdata=0x561cd0) at ../src/network/networkd-dhcp-common.c:580
table=0x4392e0 <network_network_gperf_lookup>, section=0x560ef0 "DHCPv4", section_line=14, lvalue=0x560e10 "SendOption", rvalue=0x560e1b "11:string", flags=CONFIG_PARSE_WARN,
userdata=0x561cd0) at ../src/shared/conf-parser.c:132
lookup=0x7ffff7d2f76d <config_item_perf_lookup>, table=0x4392e0 <network_network_gperf_lookup>, flags=CONFIG_PARSE_WARN, section=0x7fffffffc9f8, section_line=0x7fffffffc9a0,
section_ignored=0x7fffffffc99d, l=0x560e10 "SendOption", userdata=0x561cd0) at ../src/shared/conf-parser.c:270
lookup=0x7ffff7d2f76d <config_item_perf_lookup>, table=0x4392e0 <network_network_gperf_lookup>, flags=CONFIG_PARSE_WARN, userdata=0x561cd0) at ../src/shared/conf-parser.c:395
lookup=0x7ffff7d2f76d <config_item_perf_lookup>, table=0x4392e0 <network_network_gperf_lookup>, flags=CONFIG_PARSE_WARN, userdata=0x561cd0) at ../src/shared/conf-parser.c:452
dropin_dirname=0x7fffffffcbd0 "veth99.network.d", sections=0x4f3a18 "Match", lookup=0x7ffff7d2f76d <config_item_perf_lookup>, table=0x4392e0 <network_network_gperf_lookup>,
flags=CONFIG_PARSE_WARN, userdata=0x561cd0) at ../src/shared/conf-parser.c:511
(gdb) q
A debugging session is active.
Inferior 1 [process 118718] will be killed.
```
```
$ printf '[DHCPv4]\nSendOption=1:uint8' >crash
$ ./out/fuzz-network-parser ./crash
INFO: Seed: 1158717610
INFO: Loaded 2 modules (199728 inline 8-bit counters): 136668 [0x7faf3e91a930, 0x7faf3e93bf0c), 63060 [0xadf190, 0xaee7e4),
INFO: Loaded 2 PC tables (199728 PCs): 136668 [0x7faf3e93bf10,0x7faf3eb51cd0), 63060 [0xaee7e8,0xbe4d28),
./out/fuzz-network-parser: Running 1 inputs 1 time(s) each.
Running: ./crash
Assertion 's' failed at src/basic/parse-util.c:458, function int safe_atou8(const char *, uint8_t *)(). Aborting.
==5588== ERROR: libFuzzer: deadly signal
#0 0x51811e in __sanitizer_print_stack_trace (/home/vagrant/systemd/out/fuzz-network-parser+0x51811e)
#1 0x46b921 in fuzzer::PrintStackTrace() (/home/vagrant/systemd/out/fuzz-network-parser+0x46b921)
#2 0x44ded6 in fuzzer::Fuzzer::CrashCallback() (.part.0) (/home/vagrant/systemd/out/fuzz-network-parser+0x44ded6)
#3 0x44df9d in fuzzer::Fuzzer::StaticCrashSignalCallback() (/home/vagrant/systemd/out/fuzz-network-parser+0x44df9d)
#4 0x7faf3d6d7b1f (/lib64/libpthread.so.0+0x14b1f)
#5 0x7faf3d3c2624 in raise (/lib64/libc.so.6+0x3c624)
#6 0x7faf3d3ab8d8 in abort (/lib64/libc.so.6+0x258d8)
#7 0x7faf3e12593a in log_assert_failed_realm /home/vagrant/systemd/build/../src/basic/log.c:819:9
systemd#8 0x7faf3e140ce1 in safe_atou8 /home/vagrant/systemd/build/../src/basic/parse-util.c:458:9
systemd#9 0x68089c in config_parse_dhcp_send_option /home/vagrant/systemd/build/../src/network/networkd-dhcp-common.c:517:21
systemd#10 0x7faf3debed4e in next_assignment /home/vagrant/systemd/build/../src/shared/conf-parser.c:132:32
systemd#11 0x7faf3deb7783 in parse_line /home/vagrant/systemd/build/../src/shared/conf-parser.c:270:16
systemd#12 0x7faf3deb606c in config_parse /home/vagrant/systemd/build/../src/shared/conf-parser.c:395:21
systemd#13 0x7faf3deb85ee in config_parse_many_files /home/vagrant/systemd/build/../src/shared/conf-parser.c:452:21
systemd#14 0x7faf3deb8c57 in config_parse_many /home/vagrant/systemd/build/../src/shared/conf-parser.c:511:16
systemd#15 0x57c2eb in network_load_one /home/vagrant/systemd/build/../src/network/networkd-network.c:470:13
systemd#16 0x543490 in LLVMFuzzerTestOneInput /home/vagrant/systemd/build/../src/network/fuzz-network-parser.c:26:16
systemd#17 0x44e3e8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/systemd/out/fuzz-network-parser+0x44e3e8)
systemd#18 0x433505 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/systemd/out/fuzz-network-parser+0x433505)
systemd#19 0x43c449 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/systemd/out/fuzz-network-parser+0x43c449)
systemd#20 0x42c4a6 in main (/home/vagrant/systemd/out/fuzz-network-parser+0x42c4a6)
systemd#21 0x7faf3d3ad1a2 in __libc_start_main (/lib64/libc.so.6+0x271a2)
systemd#22 0x42c4fd in _start (/home/vagrant/systemd/out/fuzz-network-parser+0x42c4fd)
NOTE: libFuzzer has rudimentary signal handlers.
Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
```
(cherry picked from commit 1eb7342)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Nov 17, 2021
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Nov 17, 2021
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Nov 18, 2021
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Nov 18, 2021
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Nov 19, 2021
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Nov 22, 2021
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
daandemeyer
added a commit
to daandemeyer/systemd
that referenced
this pull request
Nov 24, 2021
clang 10 UBSAN triggers false positives when using GCC zero sized
arrays in unions. To avoid these false positives, let's use clang 11
in CI when running with sanitizers.
Example stacktrace of false positive:
../src/libsystemd/sd-journal/journal-file.c:2270:60: runtime error: index 773 out of bounds for type 'le64_t [0]'
\#0 0x7f7b53807463 in journal_file_entry_array_item /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2270:60
\#1 0x7f7b53812090 in generic_array_get /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:2982:29
\#2 0x7f7b53813028 in generic_array_get_plus_one /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3037:16
\#3 0x7f7b53812a13 in journal_file_next_entry_for_data /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/journal-file.c:3713:21
\#4 0x7f7b5387d7a3 in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c
\#5 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#6 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#7 0x7f7b5387d18e in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:653:29
\#8 0x7f7b5387d3fe in find_location_for_match /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:691:29
\#9 0x7f7b5387a3b2 in find_location_with_matches /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:736:24
\systemd#10 0x7f7b5387947f in next_beyond_location /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:798:21
\systemd#11 0x7f7b53863005 in real_journal_next /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:854:21
\systemd#12 0x7f7b538634da in sd_journal_previous /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/sd-journal.c:897:16
\systemd#13 0x4bc39c in main /home/runner/work/systemd/systemd/build/../src/libsystemd/sd-journal/test-journal-enum.c:23:9
\systemd#14 0x7f7b529be0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\systemd#15 0x41b32d in _start (/home/runner/work/systemd/systemd/build/test-journal-enum+0x41b32d)
ghost
mentioned this pull request
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
From: [email protected]
Hi,
This is the revised version, split up into a series of changes. The first separates
evdev property evaluation from decision taking and udev property application. The
second adds INPUT_PROP_DIRECT and MT axis to detect touch screens. The final one
adds a check for overlapping axis ranges.
regards
Andreas Pokorny
Andreas Pokorny (3):
udev: input_id - refactor device detection
udev: input_id - use direct property and mt axis for touch screen
detection
udev: input_id - use ABS_MT_SLOT{-1} to exclude non touch screen
devices
src/udev/udev-builtin-input_id.c | 141 ++++++++++++++++++++++-----------------
1 file changed, 79 insertions(+), 62 deletions(-)