Skip to content

build(deps): bump meson from 0.63.0 to 0.63.3 in /.github/workflows #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

build(deps): bump meson from 0.63.0 to 0.63.3 in /.github/workflows #8

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Nov 1, 2022

Bumps meson from 0.63.0 to 0.63.3.

Commits
  • 6b7fc8d Bump versions to 0.63.3 for release
  • 6a39ef1 Only use Debian path fixing on old distros.
  • e168c3d Add stable regression test
  • 20bbe1b Fix install_subdirs not showing up in intro-install_plan.json
  • 66d94e7 ci: Fix llvm detection on macOS CI
  • a58315a Fix mypy lint
  • 23c8a09 introspection: untangle install_plan implemetation, fix a bunch of wrong ones
  • 89fa141 interpreter: add a special class to track the lifecycle of get_option() strings
  • ba19e64 wrap: If the directory exists in a sub-subproject, uses it inplace
  • e7a83d5 wrap: Small simplification
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump meson from 0.63.0 to 0.63.3 in /.github/workflows
55121bd 
Bumps [meson](https://github.com/mesonbuild/meson) from 0.63.0 to 0.63.3.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](mesonbuild/meson@0.63.0...0.63.3)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Nov 1, 2022
@dependabot dependabot bot mentioned this pull request Nov 1, 2022
Closed
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Dec 1, 2022

Superseded by #12.

@dependabot dependabot bot closed this Dec 1, 2022
@dependabot dependabot bot deleted the dependabot/pip/dot-github/workflows/meson-0.63.3 branch December 1, 2022 04:02
mikhailnov pushed a commit that referenced this pull request Jul 5, 2023
@mrc0mmand
json: correctly handle magic strings when parsing variant strv
909eb4c 
We can't dereference the variant object directly, as it might be
a magic object (which has an address on a faulting page); use
json_variant_is_sensitive() instead that handles this case.

For example, with an empty array:

==1547789==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000023 (pc 0x7fd616ca9a18 bp 0x7ffcba1dc7c0 sp 0x7ffcba1dc6d0 T0)
==1547789==The signal is caused by a READ memory access.
==1547789==Hint: address points to the zero page.
SCARINESS: 10 (null-deref)
    #0 0x7fd616ca9a18 in json_variant_strv ../src/shared/json.c:2190
    #1 0x408332 in oci_args ../src/nspawn/nspawn-oci.c:173
    #2 0x7fd616cc09ce in json_dispatch ../src/shared/json.c:4400
    #3 0x40addf in oci_process ../src/nspawn/nspawn-oci.c:428
    #4 0x7fd616cc09ce in json_dispatch ../src/shared/json.c:4400
    #5 0x41fef5 in oci_load ../src/nspawn/nspawn-oci.c:2187
    #6 0x4061e4 in LLVMFuzzerTestOneInput ../src/nspawn/fuzz-nspawn-oci.c:23
    #7 0x40691c in main ../src/fuzz/fuzz-main.c:50
    #8 0x7fd61564a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
    #9 0x7fd61564a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8)
    #10 0x405da4 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/fuzz-nspawn-oci+0x405da4)

DEDUP_TOKEN: json_variant_strv--oci_args--json_dispatch
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ../src/shared/json.c:2190 in json_variant_strv
==1547789==ABORTING

Or with an empty string in an array:

../src/shared/json.c:2202:39: runtime error: member access within misaligned address 0x000000000007 for type 'struct JsonVariant', which requires 8 byte alignment
0x000000000007: note: pointer points here
<memory cannot be printed>
    #0 0x7f35f4ca9bcf in json_variant_strv ../src/shared/json.c:2202
    #1 0x408332 in oci_args ../src/nspawn/nspawn-oci.c:173
    #2 0x7f35f4cc09ce in json_dispatch ../src/shared/json.c:4400
    #3 0x40addf in oci_process ../src/nspawn/nspawn-oci.c:428
    #4 0x7f35f4cc09ce in json_dispatch ../src/shared/json.c:4400
    #5 0x41fef5 in oci_load ../src/nspawn/nspawn-oci.c:2187
    #6 0x4061e4 in LLVMFuzzerTestOneInput ../src/nspawn/fuzz-nspawn-oci.c:23
    #7 0x40691c in main ../src/fuzz/fuzz-main.c:50
    #8 0x7f35f364a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
    #9 0x7f35f364a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8)
    #10 0x405da4 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/fuzz-nspawn-oci+0x405da4)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/shared/json.c:2202:39 in

Note: this happens only if json_variant_copy() in json_variant_set_source() fails.

Found by Nallocfuzz.
mikhailnov pushed a commit that referenced this pull request Jul 5, 2023
@mrc0mmand
sd-journal: avoid double-free
ac874b8 
If we fail to combine the new entry with a previous one, or update it in
the hashmap, we might later on attempt a double-free:

=================================================================
==10==ERROR: AddressSanitizer: attempting double-free on 0x611000039fc0 in thread T0:
SCARINESS: 42 (double-free)
    #0 0x4a0962 in __interceptor_free /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3
    #1 0x7f55e431d9f2 in _hashmap_clear /work/build/../../src/systemd/src/basic/hashmap.c:927:33
    #2 0x7f55e431d4c8 in _hashmap_free /work/build/../../src/systemd/src/basic/hashmap.c:896:17
    #3 0x4de1de in ordered_hashmap_free_free_free /work/build/../../src/systemd/src/basic/hashmap.h:120:24
    #4 0x4de1de in ordered_hashmap_free_free_freep /work/build/../../src/systemd/src/basic/hashmap.h:434:1
    #5 0x4de1de in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-catalog.c:26:1
    #6 0x4de8b8 in NaloFuzzerTestOneInput (/build/fuzz-catalog+0x4de8b8)
    #7 0x4fd8c3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #8 0x4fd0aa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #9 0x4fe779 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    #10 0x4ff445 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    #11 0x4ee7af in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #12 0x4ef078 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10
    #13 0x4deb35 in main (/build/fuzz-catalog+0x4deb35)
    #14 0x7f55e3a32082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #15 0x41f7cd in _start (/build/fuzz-catalog+0x41f7cd)

DEDUP_TOKEN: __interceptor_free--_hashmap_clear--_hashmap_free
0x611000039fc0 is located 0 bytes inside of 224-byte region [0x611000039fc0,0x61100003a0a0)
freed by thread T0 here:
    #0 0x4a0962 in __interceptor_free /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3
    #1 0x7f55e451493d in freep /work/build/../../src/systemd/src/basic/alloc-util.h:107:22
    #2 0x7f55e451493d in finish_item /work/build/../../src/systemd/src/libsystemd/sd-journal/catalog.c:187:1
    #3 0x7f55e4513e56 in catalog_import_file /work/build/../../src/systemd/src/libsystemd/sd-journal/catalog.c:313:45
    #4 0x4de1be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-catalog.c:23:16
    #5 0x4de8b8 in NaloFuzzerTestOneInput (/build/fuzz-catalog+0x4de8b8)
    #6 0x4fd8c3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #7 0x4fd0aa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #8 0x4fe779 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    #9 0x4ff445 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    #10 0x4ee7af in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #11 0x4ef078 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10
    #12 0x4deb35 in main (/build/fuzz-catalog+0x4deb35)
    #13 0x7f55e3a32082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)

DEDUP_TOKEN: __interceptor_free--freep--finish_item
previously allocated by thread T0 here:
    #0 0x4a0c06 in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x4de539 in malloc (/build/fuzz-catalog+0x4de539)
    #2 0x7f55e42bf96b in memdup /work/build/../../src/systemd/src/basic/alloc-util.c:16:15
    #3 0x7f55e451475d in finish_item /work/build/../../src/systemd/src/libsystemd/sd-journal/catalog.c:176:28
    #4 0x7f55e4513e56 in catalog_import_file /work/build/../../src/systemd/src/libsystemd/sd-journal/catalog.c:313:45
    #5 0x4de1be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-catalog.c:23:16
    #6 0x4de8b8 in NaloFuzzerTestOneInput (/build/fuzz-catalog+0x4de8b8)
    #7 0x4fd8c3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #8 0x4fd0aa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #9 0x4fe779 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    #10 0x4ff445 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    #11 0x4ee7af in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #12 0x4ef078 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10
    #13 0x4deb35 in main (/build/fuzz-catalog+0x4deb35)
    #14 0x7f55e3a32082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)

DEDUP_TOKEN: __interceptor_malloc--malloc--memdup
SUMMARY: AddressSanitizer: double-free /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3 in __interceptor_free

Found by Nallocfuzz.
mikhailnov pushed a commit that referenced this pull request Jul 5, 2023
@mrc0mmand
resolve: avoid memory leak from a partially processed RR
b453ebf 
==5==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 4096 byte(s) in 1 object(s) allocated from:
    #0 0x4a2056 in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x5180a9 in malloc (/build/fuzz-resource-record+0x5180a9)
    #2 0x4f7182 in dns_packet_extend /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:371:36
    #3 0x4f8b8b in dns_packet_append_uint8 /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:433:13
    #4 0x4f8b8b in dns_packet_append_name /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:597:13
    #5 0x4f8f16 in dns_packet_append_key /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:622:13
    #6 0x4fa9a0 in dns_packet_append_rr /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:883:13
    #7 0x4eb00c in dns_resource_record_to_wire_format /work/build/../../src/systemd/src/resolve/resolved-dns-rr.c:1224:13
    #8 0x4df7be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/resolve/fuzz-resource-record.c:32:16
    #9 0x518428 in NaloFuzzerTestOneInput (/build/fuzz-resource-record+0x518428)
    #10 0x537433 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #11 0x536c1a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #12 0x5382e9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    #13 0x538fb5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    #14 0x52831f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #15 0x528be8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10
    #16 0x5186a5 in main (/build/fuzz-resource-record+0x5186a5)
    #17 0x7f991fab8082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)

DEDUP_TOKEN: __interceptor_malloc--malloc--dns_packet_extend
SUMMARY: AddressSanitizer: 4096 byte(s) leaked in 1 allocation(s).

Found by Nallocfuzz.
mikhailnov pushed a commit that referenced this pull request Jul 5, 2023
@mrc0mmand
specifier: avoid leaking memory on allocation error
6c13a39 
==8036==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4a10bc in __interceptor_realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:85:3
    #1 0x4deef1 in realloc (/build/fuzz-unit-file+0x4deef1)
    #2 0x7ffa35abfe23 in greedy_realloc /work/build/../../src/systemd/src/basic/alloc-util.c:70:13
    #3 0x7ffa35aefad2 in parse_env_file_internal /work/build/../../src/systemd/src/basic/env-file.c:127:38
    #4 0x7ffa35af08a6 in parse_env_file_fdv /work/build/../../src/systemd/src/basic/env-file.c:374:13
    #5 0x7ffa35b6391e in parse_extension_release_atv /work/build/../../src/systemd/src/basic/os-util.c:323:16
    #6 0x7ffa35b63c8a in parse_extension_release_sentinel /work/build/../../src/systemd/src/basic/os-util.c:360:13
    #7 0x7ffa35a5e3f5 in parse_os_release_specifier /work/build/../../src/systemd/src/shared/specifier.c:292:13
    #8 0x7ffa35a5e3f5 in specifier_os_id /work/build/../../src/systemd/src/shared/specifier.c:303:16
    #9 0x7ffa35a5c7f5 in specifier_printf /work/build/../../src/systemd/src/shared/specifier.c:70:45
    #10 0x7ffa3690b279 in unit_full_printf_full /work/build/../../src/systemd/src/core/unit-printf.c:264:16
    #11 0x7ffa367de795 in config_parse_bus_name /work/build/../../src/systemd/src/core/load-fragment.c:2401:13
    #12 0x7ffa358fe5ec in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:151:24
    #13 0x7ffa358fe5ec in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:257:16
    #14 0x7ffa358fd653 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:400:21
    #15 0x4de828 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/core/fuzz-unit-file.c:72:16
    #16 0x4df208 in NaloFuzzerTestOneInput (/build/fuzz-unit-file+0x4df208)
    #17 0x4fe213 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #18 0x4fd9fa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    systemd#19 0x4ff0c9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    systemd#20 0x4ffd95 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    systemd#21 0x4ef0ff in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    systemd#22 0x4ef9c8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10
    systemd#23 0x4df485 in main (/build/fuzz-unit-file+0x4df485)
    systemd#24 0x7ffa35232082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)

DEDUP_TOKEN: __interceptor_realloc--realloc--greedy_realloc
SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s).

Found by Nallocfuzz.
mikhailnov pushed a commit that referenced this pull request Jul 5, 2023
@mrc0mmand
journal-remote: bump the refcount right after creating the writer object
d3d8597 
Otherwise we might hit an assertion during cleanup if the
following mmap_cache_new() call fails:

Assertion 'p->n_ref > 0' failed at src/journal-remote/journal-remote-write.c:80, function writer_unref(). Aborting.

==2069==ERROR: AddressSanitizer: ABRT on unknown address 0x000000000815 (pc 0x7f39dcd0200b bp 0x7ffe2fe24db0 sp 0x7ffe2fe24b60 T0)
SCARINESS: 10 (signal)
    #0 0x7f39dcd0200b in raise (/lib/x86_64-linux-gnu/libc.so.6+0x4300b) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #1 0x7f39dcce1858 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x22858) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #2 0x7f39dd747e49 in log_assert_failed /work/build/../../src/systemd/src/basic/log.c:940:9
    #3 0x4e4431 in writer_unref /work/build/../../src/systemd/src/journal-remote/journal-remote-write.c:80:1
    #4 0x4e3fd5 in writer_unrefp /work/build/../../src/systemd/src/journal-remote/journal-remote-write.h:27:1
    #5 0x4e3fd5 in writer_new /work/build/../../src/systemd/src/journal-remote/journal-remote-write.c:56:1
    #6 0x4e04bc in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:125:21
    #7 0x4e0e0b in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:181:13
    #8 0x4e0e0b in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:233:13
    #9 0x4df99f in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/journal-remote/fuzz-journal-remote.c:54:9
    #10 0x4e8f48 in NaloFuzzerTestOneInput (/build/fuzz-journal-remote+0x4e8f48)
    #11 0x507f53 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #12 0x50773a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #13 0x508e09 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    #14 0x509ad5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    #15 0x4f8e3f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #16 0x4f9708 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10
    #17 0x4e91c5 in main (/build/fuzz-journal-remote+0x4e91c5)
    #18 0x7f39dcce3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    systemd#19 0x420bcd in _start (/build/fuzz-journal-remote+0x420bcd)

DEDUP_TOKEN: raise--abort--log_assert_failed
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x4300b) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) in raise

Found by Nallocufzz.
mikhailnov pushed a commit that referenced this pull request Jul 5, 2023
@mrc0mmand
sd-network: avoid leaking DHCPLease
aca607d 
If we fail any allocation prior adding the lease to the server lease
hashmap.

==2103==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 128 byte(s) in 2 object(s) allocated from:
    #0 0x4a203e in __interceptor_calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:77:3
    #1 0x4f6341 in calloc (/build/fuzz-dhcp-server+0x4f6341)
    #2 0x4ec818 in add_lease /work/build/../../src/systemd/src/libsystemd-network/fuzz-dhcp-server.c:26:9
    #3 0x4ec2bf in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/libsystemd-network/fuzz-dhcp-server.c:75:9
    #4 0x4f68a8 in NaloFuzzerTestOneInput (/build/fuzz-dhcp-server+0x4f68a8)
    #5 0x5158b3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #6 0x51509a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #7 0x516769 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    #8 0x517435 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    #9 0x50679f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #10 0x507068 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10
    #11 0x4f6b25 in main (/build/fuzz-dhcp-server+0x4f6b25)
    #12 0x7f16084e3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)

DEDUP_TOKEN: __interceptor_calloc--calloc--add_lease
SUMMARY: AddressSanitizer: 128 byte(s) leaked in 2 allocation(s).

Found by Nallocufzz.
mikhailnov pushed a commit that referenced this pull request Jul 5, 2023
@mrc0mmand
socket: avoid memory leak on incomplete SocketPort object
f8b21a0 
==1==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 17 byte(s) in 1 object(s) allocated from:
    #0 0x7fc096c7243b in strdup (/lib64/libasan.so.8+0x7243b)
    #1 0x7fc095db3899 in bus_socket_set_transient_property ../src/core/dbus-socket.c:386
    #2 0x7fc095db5140 in bus_socket_set_property ../src/core/dbus-socket.c:460
    #3 0x7fc095dd20f1 in bus_unit_set_properties ../src/core/dbus-unit.c:2473
    #4 0x7fc095d87d53 in transient_unit_from_message ../src/core/dbus-manager.c:1025
    #5 0x7fc095d8872f in method_start_transient_unit ../src/core/dbus-manager.c:1112
    #6 0x7fc0944ddf4f in method_callbacks_run ../src/libsystemd/sd-bus/bus-objects.c:406
    #7 0x7fc0944e7854 in object_find_and_run ../src/libsystemd/sd-bus/bus-objects.c:1319
    #8 0x7fc0944e8f03 in bus_process_object ../src/libsystemd/sd-bus/bus-objects.c:1439
    #9 0x7fc09454ad78 in process_message ../src/libsystemd/sd-bus/sd-bus.c:3011
    #10 0x7fc09454b302 in process_running ../src/libsystemd/sd-bus/sd-bus.c:3053
    #11 0x7fc09454e158 in bus_process_internal ../src/libsystemd/sd-bus/sd-bus.c:3273
    #12 0x7fc09454e2f2 in sd_bus_process ../src/libsystemd/sd-bus/sd-bus.c:3300
    #13 0x7fc094551a59 in io_callback ../src/libsystemd/sd-bus/sd-bus.c:3642
    #14 0x7fc094727830 in source_dispatch ../src/libsystemd/sd-event/sd-event.c:4187
    #15 0x7fc094731009 in sd_event_dispatch ../src/libsystemd/sd-event/sd-event.c:4808
    #16 0x7fc094732124 in sd_event_run ../src/libsystemd/sd-event/sd-event.c:4869
    #17 0x7fc095f7af9f in manager_loop ../src/core/manager.c:3242
    #18 0x41cc7c in invoke_main_loop ../src/core/main.c:1937
    systemd#19 0x4252e0 in main ../src/core/main.c:3072
    systemd#20 0x7fc092a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

SUMMARY: AddressSanitizer: 17 byte(s) leaked in 1 allocation(s).
mikhailnov pushed a commit that referenced this pull request Jul 5, 2023
@mrc0mmand
test: sync with the fake binary before killing it
1326d2d 
On faster machines we might be too fast and kill the fake binary during
fork() which then makes kernel report a "wrong" binary in the coredump,
e.g.:

[   31.408078] testsuite-74.sh[548]: + /tmp/make-dump /tmp/test-dump SIGTRAP
[   31.409720] testsuite-74.sh[560]: + bin=/tmp/test-dump
[   31.409720] testsuite-74.sh[560]: + sig=SIGTRAP
[   31.409720] testsuite-74.sh[560]: + ulimit -c unlimited
[   31.409720] testsuite-74.sh[560]: + pid=561
[   31.409720] testsuite-74.sh[560]: + sleep 1
[   31.409720] testsuite-74.sh[560]: + kill -s SIGTRAP 561
[   31.409720] testsuite-74.sh[560]: + wait 561
[   31.491757] systemd[1]: Created slice system-systemd\x2dcoredump.slice.
[   31.524488] systemd[1]: Started [email protected].
[   31.616372] systemd-coredump[564]: [🡕] Process 561 (make-dump) of user 0 dumped core.

                                      Stack trace of thread 561:
                                      #0  0x00007ff86bb49af7 _Fork (libc.so.6 + 0xd4af7)
                                      #1  0x00007ff86bb4965f __libc_fork (libc.so.6 + 0xd465f)
                                      #2  0x000055e88011b0ad make_child (bash + 0x550ad)
                                      #3  0x000055e8800fd05f n/a (bash + 0x3705f)
                                      #4  0x000055e880100116 execute_command_internal (bash + 0x3a116)
                                      #5  0x000055e8801011f2 execute_command_internal (bash + 0x3b1f2)
                                      #6  0x000055e8801025b6 execute_command (bash + 0x3c5b6)
                                      #7  0x000055e8800f134b reader_loop (bash + 0x2b34b)
                                      #8  0x000055e8800e757d main (bash + 0x2157d)
                                      #9  0x00007ff86ba98850 n/a (libc.so.6 + 0x23850)
                                      #10 0x00007ff86ba9890a __libc_start_main (libc.so.6 + 0x2390a)
                                      #11 0x000055e8800e83b5 _start (bash + 0x223b5)
                                      ELF object binary architecture: AMD x86-64
[   31.666617] testsuite-74.sh[560]: /tmp/make-dump: line 12:   561 Trace/breakpoint trap   (core dumped) "$bin" infinity
...
$ coredumpctl list --file system.journal
TIME                         PID UID GID SIG     COREFILE EXE            SIZE
Fri 2023-06-02 10:42:10 CEST 561   0   0 SIGTRAP journal  /usr/bin/bash     -
Fri 2023-06-02 10:42:11 CEST 570   0   0 SIGABRT journal  /tmp/test-dump    -
Fri 2023-06-02 10:42:12 CEST 582   0   0 SIGTRAP missing  /tmp/test-dump    -
Fri 2023-06-02 10:42:13 CEST 593   0   0 SIGABRT missing  /tmp/test-dump    -
mikhailnov pushed a commit that referenced this pull request Jul 5, 2023
@mrc0mmand
cryptsetup: avoid calling strv_find() on a NULL pointer
cdece7e 
When the header= option comes before any other type= defining one, we
trip over an assertion:

Jun 04 15:45:33 H testsuite-24.sh[752]: + systemctl start [email protected]
Jun 04 15:45:33 H systemd[1]: Starting [email protected]...
Jun 04 15:45:33 H systemd-cryptsetup[4641]: Assertion 'name' failed at src/basic/strv.c:21, function strv_find(). Aborting.
...
Jun 04 15:45:33 H systemd-coredump[4643]: Process 4641 (systemd-cryptse) of user 0 dumped core.
...
                                          Stack trace of thread 4641:
                                          #0  0x00007ff9256afe5c __pthread_kill_implementation (libc.so.6 + 0x8ce5c)
                                          #1  0x00007ff92565fa76 raise (libc.so.6 + 0x3ca76)
                                          #2  0x00007ff9256497fc abort (libc.so.6 + 0x267fc)
                                          #3  0x00007ff926076047 log_assert_failed (libsystemd-shared-253.so + 0x276047)
                                          #4  0x00007ff9260ab317 strv_find (libsystemd-shared-253.so + 0x2ab317)
                                          #5  0x0000000000405927 parse_one_option (systemd-cryptsetup + 0x5927)
                                          #6  0x0000000000407793 parse_options (systemd-cryptsetup + 0x7793)
                                          #7  0x000000000040fa0c run (systemd-cryptsetup + 0xfa0c)
                                          #8  0x000000000041137f main (systemd-cryptsetup + 0x1137f)
                                          #9  0x00007ff92564a510 __libc_start_call_main (libc.so.6 + 0x27510)
                                          #10 0x00007ff92564a5c9 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x275c9)
                                          #11 0x0000000000403915 _start (systemd-cryptsetup + 0x3915)
                                          ELF object binary architecture: AMD x86-64
mikhailnov pushed a commit that referenced this pull request Jul 5, 2023
@mrc0mmand
test: test transactions with cycles
0651e71 
Provides coverage for systemd#26872.

With systemd#26875 reverted:

[16444.287652] testsuite-03.sh[71]: + for i in {0..19}
[16444.287652] testsuite-03.sh[71]: + systemctl start transaction-cycle0.service
[16444.359503] systemd[1]: =================================================================
[16444.360321] systemd[1]: ==1==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6180002e578e at pc 0x7f73b25ec7a6 bp 0x7ffc5531c6f0 sp 0x7ffc5531be68
[16444.360798] systemd[1]:
[16444.361044] systemd[1]: READ of size 783 at 0x6180002e578e thread T0 (systemd)
[16444.391684] systemd[1]:     #0 0x7f73b25ec7a5  (/lib64/libasan.so.5+0x557a5)
[16444.392167] systemd[1]:     #1 0x7f73b260a1d5 in __interceptor_vasprintf (/lib64/libasan.so.5+0x731d5)
[16444.392442] systemd[1]:     #2 0x7f73afa1d1e1 in log_format_iovec ../src/basic/log.c:996
[16444.392750] systemd[1]:     #3 0x7f73afa1e7b6 in log_struct_internal ../src/basic/log.c:1058
[16444.393101] systemd[1]:     #4 0x7f73b1979136 in transaction_verify_order_one ../src/core/transaction.c:392
[16444.393540] systemd[1]:     #5 0x7f73b197ac82 in transaction_verify_order_one ../src/core/transaction.c:463
[16444.393946] systemd[1]:     #6 0x7f73b197ac82 in transaction_verify_order_one ../src/core/transaction.c:463
[16444.394262] systemd[1]:     #7 0x7f73b197ac82 in transaction_verify_order_one ../src/core/transaction.c:463
[16444.394532] systemd[1]:     #8 0x7f73b197ac82 in transaction_verify_order_one ../src/core/transaction.c:463
[16444.394812] systemd[1]:     #9 0x7f73b197ac82 in transaction_verify_order_one ../src/core/transaction.c:463
...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant