On 10/7/15 4:24 PM, Dave Chinner wrote:
> On Wed, Oct 07, 2015 at 11:33:43AM -0500, Eric Sandeen wrote:
>> The gcc undefined behavior sanitizer caught this; surely
>> any sane memcpy implementation will no-op if size == 0,
>> but behavior with a *src of NULL is technically undefined
>> (declared nonnull), so avoid it here.
>>
>> We are actually in this situation frequently via
>> xlog_commit_record(), because:
>>
>> struct xfs_log_iovec reg = {
>> .i_addr = NULL,
>> .i_len = 0,
>> .i_type = XLOG_REG_TYPE_COMMIT,
>> };
>>
>> Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxx>
>> ---
>>
>> diff --git a/fs/xfs/xfs_log.c b/fs/xfs/xfs_log.c
>> index 4012523..8897fd1 100644
>> --- a/fs/xfs/xfs_log.c
>> +++ b/fs/xfs/xfs_log.c
>> @@ -2424,7 +2424,10 @@ xlog_write(
>>
>> /* copy region */
>> ASSERT(copy_len >= 0);
>> - memcpy(ptr, reg->i_addr + copy_off, copy_len);
>> + ASSERT(reg->i_addr + copy_off > 0 || copy_len == 0);
>> + /* size == 0 is ok, but *src == NULL is undefined */
>> + if (reg->i_addr + copy_off)
>> + memcpy(ptr, reg->i_addr + copy_off, copy_len);
>> xlog_write_adv_cnt(&ptr, &len, &log_offset, copy_len);
>
> The comment doesn't explain anything about why copylen might be zero
> or reg->i_addr might be null. If copylen is zero, we should really
> skip the copy, not rely on some magic pointer arithmetic to tell us
> it's ok to copy...
>
> /*
> * Copy region.
> *
> * Unmount records just log an opheader, so can have
> * empty payloads with no data region to copy. Hence we
> only
> * copy the payload if the vector says it has data to
> copy.
> */
> ASSERT(copy_len >= 0);
> if (copy_len > 0) {
> memcpy(ptr, reg->i_addr + copy_off, copy_len);
> xlog_write_adv_cnt(&ptr, &len, &log_offset,
> copy_len);
> }
Yeah, I thought about that, why didn't I do it that way? Maybe I was thinking
about *src still being NULL, but I guess in that case we'd find out that there's
a problem very quickly.
You may as well just commit that version w/ your S-O-B and my Reported-by.
-Eric
> Cheers,
>
> Dave.
>
|