From f1a4f400897ce459c74021481e403283bacb98f1 Mon Sep 17 00:00:00 2001 From: Wez Furlong Date: Thu, 30 Mar 2017 23:38:50 -0700 Subject: [PATCH] avoid UB in StringKeyedCommon for default constructed StringPiece Summary: ubsan flags this problem: ``` buck-out/opt-ubsan/gen/folly/__default_headers__#header-mode-symlink-tree-with-header-map,headers/folly/experimental/StringKeyedCommon.h:31:18: runtime error: null pointer passed as argument 2, which is declared to never be null third-party-buck/gcc-4.9-glibc-2.20-fb/build/glibc/include/string.h:47:28: note: nonnull attribute specified here #0 0x5cb88f in std::pair const, facebook::eden::GitIgnore>, false, true>, bool> folly::StringKeyedUnorderedMap >, std::allocator const, facebook::eden::GitIgnore> > >::emplace(folly::Range, facebook::eden::GitIgnore&&) buck-out/opt-ubsan/gen/folly/__default_headers__#header-mode-symlink-tree-with-header-map,headers/folly/experimental/StringKeyedCommon.h:31 #1 0x5c6652 in facebook::eden::(anonymous namespace)::IgnoreChecker::isIgnored(facebook::eden::detail::RelativePathBase >) eden/fs/inodes/Dirstate.cpp:226 #2 0x5c6037 in facebook::eden::(anonymous namespace)::IgnoreChecker::isIgnored(facebook::eden::detail::RelativePathBase >) eden/fs/inodes/Dirstate.cpp:180 #3 0x5c5173 in facebook::eden::Dirstate::getStatusForExistingDirectory(facebook::eden::detail::RelativePathBase >) const eden/fs/inodes/Dirstate.cpp:372 #4 0x5c4509 in facebook::eden::Dirstate::getStatus() const eden/fs/inodes/Dirstate.cpp:272 #5 0x50a448 in verifyExpectedDirstate(facebook::eden::Dirstate const*, std::unordered_map, std::allocator, std::fbstring_core >, facebook::eden::StatusCode, std::hash, std::allocator, std::fbstring_core > >, std::equal_to, std::allocator, std::fbstring_core > >, std::allocator, std::allocator, std::fbstring_core > const, facebook::eden::StatusCode> > >&&) eden/fs/inodes/test/DirstateTest.cpp:48 #6 0x50c70c in Dirstate_addDirectoriesWithMixOfFiles_Test::TestBody() eden/fs/inodes/test/DirstateTest.cpp:220 #7 0xb45857 in void testing::internal::HandleExceptionsInMethodIfSupported(testing::Test*, void (testing::Test::*)(), char const*) /home/engshare/third-party2/gtest/1.7.0/src/gtest-1.7.0/./src/gtest.cc:2364 #8 0xb36784 in testing::Test::Run() /home/engshare/third-party2/gtest/1.7.0/src/gtest-1.7.0/./src/gtest.cc:2437 #9 0xb36957 in testing::TestInfo::Run() [clone .part.558] /home/engshare/third-party2/gtest/1.7.0/src/gtest-1.7.0/./src/gtest.cc:2612 #10 0xb36b74 in testing::TestCase::Run() [clone .part.559] /home/engshare/third-party2/gtest/1.7.0/src/gtest-1.7.0/./src/gtest.cc:2587 #11 0xb3806e in testing::internal::UnitTestImpl::RunAllTests() [clone .part.561] /home/engshare/third-party2/gtest/1.7.0/src/gtest-1.7.0/./src/gtest.cc:4571 #12 0xb382d9 in testing::UnitTest::Run() /home/engshare/third-party2/gtest/1.7.0/src/gtest-1.7.0/./src/gtest.cc:4519 #13 0x861ca7 in main third-party-buck/gcc-4.9-glibc-2.20-fb/build/gtest/include/gtest/gtest.h:2326 #14 0x7f20be0740f5 in __libc_start_main /home/engshare/third-party2/glibc/2.20/src/glibc-2.20/csu/libc-start.c:289 #15 0x4a552c in _start /home/engshare/third-party2/glibc/2.20/src/glibc-2.20/csu/../sysdeps/x86_64/start.S:122 UndefinedBehaviorSanitizer: undefined-behavior buck-out/opt-ubsan/gen/folly/__default_headers__#header-mode-symlink-tree-with-header-map,headers/folly/experimental/StringKeyedCommon.h:31:18 ``` The issue is that `StringPiece` default constructs to `{nullptr, nullptr}` as a valid representation of an empty string. This is tripping up UBSAN in this case. The fix is a trivial nullptr check Reviewed By: igorsugak Differential Revision: D4791015 fbshipit-source-id: dec7484b29ecb29c17b8dd6a9b0e8093f07d63cb --- folly/experimental/StringKeyedCommon.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/folly/experimental/StringKeyedCommon.h b/folly/experimental/StringKeyedCommon.h index c79d7b7c..e29d2c1b 100644 --- a/folly/experimental/StringKeyedCommon.h +++ b/folly/experimental/StringKeyedCommon.h @@ -28,7 +28,10 @@ StringPiece stringPieceDup(StringPiece piece, const Alloc& alloc) { auto size = piece.size(); auto keyDup = typename Alloc::template rebind::other(alloc) .allocate(size); - memcpy(keyDup, piece.data(), size * sizeof(StringPiece::value_type)); + if (size) { + memcpy( + keyDup, piece.data(), size * sizeof(typename StringPiece::value_type)); + } return StringPiece(keyDup, size); } -- 2.34.1