drakenclimber / libcgroup / 23767314410 / 3
56%
main: 56%

DEFAULT BRANCH: main
Ran
Files 37
Run time 2s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 11.074% (-0.04%) from 11.111%
23767314410.3

push

github

drakenclimber 
config: pass NULL when probing systemd default cgroup

ASan reported following global-buffer-overflow:

READ of size 1 at 0x7f50dc6b3e9f thread T0
    #0 0x... in cg_concat_path <src>/src/api.c:1769
    #1 0x... in cg_build_path_locked <src>/src/api.c:1889
    #2 0x... in cg_build_path <src>/src/api.c:1910
    #3 0x.. in systemd_default_cgroup_exists <src>/src/config.c:2258
    #4 0x.. in cgroup_set_default_systemd_cgroup <src>/src/config.c:2306
    #5 0x... in main <src>/src/tools/cgdelete.c:193
    #6 0x... in __libc_start_call_main (/lib64/libc.so.6+0x2a60f)
    #7 0x... in __libc_start_main_alias_2 (/lib64/libc.so.6+0x2a6bf)
    #8 0x... in _start (/usr/local/bin/cgdelete+0x402384)

0x... sits one byte to the left of the empty string literal '.LC3' that
systemd_default_cgroup_exists() handed to cg_build_path(). Passing an
empty suffix made cg_concat_path() evaluate suf[-1] while it decided
whether to append a trailing slash, triggering the ASan
global-buffer-overflow.

Fix by passing NULL, instead of "" (empty string) so cg_build_path()
skips the suffix concatenation entirely. The resulting canonical paths
are unchanged, but cgdelete (and any other caller) now runs without
trampling the adjacent literal.

Fixes: https://github.com/libcgroup/libcgroup/issues/526
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>

1123 of 10141 relevant lines covered (11.07%)

1.72 hits per line

Source Files on job Unit Tests - 23767314410.3