Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-7143

ABORT checks its preconditions incorrectly and incompletely

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 0.23.0
    • Fix Version/s: None
    • Component/s: stout
    • Story Points:
      1

      Description

      Currently, stout's ABORT (which is mapped to _Abort) checks it precondition incompletely and incorrectly.

      Its current control flow is roughly

      void _Abort(const char* prefix, const char* message)
      {
        size_t prefix_len = strlen(prefix);
        size_t message_len = strlen(message);
        
        // Async-safe write.
         while(::write(2, prefix, prefix_len) == -1 && errno == EINTR);
         while(message != nullptr &&
               ::write(2, message, message_len) == -1 && errno == EINTR);
      }
      

      We here check the precondition message != nullptr after we already have called strlen(message); calling strlen on a nullptr already triggers undefined behavior.

      Similarly, we never guard against a prefix which is nullptr, but unconditionally call strlen on it.

      It seems it should be possible to assert that neither prefix nor message are nullptr before any use.

      This was diagnosed by coverity as CID-1400833, and has been present in all releases since 0.23.0.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              bbannier Benjamin Bannier
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: