commit: 0b155f03b72357ffd668e5618a40ff64ec1611d3
[log]
author: David Benjamin <davidben@google.com>
Thu Dec 19 15:48:19 2024 -0500
committer: David Benjamin <davidben@google.com>
Mon Jan 06 09:01:40 2025 -0800
tree: eccd9d174639356071d05948032fbbdec0e8ed02
parent: 253bbd473ca02f7a3127437c05310b1277172ed6 [diff]

Fix invalid bounds check in ScatteredStreamWriter::ReserveBytes

This wasn't the original instance of the problem, but was another one
caught by -fsanitize=pointer-overflow. In generate, ptr + size is only
valid if the result would say within the array that ptr points to, so
this kind of ptr + size > end bounds check is never valid. It must
always be written as size > end - ptr, though then you need to deal with
end - ptr being a signed value.

[ RUN      ] MessageTest.MessageHandle
../../third_party/perfetto/src/protozero/scattered_stream_writer.cc:69:18: runtime error: applying non-zero offset 4 to null pointer
    #0 0x6039411e8baf in protozero::ScatteredStreamWriter::ReserveBytes(unsigned long) third_party/perfetto/src/protozero/scattered_stream_writer.cc:69:18
    #1 0x603940bd8473 in protozero::(anonymous namespace)::MessageTest::NewMessageWithSizeField() third_party/perfetto/src/protozero/message_unittest.cc:102:25
    #2 0x603940bd6bc9 in protozero::(anonymous namespace)::MessageTest_MessageHandle_Test::TestBody() third_party/perfetto/src/protozero/message_unittest.cc:353:27
    #3 0x60394164c82e in testing::Test::Run() third_party/googletest/src/googletest/src/gtest.cc:2728:5
    #4 0x60394164e270 in testing::TestInfo::Run() third_party/googletest/src/googletest/src/gtest.cc:2874:11
    #5 0x60394165082b in testing::TestSuite::Run() third_party/googletest/src/googletest/src/gtest.cc:3052:30
    #6 0x603941667ce8 in testing::internal::UnitTestImpl::RunAllTests() third_party/googletest/src/googletest/src/gtest.cc:5982:44
    #7 0x603941666be7 in testing::UnitTest::Run() third_party/googletest/src/googletest/src/gtest.cc:5561:10
    #8 0x6039423d36aa in base::TestSuite::Run() base/test/test_suite.cc:420:16
    #9 0x6039423ea1f3 in base::OnceCallback<int ()>::Run() && base/functional/callback.h:156:12
    #10 0x6039423e8a9f in RunTestSuite base/test/launcher/unit_test_launcher.cc:187:38
    #11 0x6039423e8a9f in base::(anonymous namespace)::LaunchUnitTestsInternal(base::OnceCallback<int ()>, unsigned long, int, unsigned long, bool, base::RepeatingCallback<void ()>, base::OnceCallback<void ()>) base/test/launcher/unit_test_launcher.cc:267:10
    #12 0x6039423e86af in base::LaunchUnitTests(int, char**, base::OnceCallback<int ()>, unsigned long) base/test/launcher/unit_test_launcher.cc:332:10
    #13 0x6039423d330c in main base/test/run_all_unittests.cc:79:10
    #14 0x7c3b8de29d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #15 0x7c3b8de29e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #16 0x603940994109 in _start (/b/s/w/ir/out/6034-linux_chromium_/perfetto_unittests+0x23c4109) (BuildId: e58a1993916b9841)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../third_party/perfetto/src/protozero/scattered_stream_writer.cc:69:18

Bug: 384391188
Change-Id: I5a3d8a1e74885571f281bb2fb1b9cc9b5374da66

src/protozero/scattered_stream_writer.cc[diff]

1 file changed

tree: eccd9d174639356071d05948032fbbdec0e8ed02

README.md

Perfetto - System profiling, app tracing and trace analysis

Perfetto is a production-grade open-source stack for performance instrumentation and trace analysis. It offers services and libraries and for recording system-level and app-level traces, native + java heap profiling, a library for analyzing traces using SQL and a web-based UI to visualize and explore multi-GB traces.

See https://perfetto.dev/docs or the /docs/ directory for documentation.