From 0362d6b374e4b10e324e09e750b88d6c6bc834d1 Mon Sep 17 00:00:00 2001
From: Craig Tiller <ctiller@google.com>
Date: Thu, 13 Apr 2017 07:59:08 -0700
Subject: [PATCH] ubsan fixes
---
src/core/ext/census/context.c | 2 +-
src/core/ext/census/resource.c | 4 +++-
src/core/lib/channel/http_client_filter.c | 6 ++++--
test/core/end2end/fuzzers/api_fuzzer.c | 2 +-
test/core/support/spinlock_test.c | 2 +-
5 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/src/core/ext/census/context.c b/src/core/ext/census/context.c
index 0dfc4ecbf1..4195cb1c9b 100644
--- a/src/core/ext/census/context.c
+++ b/src/core/ext/census/context.c
@@ -200,7 +200,7 @@ static bool tag_set_add_tag(struct tag_set *tags, const census_tag *tag,
// allocate new memory if needed
tags->kvm_size += 2 * CENSUS_MAX_TAG_KV_LEN + TAG_HEADER_SIZE;
char *new_kvm = gpr_malloc(tags->kvm_size);
- memcpy(new_kvm, tags->kvm, tags->kvm_used);
+ if (tags->kvm_used > 0) memcpy(new_kvm, tags->kvm, tags->kvm_used);
gpr_free(tags->kvm);
tags->kvm = new_kvm;
}
diff --git a/src/core/ext/census/resource.c b/src/core/ext/census/resource.c
index ed44f004f9..26ea1a8672 100644
--- a/src/core/ext/census/resource.c
+++ b/src/core/ext/census/resource.c
@@ -223,7 +223,9 @@ size_t allocate_resource(void) {
if (n_resources == n_defined_resources) {
size_t new_n_resources = n_resources ? n_resources * 2 : 2;
resource **new_resources = gpr_malloc(new_n_resources * sizeof(resource *));
- memcpy(new_resources, resources, n_resources * sizeof(resource *));
+ if (n_resources != 0) {
+ memcpy(new_resources, resources, n_resources * sizeof(resource *));
+ }
memset(new_resources + n_resources, 0,
(new_n_resources - n_resources) * sizeof(resource *));
gpr_free(resources);
diff --git a/src/core/lib/channel/http_client_filter.c b/src/core/lib/channel/http_client_filter.c
index 4e47c5c658..255f5388aa 100644
--- a/src/core/lib/channel/http_client_filter.c
+++ b/src/core/lib/channel/http_client_filter.c
@@ -222,8 +222,10 @@ static void continue_send_message(grpc_exec_ctx *exec_ctx,
while (grpc_byte_stream_next(
exec_ctx, calld->send_op->payload->send_message.send_message,
&calld->incoming_slice, ~(size_t)0, &calld->got_slice)) {
- memcpy(wrptr, GRPC_SLICE_START_PTR(calld->incoming_slice),
- GRPC_SLICE_LENGTH(calld->incoming_slice));
+ if (GRPC_SLICE_LENGTH(calld->incoming_slice) > 0) {
+ memcpy(wrptr, GRPC_SLICE_START_PTR(calld->incoming_slice),
+ GRPC_SLICE_LENGTH(calld->incoming_slice));
+ }
wrptr += GRPC_SLICE_LENGTH(calld->incoming_slice);
grpc_slice_buffer_add(&calld->slices, calld->incoming_slice);
if (calld->send_length == calld->slices.length) {
diff --git a/test/core/end2end/fuzzers/api_fuzzer.c b/test/core/end2end/fuzzers/api_fuzzer.c
index a0acf5bf60..0ec5a23d5d 100644
--- a/test/core/end2end/fuzzers/api_fuzzer.c
+++ b/test/core/end2end/fuzzers/api_fuzzer.c
@@ -967,7 +967,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
break;
}
grpc_op *ops = gpr_malloc(sizeof(grpc_op) * num_ops);
- memset(ops, 0, sizeof(grpc_op) * num_ops);
+ if (num_ops > 0) memset(ops, 0, sizeof(grpc_op) * num_ops);
bool ok = true;
size_t i;
grpc_op *op;
diff --git a/test/core/support/spinlock_test.c b/test/core/support/spinlock_test.c
index c70e76c7ea..96055e9bd7 100644
--- a/test/core/support/spinlock_test.c
+++ b/test/core/support/spinlock_test.c
@@ -109,7 +109,7 @@ static void test(const char *name, void (*body)(void *m), int timeout_s,
start, gpr_time_from_micros((int64_t)timeout_s * 1000000, GPR_TIMESPAN));
fprintf(stderr, "%s:", name);
while (gpr_time_cmp(gpr_now(GPR_CLOCK_REALTIME), deadline) < 0) {
- iterations <<= 1;
+ if (iterations < INT64_MAX / 2) iterations <<= 1;
fprintf(stderr, " %ld", (long)iterations);
m = test_new(10, iterations, incr_step);
test_create_threads(m, body);
--
GitLab