You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Benjamin Bannier (JIRA)" <ji...@apache.org> on 2017/02/18 09:22:44 UTC

[jira] [Created] (MESOS-7143) ABORT checks its preconditions incorrectly and incompletely

Benjamin Bannier created MESOS-7143:
---------------------------------------

             Summary: ABORT checks its preconditions incorrectly and incompletely
                 Key: MESOS-7143
                 URL: https://issues.apache.org/jira/browse/MESOS-7143
             Project: Mesos
          Issue Type: Bug
          Components: stout
    Affects Versions: 0.23.0
            Reporter: Benjamin Bannier
            Priority: Minor


Currently, stout's {{ABORT}} (which is mapped to {{_Abort}}) checks it precondition incompletely and incorrectly.

Its current control flow is roughly
{code}
void _Abort(const char* prefix, const char* message)
{
  size_t prefix_len = strlen(prefix);
  size_t message_len = strlen(message);
  
  // Async-safe write.
   while(::write(2, prefix, prefix_len) == -1 && errno == EINTR);
   while(message != nullptr &&
         ::write(2, message, message_len) == -1 && errno == EINTR);
}
{code}

We here check the precondition {{message != nullptr}} after we already have called {{strlen(message)}}; calling {{strlen}} on a {{nullptr}} already triggers undefined behavior.

Similarly, we never guard against a {{prefix}} which is {{nullptr}}, but unconditionally call {{strlen}} on it.

It seems it should be possible to assert that neither {{prefix}} nor {{message}} are {{nullptr}} before any use.

This was diagnosed by coverity as CID-1400833, and has been present in all releases since 0.23.0.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)