Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Runtime Error in qstrdup: Null Pointer Returned from strdup Leading to Unexpected Behavior #17171

Open
2 tasks done
lobby-manager opened this issue Oct 21, 2024 · 1 comment
Open
2 tasks done

Runtime Error in qstrdup: Null Pointer Returned from strdup Leading to Unexpected Behavior #17171

lobby-manager opened this issue Oct 21, 2024 · 1 comment
Labels
triage Needs further investigation

Comments

@lobby-manager
Copy link

Description

When running the bgpd daemon, a runtime error is observed in lib/memory.c related to a null pointer being returned from a function that is expected to always return a valid pointer.

Version

commit 382e4e933

How to reproduce

  1. Compile FRRouting with the following flag:
    export LDFLAGS="-L/root/protocols/rip/frr/libyang/build"
  2. Configure the project:
./configure \
  --prefix=/usr \
  --sysconfdir=/etc \
  --localstatedir=/var \
  --enable-dev-build \
  --enable-user=frr \
  --enable-group=frr \
  --enable-vty-group=frrvty \
  --with-pkg-git-version \
  --with-pkg-extra-version=-my-manual-build \
  --enable-backtrace \
  --enable-rpki \
  --enable-mgmtd-test-be-client \
  --enable-sharpd \
  --enable-multipath=64 \
  --enable-snmp=agentx \
  --enable-irdp \
  --enable-snmp \
  --enable-static || exit 1
  1. Compile the project:
    make -j$(nproc)
  2. Start the zebra daemon:
    frr/zebra/zebra --limit-fds 100000 -d
  3. Start bgpd:
    frr/bgpd/bgpd --limit-fds 100000 -p 179 -f /etc/bgpd.conf -i /var/run/frr/bgpd_1.pid --log stdout

Expected behavior

The qstrdup function should allocate memory for the input string using strdup and handle any errors gracefully, ensuring that mt_checkalloc only receives valid pointers.

Actual behavior

A runtime error is observed when qstrdup tries to duplicate a string:
lib/memory.c:118:63: runtime error: null pointer returned from function declared to never return null

Additional context

The issue seems to arise because qstrdup does not check if strdup returns NULL.

Checklist

  • I have searched the open issues for this bug.
  • I have not included sensitive information in this report.
@lobby-manager lobby-manager added the triage Needs further investigation label Oct 21, 2024
@eqvinox
Copy link
Contributor

eqvinox commented Oct 22, 2024

Hm.

Our header says "passing NULL not allowed, never returns non-NULL":

frr/lib/memory.h

Lines 150 to 151 in 98ec22f

extern void *qstrdup(struct memtype *mt, const char *str)
__attribute__((malloc, nonnull(1) _RET_NONNULL));

which kinda contradicts the code "if NULL is passed, return NULL":

frr/lib/memory.c

Line 118 in 98ec22f

return str ? mt_checkalloc(mt, strdup(str), strlen(str) + 1) : NULL;

but really the question is… where are we calling this with a NULL string and should this be acceptable?

(I think [but have not confirmed] removing the _RET_NONNULL would be somewhat annoying too, as it might mislead all the compiler checks into thinking we need to check XSTRDUP return values…)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage Needs further investigation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eqvinox @lobby-manager