Found by oss-fuzz, after coverage had been improved in google/oss-fuzz#11257
v2: adjust test
v3: fix for windows (_get_osfhandle() crashes when called on closed fd)
v4: fix for EVENT__DISABLE_MM_REPLACEMENT
This is the same as evbuffer_add_reference(), but allows to specify
offset in the @data
v2: rename evbuffer_add_reference_misalign() to evbuffer_add_reference_with_offset()
- -Wdeprecated-non-prototype
/src/le/libevent/strlcpy.c:48:1: warning: a function definition without a prototype is deprecated in all versions of C and is not supported in C2x [-Wdeprecated-non-prototype]
event_strlcpy_(dst, src, siz)
- -Wstrict-prototypes
/src/le/libevent/evthread.c:82:70: warning: a function declaration without a prototype is deprecated in all versions of C [-Wstrict-prototypes]
struct evthread_condition_callbacks *evthread_get_condition_callbacks()
- -Wunused-but-set-variable
/src/le/libevent/test/regress_buffer.c:130:6: warning: variable 'n' set but not used [-Wunused-but-set-variable]
int n = 0;
^
Looks like a `splice` implementation was planned, but has clearly never
eventuated (the TODO comment is from ~12 years ago, in
8b5bd77415fb6634fadf08357676926fecf5f032). For now, it's probably better
to remove the unused code/correct the docs.
UBSAN reports:
test/regress_buffer.c:2360:2: runtime error: null pointer passed as argument 1, which is declared to never be null
/usr/include/string.h:140:33: note: nonnull attribute specified here
UBSAN reports:
evbuffer/remove_buffer_with_empty3: ../buffer.c:1443:3: runtime error: null pointer passed as argument 2, which is declared to never be null
#0 0x7ffff6cd0410 in evbuffer_pullup ../buffer.c:1443
#1 0x5555556d68b9 in test_evbuffer_remove_buffer_with_empty3 ../test/regress_buffer.c:408
#2 0x5555557b95ee in testcase_run_bare_ ../test/tinytest.c:173
#3 0x5555557ba048 in testcase_run_one ../test/tinytest.c:333
#4 0x5555557bc0f8 in tinytest_main ../test/tinytest.c:527
#5 0x555555787702 in main ../test/regress_main.c:528
#6 0x7ffff606c001 in __libc_start_main (/usr/lib/libc.so.6+0x27001)
#7 0x55555569436d in _start (/src/le/libevent/.cmake-debug/bin/regress+0x14036d)
[ @azat:
- add return heredoc for evbuffer_setcb()
- add unit test with event_set_mem_functions()
- look through the report from abi-compliance-checker/abi-dumper
]
Closes: #855
Before the fix:
$ regress --no-fork evbuffer/reserve_invalid_last_with_datap
evbuffer/empty_chain_expand: [err] ../buffer.c:2138: Assertion chain == buf->first failed in evbuffer_expand_fast_
Aborted (core dumped)
This is the a shorter version of test from the #806 (with some
comments).
advance_last_with_data() adjusts evbuffer.last_with_datap, and if we
will have empty chain in the middle advance_last_with_data() will stop,
while it should not, since while empty chains is not regular thing they
can pops up in various places like, and while I did not look through all
of them the most tricky I would say is:
evbuffer_reverse_space()/evbuffer_commit_space()
evbuffer_add_reference()
Test case from:
https://github.com/envoyproxy/envoy/pull/6062Fixes: #778
v2: keep last_with_datap really last with data, i.e. update only if
chain has data in it
In case we have empty chain (chain that do not have any data, i.e. ->off
== 0) at the beginning of the buffer, and no more full chains to move to
the dst, we will skip moving of this empty chain, and hence
last_with_datap will not be adjusted, and things will be broken after.
Fix this by not relying on ->off, just count if we have something to
move that's it.
Test case from:
https://github.com/envoyproxy/envoy/pull/6062Fixes: #774
Using:
- evbuffer_add()
- evbuffer_add_buffer() -- the one that has problem
- evbuffer_add_reference() -- the only one that allows empty chains to be added
- evbuffer_remove_buffer()
The evbuffer/add* tests currenly break on 2.0.21, 2.0.22 and 2.1 HEAD
due to issue #335. The evbuffer/reference2 test breaks on 2.0.21 and
2.0.22 due to commit b18c04dd not being applied.
../test/regress_buffer.c:201:12: warning: logical not is only applied to the left hand side of this comparison [-Wlogical-not-parentheses]
tt_assert(!memcmp((char*)EVBUFFER_DATA(evb), "1/hello", 7) != 0);
These types are not part of POSIX. As we only use them in a small number
of places, we'd better replace them by C standard types. This makes a
larger part of the code build for CloudABI.
Make its state actually get seeded.
Document it more thoroughly.
Turn its state into a structure.
Fix a bug in evutil_weakrand_range_() where it could return the top of
the range.
Change its return type to ev_int32_t.
Add a quick unit test to make sure that the value of
evutil_weakrand_range_() is in range.
This change allows us to avoid perturbing the platform's random(), and
to avoid hitting locks on random() in the platform's libc.
evutil_weakrand_() is, well, weak, so we choose here an algorithm that
favors speed over a number of other possibly desirable properties.
We're using a linear congruential generator, and taking our parameters
from those shared by the OpenBSD random() implementation, and
Glibc's fastest random() implementation.
The low bits of a LCG of modulus 2^32 are (notoriously) less random
than the higher bits. So to generate a random value in a range, using
the % operator is no good; we ought to divide. We add an
evutil_weakrand_range_() function to do that.
This code also changes the interface of evutil_weakrand_() so that it
now manipulates an explicit seed, rather than having the seed in a
static variable. This change enables us to use existing locks to
achieve thread-safety, rather than having to rely on an additional lock.
(Patch by Nicholas Marriott; commit message by Nick Mathewson.)
