Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Please do not commit auto generated files #5934

Open
npoltorapavlo opened this issue Dec 11, 2024 · 0 comments
Open

Bug: Please do not commit auto generated files #5934

npoltorapavlo opened this issue Dec 11, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@npoltorapavlo
Copy link
Contributor

Problem/Opportunity

Auto generated file SystemAudioPlayer/ProxyStubs_SystemAudioPlayer.cpp is committed which led to its modifications via patches when building for RDK. In the original code, arrays SystemAudioPlayerStubMethods[] and SystemAudioPlayerNotificationStubMethods[] have trailing nullptr element. In the patch, modified arrays don't have the trailing nullptr element. Thunder framework iterates until nullptr element. Accessing an array out of bounds gives no error, but causes Undefined Behavior / SIGSEGV.
https://github.com/rdkcentral/Thunder/blob/50273c52c64c80d410b016c3e84f2a26371cafc4/Source/com/IUnknown.h#L79

        UnknownStubType()
        {
            _myHandlerCount = 0;

            while (METHODS[_myHandlerCount] != nullptr) {
                _myHandlerCount++;
            }
        }

Steps to reproduce

Build/run with ASAN.

Expected Behavior

No Undefined Behavior / SIGSEGV.

Actual Behavior

Undefined Behavior / SIGSEGV.

2024-11-29T14:03:20.999Z WPEFramework[12520]:  =================================================================
2024-11-29T14:03:20.999Z WPEFramework[12520]:  ==12520==ERROR: AddressSanitizer: global-buffer-overflow on address 0xa3b7709c at pc 0xa392b849 bp 0xbbfe5f38 sp 0xbbfe5f3c
2024-11-29T14:03:21.000Z WPEFramework[12520]:  READ of size 4 at 0xa3b7709c thread T0
2024-11-29T14:03:21.024Z WPEFramework[12520]:      #0 0xa392b846  (/usr/lib/wpeframework/plugins/libWPEFrameworkSystemAudioPlayer.so+0xbb846)
2024-11-29T14:03:21.025Z WPEFramework[12520]:      #1 0xa38e3c16  (/usr/lib/wpeframework/plugins/libWPEFrameworkSystemAudioPlayer.so+0x73c16)
2024-11-29T14:03:21.025Z WPEFramework[12520]:  0xa3b7709c is located 0 bytes to the right of global variable 'ExchangeSystemAudioPlayerStubMethods' defined in '/mnt/jenkins/workspace/SKY-LLAMA-PANEL-Yocto-Pipeline/build-sky-llama-panel/tmp/work/armv7at2hf-neon-rdk-linux-gnueabi/rdkservices/3.0+gitAUTOINC+ab38eb4c76-r1/git/SystemAudioPlayer/ProxyStubs_SystemAudioPlayer.cpp:46:30' (0xa3b77060) of size 60
2024-11-29T14:03:21.025Z WPEFramework[12520]:  SUMMARY: AddressSanitizer: global-buffer-overflow (/usr/lib/wpeframework/plugins/libWPEFrameworkSystemAudioPlayer.so+0xbb846)
2024-11-29T14:03:21.026Z WPEFramework[12520]:  Shadow bytes around the buggy address:
2024-11-29T14:03:21.026Z WPEFramework[12520]:    0x3476edc0: f9 f9 f9 f9 00 00 00 00 04 f9 f9 f9 f9 f9 f9 f9
2024-11-29T14:03:21.026Z WPEFramework[12520]:    0x3476edd0: 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 01 f9 f9 f9
2024-11-29T14:03:21.026Z WPEFramework[12520]:    0x3476ede0: f9 f9 f9 f9 00 00 00 f9 f9 f9 f9 f9 00 00 00 f9
2024-11-29T14:03:21.026Z WPEFramework[12520]:    0x3476edf0: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9
2024-11-29T14:03:21.026Z WPEFramework[12520]:    0x3476ee00: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
2024-11-29T14:03:21.026Z WPEFramework[12520]:  =>0x3476ee10: 00 00 00[04]f9 f9 f9 f9 00 00 00 00 04 f9 f9 f9
2024-11-29T14:03:21.026Z WPEFramework[12520]:    0x3476ee20: f9 f9 f9 f9 00 00 00 f9 f9 f9 f9 f9 00 00 00 f9
2024-11-29T14:03:21.026Z WPEFramework[12520]:    0x3476ee30: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
2024-11-29T14:03:21.026Z WPEFramework[12520]:    0x3476ee40: 04 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9
2024-11-29T14:03:21.026Z WPEFramework[12520]:    0x3476ee50: 00 00 00 f9 f9 f9 f9 f9 00 04 f9 f9 f9 f9 f9 f9
2024-11-29T14:03:21.026Z WPEFramework[12520]:    0x3476ee60: 00 00 00 f9 f9 f9 f9 f9 00 00 00 f9 f9 f9 f9 f9
2024-11-29T14:03:21.026Z WPEFramework[12520]:  Shadow byte legend (one shadow byte represents 8 application bytes):
2024-11-29T14:03:21.027Z WPEFramework[12520]:    Addressable:           00
2024-11-29T14:03:21.027Z WPEFramework[12520]:    Partially addressable: 01 02 03 04 05 06 07
2024-11-29T14:03:21.027Z WPEFramework[12520]:    Heap left redzone:       fa
2024-11-29T14:03:21.027Z WPEFramework[12520]:    Freed heap region:       fd
2024-11-29T14:03:21.027Z WPEFramework[12520]:    Stack left redzone:      f1
2024-11-29T14:03:21.027Z WPEFramework[12520]:    Stack mid redzone:       f2
2024-11-29T14:03:21.027Z WPEFramework[12520]:    Stack right redzone:     f3
2024-11-29T14:03:21.027Z WPEFramework[12520]:    Stack after return:      f5
2024-11-29T14:03:21.027Z WPEFramework[12520]:    Stack use after scope:   f8
2024-11-29T14:03:21.027Z WPEFramework[12520]:    Global redzone:          f9
2024-11-29T14:03:21.027Z WPEFramework[12520]:    Global init order:       f6
2024-11-29T14:03:21.027Z WPEFramework[12520]:    Poisoned by user:        f7
2024-11-29T14:03:21.027Z WPEFramework[12520]:    Container overflow:      fc
2024-11-29T14:03:21.027Z WPEFramework[12520]:    Array cookie:            ac
2024-11-29T14:03:21.027Z WPEFramework[12520]:    Intra object redzone:    bb
2024-11-29T14:03:21.028Z WPEFramework[12520]:    ASan internal:           fe
2024-11-29T14:03:21.028Z WPEFramework[12520]:    Left alloca redzone:     ca
2024-11-29T14:03:21.028Z WPEFramework[12520]:    Right alloca redzone:    cb
2024-11-29T14:03:21.028Z WPEFramework[12520]:    Shadow gap:              cc
2024-11-29T14:03:21.028Z WPEFramework[12520]:  =================================================================
2024-11-29T14:03:21.029Z WPEFramework[12520]:  ==12520==ERROR: AddressSanitizer: global-buffer-overflow on address 0xa3b77024 at pc 0xa392bb1d bp 0xbbfe5f38 sp 0xbbfe5f3c
2024-11-29T14:03:21.029Z WPEFramework[12520]:  READ of size 4 at 0xa3b77024 thread T0
2024-11-29T14:03:21.030Z WPEFramework[12520]:      #0 0xa392bb1a  (/usr/lib/wpeframework/plugins/libWPEFrameworkSystemAudioPlayer.so+0xbbb1a)
2024-11-29T14:03:21.030Z WPEFramework[12520]:      #1 0xa38e3c1e  (/usr/lib/wpeframework/plugins/libWPEFrameworkSystemAudioPlayer.so+0x73c1e)
2024-11-29T14:03:21.030Z WPEFramework[12520]:  0xa3b77024 is located 60 bytes to the left of global variable 'ExchangeSystemAudioPlayerStubMethods' defined in '/mnt/jenkins/workspace/SKY-LLAMA-PANEL-Yocto-Pipeline/build-sky-llama-panel/tmp/work/armv7at2hf-neon-rdk-linux-gnueabi/rdkservices/3.0+gitAUTOINC+ab38eb4c76-r1/git/SystemAudioPlayer/ProxyStubs_SystemAudioPlayer.cpp:46:30' (0xa3b77060) of size 60
2024-11-29T14:03:21.031Z WPEFramework[12520]:  0xa3b77024 is located 0 bytes to the right of global variable 'ExchangeSystemAudioPlayerNotificationStubMethods' defined in '/mnt/jenkins/workspace/SKY-LLAMA-PANEL-Yocto-Pipeline/build-sky-llama-panel/tmp/work/armv7at2hf-neon-rdk-linux-gnueabi/rdkservices/3.0+gitAUTOINC+ab38eb4c76-r1/git/SystemAudioPlayer/ProxyStubs_SystemAudioPlayer.cpp:346:30' (0xa3b77020) of size 4
2024-11-29T14:03:21.031Z WPEFramework[12520]:  SUMMARY: AddressSanitizer: global-buffer-overflow (/usr/lib/wpeframework/plugins/libWPEFrameworkSystemAudioPlayer.so+0xbbb1a)
2024-11-29T14:03:21.031Z WPEFramework[12520]:  Shadow bytes around the buggy address:
2024-11-29T14:03:21.031Z WPEFramework[12520]:    0x3476edb0: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 f9 f9 f9
2024-11-29T14:03:21.031Z WPEFramework[12520]:    0x3476edc0: f9 f9 f9 f9 00 00 00 00 04 f9 f9 f9 f9 f9 f9 f9
2024-11-29T14:03:21.032Z WPEFramework[12520]:    0x3476edd0: 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 01 f9 f9 f9
2024-11-29T14:03:21.032Z WPEFramework[12520]:    0x3476ede0: f9 f9 f9 f9 00 00 00 f9 f9 f9 f9 f9 00 00 00 f9
2024-11-29T14:03:21.032Z WPEFramework[12520]:    0x3476edf0: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9
2024-11-29T14:03:21.032Z WPEFramework[12520]:  =>0x3476ee00: f9 f9 f9 f9[04]f9 f9 f9 f9 f9 f9 f9 00 00 00 00
2024-11-29T14:03:21.032Z WPEFramework[12520]:    0x3476ee10: 00 00 00 04 f9 f9 f9 f9 00 00 00 00 04 f9 f9 f9
2024-11-29T14:03:21.032Z WPEFramework[12520]:    0x3476ee20: f9 f9 f9 f9 00 00 00 f9 f9 f9 f9 f9 00 00 00 f9
2024-11-29T14:03:21.032Z WPEFramework[12520]:    0x3476ee30: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
2024-11-29T14:03:21.032Z WPEFramework[12520]:    0x3476ee40: 04 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9
2024-11-29T14:03:21.032Z WPEFramework[12520]:    0x3476ee50: 00 00 00 f9 f9 f9 f9 f9 00 04 f9 f9 f9 f9 f9 f9
2024-11-29T14:03:21.032Z WPEFramework[12520]:  Shadow byte legend (one shadow byte represents 8 application bytes):
2024-11-29T14:03:21.032Z WPEFramework[12520]:    Addressable:           00
2024-11-29T14:03:21.032Z WPEFramework[12520]:    Partially addressable: 01 02 03 04 05 06 07
2024-11-29T14:03:21.032Z WPEFramework[12520]:    Heap left redzone:       fa
2024-11-29T14:03:21.032Z WPEFramework[12520]:    Freed heap region:       fd
2024-11-29T14:03:21.032Z WPEFramework[12520]:    Stack left redzone:      f1
2024-11-29T14:03:21.038Z WPEFramework[12520]:    Stack mid redzone:       f2
2024-11-29T14:03:21.038Z WPEFramework[12520]:    Stack right redzone:     f3
2024-11-29T14:03:21.038Z WPEFramework[12520]:    Stack after return:      f5
2024-11-29T14:03:21.038Z WPEFramework[12520]:    Stack use after scope:   f8
2024-11-29T14:03:21.038Z WPEFramework[12520]:    Global redzone:          f9
2024-11-29T14:03:21.038Z WPEFramework[12520]:    Global init order:       f6
2024-11-29T14:03:21.038Z WPEFramework[12520]:    Poisoned by user:        f7
2024-11-29T14:03:21.038Z WPEFramework[12520]:    Container overflow:      fc
2024-11-29T14:03:21.038Z WPEFramework[12520]:    Array cookie:            ac
2024-11-29T14:03:21.038Z WPEFramework[12520]:    Intra object redzone:    bb
2024-11-29T14:03:21.039Z WPEFramework[12520]:    ASan internal:           fe
2024-11-29T14:03:21.039Z WPEFramework[12520]:    Left alloca redzone:     ca
2024-11-29T14:03:21.039Z WPEFramework[12520]:    Right alloca redzone:    cb
2024-11-29T14:03:21.039Z WPEFramework[12520]:    Shadow gap:              cc

Notes (Optional)

No response
@npoltorapavlo npoltorapavlo added the bug Something isn't working label Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@npoltorapavlo