Actions
Bug #6934
openUBSAN: null pointer passed as argument to memcpy in unit test
Description
Unit test HTPBodyReassemblyTest01 causes UndefinedBehaviorSanitizer runtime error: null pointer passed as argument 2, which is declared to never be null
while calling memcpy function with null pointer variable htud->boundary as argument 2 and zero length at HtpRequestBodySetupBoundary (app-layer-htp.c).
Full log:
# ASAN_OPTIONS=detect_leaks=0 UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:symbolize=1:dedup_token_length=3 ./src/suricata -u -U HTPBodyReassemblyTest01
Test HTPBodyReassemblyTest01 : app-layer-htp.c:1371:26: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:44:28: note: nonnull attribute specified here
#0 0x5a6e360f2312 in HtpRequestBodySetupBoundary app-layer-htp.c
#1 0x5a6e360ec736 in HtpRequestBodyHandleMultipart app-layer-htp.c
#2 0x5a6e3612ac9c in HTPBodyReassemblyTest01 app-layer-htp.c
#3 0x5a6e35f4905b in UtRunTests (/test-target/suricata/src/.libs/suricata+0x113b05b) (BuildId: 3876c85034711eefc9f2fce8b561e929e354baf9)
#4 0x5a6e370c41e0 in RunUnittests (/test-target/suricata/src/.libs/suricata+0x22b61e0) (BuildId: 3876c85034711eefc9f2fce8b561e929e354baf9)
#5 0x5a6e35ddd1a4 in SCStartInternalRunMode (/test-target/suricata/src/.libs/suricata+0xfcf1a4) (BuildId: 3876c85034711eefc9f2fce8b561e929e354baf9)
#6 0x5a6e35dca117 in main (/test-target/suricata/src/.libs/suricata+0xfbc117) (BuildId: 3876c85034711eefc9f2fce8b561e929e354baf9)
#7 0x700345f7e082 in __libc_start_main /build/glibc-wuryBv/glibc-2.31/csu/../csu/libc-start.c:308:16
#8 0x5a6e35cf6bdd in _start (/test-target/suricata/src/.libs/suricata+0xee8bdd) (BuildId: 3876c85034711eefc9f2fce8b561e929e354baf9)
DEDUP_TOKEN: HtpRequestBodySetupBoundary--HtpRequestBodyHandleMultipart--HTPBodyReassemblyTest01
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior app-layer-htp.c:1371:26 in
pass
==== TEST RESULTS ====
PASSED: 1
FAILED: 0
======================
Compiled with:
./configure CC=clang CXX=clang++ CFLAGS="-fsanitize=address,undefined" CXXFLAGS="-fsanitize=address,undefined" --enable-unittests --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/
Actions