Closed evverx closed 4 years ago
FWIW apparently this issue was also reported by Coverity three days ago:
Hi,
Please find the latest report on new defect(s) introduced to systemd/systemd found with Coverity Scan.
2 new defect(s) introduced to systemd/systemd found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1429928: Memory - corruptions (OVERRUN)
/src/network/networkd-dhcp6.c: 1068 in dhcp6_assign_delegated_prefix()
________________________________________________________________________________________________________
*** CID 1429928: Memory - corruptions (OVERRUN)
/src/network/networkd-dhcp6.c: 1068 in dhcp6_assign_delegated_prefix()
1062 if (r < 0)
1063 return log_link_error_errno(link, r, "Failed to allocate address for DHCPv6 delegated prefix: %m");
1064
1065 address->in_addr.in6 = *prefix;
1066
1067 if (!in_addr_is_null(AF_INET6, &link->network->dhcp6_delegation_prefix_token))
CID 1429928: Memory - corruptions (OVERRUN)
Overrunning buffer pointed to by "&address->in_addr.in6.__in6_u.__u6_addr8 + 8" of 16 bytes by passing it to a function which accesses it at byte offset 135 using argument "8UL".
1068 memcpy(&address->in_addr.in6.s6_addr + 8, &link->network->dhcp6_delegation_prefix_token.in6.s6_addr + 8, 8);
1069 else {
1070 r = generate_ipv6_eui_64_address(link, &address->in_addr.in6);
1071 if (r < 0)
1072 return log_link_warning_errno(link, r, "Failed to generate EUI64 address for acquired DHCPv6 delegated prefix: %m");
1073 }
** CID 1429927: Memory - corruptions (OVERRUN)
/src/network/networkd-dhcp6.c: 1068 in dhcp6_assign_delegated_prefix()
________________________________________________________________________________________________________
*** CID 1429927: Memory - corruptions (OVERRUN)
/src/network/networkd-dhcp6.c: 1068 in dhcp6_assign_delegated_prefix()
1062 if (r < 0)
1063 return log_link_error_errno(link, r, "Failed to allocate address for DHCPv6 delegated prefix: %m");
1064
1065 address->in_addr.in6 = *prefix;
1066
1067 if (!in_addr_is_null(AF_INET6, &link->network->dhcp6_delegation_prefix_token))
Показать цитату целикомПоказать всю переписку
1068 memcpy(&address->in_addr.in6.s6_addr + 8, &link->network->dhcp6_delegation_prefix_token.in6.s6_addr + 8, 8);
1069 else {
1070 r = generate_ipv6_eui_64_address(link, &address->in_addr.in6);
1071 if (r < 0)
1072 return log_link_warning_errno(link, r, "Failed to generate EUI64 address for acquired DHCPv6 delegated prefix: %m");
1073 }
Since both gcc and Coverity are complaining about this I'll go ahead and add the "bug" label and the "246" milestone.
cc @yuwata @ssahani
@evverx I hope https://github.com/systemd/systemd/pull/16227 will fix this.
@ssahani could you cherry-pick the commit from https://github.com/systemd/systemd/pull/16225 just to make sure gcc
no longer complains?
Ok done.
I'm not sure why it hasn't been caught by the "build test" workflow (where
systemd
is built with gcc-10, -O3 and -flto)