soenkehahn/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity
lix/src/nix
History
jade b9b1bbd22f diff-closures: fix a use after free 
Found by looking for interesting asan reports from the test suite.

What happened here is that name got overwritten, but it was what
actually held the backing memory for the thing it got overwritten by,
which was a by-reference value coming out of std::regex.

Due to absurd reasons I cannot seem to use a string_view iterator here,
so I just copy the string with a longer lifetime instead. idk lol

==3796364==ERROR: AddressSanitizer: heap-use-after-free on address 0x503000014c61 at pc 0x74843523bf1d bp 0x7ffc68351330 sp 0x7ffc68350af0
READ of size 3 at 0x503000014c61 thread T0
    0 0x74843523bf1c in __asan_memcpy (/nix/store/mzhqknx2mc94jdz4n320hn1lml86398y-clang-wrapper-17.0.6/resource-root/lib/linux/libclang_rt.asan-x86_64.so+0x159f1c)
    1 0x6403cf6cbff4 in std::char_traits<char>::copy(char*, char const*, unsigned long) /nix/store/14c6s4xzhy14i2b05s00rjns2j93gzz4-gcc-13.2.0/include/c++/13.2.0/bits/char_traits.h:445:33
    <...>
    7 0x6403cf6cbff4 in std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>::str() const /nix/store/14c6s4xzhy14i2b05s00rjns2j93gzz4-gcc-13.2.0/include/c++/13.2.0/bits/regex.h:966:6
    8 0x6403cf6cbff4 in std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>::operator std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>() const /nix/store/14c6s4xzhy14i2b05s00rjns2j93gzz4-gcc-13.2.0/include/c++/13.2.0/bits/regex.h:955:16
    9 0x6403cf6cbff4 in nix::getClosureInfo[abi:cxx11](nix::ref<nix::Store>, nix::StorePath const&) /home/jade/lix/lix2/build/src/nix/diff-closures.cc:37:26
    10 0x6403cf6cd70c in nix::printClosureDiff(nix::ref<nix::Store>, nix::StorePath const&, nix::StorePath const&, std::basic_string_view<char, std::char_traits<char>>) /home/jade/lix/lix2/build/src/nix/diff-closures.cc:54:25
    11 0x6403cf873331 in CmdProfileDiffClosures::run(nix::ref<nix::Store>) /home/jade/lix/lix2/build/src/nix/profile.cc:479:17
    <...>

0x503000014c61 is located 17 bytes inside of 21-byte region [0x503000014c50,0x503000014c65)
freed by thread T0 here:
    0 0x748435250470 in operator delete(void*) (/nix/store/mzhqknx2mc94jdz4n320hn1lml86398y-clang-wrapper-17.0.6/resource-root/lib/linux/libclang_rt.asan-x86_64.so+0x16e470)
    <...>
    6 0x6403cf6cbda2 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::~basic_string() /nix/store/14c6s4xzhy14i2b05s00rjns2j93gzz4-gcc-13.2.0/include/c++/13.2.0/bits/basic_string.h:792:9
    7 0x6403cf6cbda2 in nix::getClosureInfo[abi:cxx11](nix::ref<nix::Store>, nix::StorePath const&) /home/jade/lix/lix2/build/src/nix/diff-closures.cc:36:13
    8 0x6403cf6cd70c in nix::printClosureDiff(nix::ref<nix::Store>, nix::StorePath const&, nix::StorePath const&, std::basic_string_view<char, std::char_traits<char>>) /home/jade/lix/lix2/build/src/nix/diff-closures.cc:54:25
    <...>

previously allocated by thread T0 here:
    0 0x74843524fa38 in operator new(unsigned long) (/nix/store/mzhqknx2mc94jdz4n320hn1lml86398y-clang-wrapper-17.0.6/resource-root/lib/linux/libclang_rt.asan-x86_64.so+0x16da38)
    <...>
    9 0x6403cf6cb68c in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::basic_string<std::basic_string_view<char, std::char_traits<char>>, void>(std::basic_string_view<char, std::char_traits<char>> const&, std::allocator<char> const&) /nix/store/14c6s4xzhy14i2b05s00rjns2j93gzz4-gcc-13.2.0/include/c++/13.2.0/bits/basic_string.h:784:4
    10 0x6403cf6cb68c in nix::getClosureInfo[abi:cxx11](nix::ref<nix::Store>, nix::StorePath const&) /home/jade/lix/lix2/build/src/nix/diff-closures.cc:33:21
    11 0x6403cf6cd70c in nix::printClosureDiff(nix::ref<nix::Store>, nix::StorePath const&, nix::StorePath const&, std::basic_string_view<char, std::char_traits<char>>) /home/jade/lix/lix2/build/src/nix/diff-closures.cc:54:25
    12 0x6403cf873331 in CmdProfileDiffClosures::run(nix::ref<nix::Store>) /home/jade/lix/lix2/build/src/nix/profile.cc:479:17
    <...>

Change-Id: I9c408cf2a3d3155f9f7b2ad4848ee6c741331db0
2024-06-18 15:11:49 -07:00
..
realisation fix spelling mistakes reported by Debian's lintian tool 2022-01-30 10:51:39 +02:00
add-file.md Split 'nix store add-to-store' into 'add-path' and 'add-file' 2020-12-04 00:59:24 +01:00
add-path.md Split 'nix store add-to-store' into 'add-path' and 'add-file' 2020-12-04 00:59:24 +01:00
add-to-store.cc Simplify ContentAddress 2023-07-07 07:30:01 -04:00
app.cc Allow dynamic derivation deps in inputDrvs 2023-09-07 10:39:37 -04:00
build.cc Make the Derived Path family of types inductive for dynamic derivations 2023-08-10 00:08:32 -04:00
build.md docs: guide to installables docs in installable commands' docs 2024-04-29 08:06:05 -06:00
bundle.cc Overhaul completions, redo #6693 (#8131) 2024-03-25 15:30:36 +00:00
bundle.md docs: guide to installables docs in installable commands' docs 2024-04-29 08:06:05 -06:00
cat.cc nix cat/dump-path/key: stop progress bar before writeFull 2024-05-18 17:51:16 +00:00
config.cc chore: rebrand Nix to Lix when it makes sense 2024-06-01 20:31:24 +02:00
copy.cc Make command infra less stateful and more regular 2023-03-15 16:29:07 -04:00
copy.md Also use long options in src/nix/*.md 2023-05-17 08:10:30 +01:00
daemon.cc util.hh: Delete remaining file and clean up headers 2024-05-29 12:38:51 +02:00
daemon.md Port the flags of nix-daemon to nix daemon (#8788) 2023-08-28 13:43:34 +00:00
derivation-add.cc Create nix derivation add command 2023-04-07 08:34:58 -04:00
derivation-add.md docs: guide to installables docs in installable commands' docs 2024-04-29 08:06:05 -06:00
derivation-show.cc Rename files to reflect new nix derivation show name 2023-04-07 08:34:58 -04:00
derivation-show.md docs: guide to installables docs in installable commands' docs 2024-04-29 08:06:05 -06:00
derivation.cc nix show-derivation -> nix derivation show 2023-04-07 08:34:58 -04:00
develop.cc Remove 100s of CPU time (10%) from build times (1465s -> 1302s) 2024-05-29 22:16:15 -07:00
develop.md chore: rebrand Nix to Lix when it makes sense 2024-06-01 20:31:24 +02:00
diff-closures.cc diff-closures: fix a use after free 2024-06-18 15:11:49 -07:00
diff-closures.md docs: guide to installables docs in installable commands' docs 2024-04-29 08:06:05 -06:00
doctor.cc util.hh: Delete remaining file and clean up headers 2024-05-29 12:38:51 +02:00
dump-path.cc nix cat/dump-path/key: stop progress bar before writeFull 2024-05-18 17:51:16 +00:00
edit.cc util.{hh,cc}: Split out current-process.{hh,cc} 2024-05-29 11:01:34 +02:00
edit.md docs: guide to installables docs in installable commands' docs 2024-04-29 08:06:05 -06:00
eval.cc nix3-eval: don't elide top-level errors 2024-05-08 13:37:20 -06:00
eval.md docs: guide to installables docs in installable commands' docs 2024-04-29 08:06:05 -06:00
flake-archive.md Add 'nix flake' manpages 2020-12-23 18:26:40 +01:00
flake-check.md chore: rebrand Nix to Lix when it makes sense 2024-06-01 20:31:24 +02:00
flake-clone.md Add 'nix flake' manpages 2020-12-23 18:26:40 +01:00
flake-init.md Update docs 2022-02-22 14:32:56 +01:00
flake-lock.md chore: rebrand Nix to Lix when it makes sense 2024-06-01 20:31:24 +02:00
flake-metadata.md Merge 'nix flake {info,list-inputs}' into 'nix flake metadata' 2021-03-16 17:19:04 +01:00
flake-new.md Add 'nix flake' manpages 2020-12-23 18:26:40 +01:00
flake-prefetch.md nix store prefetch-tarball -> nix flake prefetch 2021-01-11 12:36:39 +01:00
flake-show.md Update docs 2022-02-22 14:32:56 +01:00
flake-update.md chore: rebrand Nix to Lix when it makes sense 2024-06-01 20:31:24 +02:00
flake.cc libexpr: add expr memory management 2024-06-17 19:46:44 +00:00
flake.md doc: rewrite the multi-user documentation to actually talk about security 2024-06-12 15:34:23 -07:00
fmt.cc Merge pull request #9494 from sellout/nix-run-execv 2024-03-04 07:11:25 +01:00
fmt.md docs: guide to installables docs in installable commands' docs 2024-04-29 08:06:05 -06:00
get-env.sh Merge pull request #9032 from Ma27/structured-attrs-env-vars 2024-03-07 10:46:47 +01:00
hash.cc Merge pull request #7750 from obsidiansystems/no-args-prepare 2023-03-15 17:23:40 -04:00
help-stores.md chore: rebrand Nix to Lix when it makes sense 2024-06-01 20:31:24 +02:00
help.md Add 'nix help' manpage 2020-12-21 13:32:29 +01:00
key-convert-secret-to-public.md Add commands for generating secret/public keys 2021-01-06 17:49:31 +01:00
key-generate-secret.md Fix missing ` in key manual 2022-06-08 11:46:50 +02:00
log.cc Make the Derived Path family of types inductive for dynamic derivations 2023-08-10 00:08:32 -04:00
log.md chore: rebrand Nix to Lix when it makes sense 2024-06-01 20:31:24 +02:00
ls.cc Get rid of some unchecked calls to std::cout 2023-03-02 15:02:24 +01:00
main.cc libexpr: pass Exprs as references, not pointers 2024-06-17 19:46:44 +00:00
make-content-addressed.cc Make command infra less stateful and more regular 2023-03-15 16:29:07 -04:00
make-content-addressed.md clarify definition of "installable" 2023-03-05 01:46:17 +01:00
meson.build build: expose option to enable or disable precompiled std headers 2024-06-06 12:46:26 -06:00
nar-cat.md Add 'nix nar' manpages 2020-12-21 13:32:28 +01:00
nar-dump-path.md Add 'nix nar' manpages 2020-12-21 13:32:28 +01:00
nar-ls.md Also use long options in src/nix/*.md 2023-05-17 08:10:30 +01:00
nar.cc Make command infra less stateful and more regular 2023-03-15 16:29:07 -04:00
nar.md Add 'nix nar' manpages 2020-12-21 13:32:28 +01:00
nix.md chore: rebrand Nix to Lix when it makes sense 2024-06-01 20:31:24 +02:00
optimise-store.cc util.hh: split out signals stuff 2024-03-11 00:52:09 -07:00
optimise-store.md chore: rebrand Nix to Lix when it makes sense 2024-06-01 20:31:24 +02:00
path-from-hash-part.cc Add command 'nix store path-from-hash-part' 2022-10-18 16:51:12 +02:00
path-from-hash-part.md Add command 'nix store path-from-hash-part' 2022-10-18 16:51:12 +02:00
path-info.cc Replace src/libutil/json.cc with nlohmann json generation 2022-11-16 16:50:50 +01:00
path-info.md docs: guide to installables docs in installable commands' docs 2024-04-29 08:06:05 -06:00
ping-store.cc Add Store::isTrustedClient() 2023-04-06 19:59:57 -04:00
ping-store.md chore: rebrand Nix to Lix when it makes sense 2024-06-01 20:31:24 +02:00
prefetch.cc filetransfer: remove decompress request parameter 2024-04-25 01:33:08 +02:00
print-dev-env.md docs: guide to installables docs in installable commands' docs 2024-04-29 08:06:05 -06:00
profile-diff-closures.md Add 'nix profile' manpage 2020-12-21 13:32:29 +01:00
profile-history.md nix profile history: Show profile date 2021-09-14 20:47:33 +02:00
profile-install.md docs: guide to installables docs in installable commands' docs 2024-04-29 08:06:05 -06:00
profile-list.md nix3-profile: remove indices 2024-05-02 12:02:28 -06:00
profile-remove.md Merge changes Id1a67156,I03f4c7c1,I146736bb,I3b1453cb into main 2024-05-03 13:39:49 +00:00
profile-rollback.md Generations -> profile versions 2021-09-14 19:57:45 +02:00
profile-upgrade.md Merge changes Id1a67156,I03f4c7c1,I146736bb,I3b1453cb into main 2024-05-03 13:39:49 +00:00
profile-wipe-history.md Add 'nix profile wipe-history' command 2021-09-14 20:35:41 +02:00
profile.cc nix3-profile: make element names stable 2024-05-02 12:59:15 -06:00
profile.md Dedup some markdown -> C++ big literal stuff in build system 2023-05-15 10:38:11 -04:00
realisation.cc Move enabled experimental feature to libutil struct 2023-03-20 11:05:22 -04:00
registry-add.md nix registry: add --registry flag 2021-06-30 22:13:32 +03:00
registry-list.md Add 'nix registry' manpages 2020-12-21 13:32:27 +01:00
registry-pin.md Style tweaks 2021-07-07 10:02:55 +02:00
registry-remove.md nix registry: add --registry flag 2021-06-30 22:13:32 +03:00
registry.cc Overhaul completions, redo #6693 (#8131) 2024-03-25 15:30:36 +00:00
registry.md doc: Fix typo 2022-06-28 22:43:37 -04:00
repl.cc chore: rebrand Nix to Lix when it makes sense 2024-06-01 20:31:24 +02:00
repl.md docs: guide to installables docs in installable commands' docs 2024-04-29 08:06:05 -06:00
run.cc util.{hh,cc}: Split out current-process.{hh,cc} 2024-05-29 11:01:34 +02:00
run.hh Merge pull request #9494 from sellout/nix-run-execv 2024-03-04 07:11:25 +01:00
run.md chore: rebrand Nix to Lix when it makes sense 2024-06-01 20:31:24 +02:00
search.cc Merge pull request #9481 from iFreilicht/disallow-nix-search-without-search-terms 2024-03-04 08:40:12 +01:00
search.md docs: guide to installables docs in installable commands' docs 2024-04-29 08:06:05 -06:00
shell.md docs: guide to installables docs in installable commands' docs 2024-04-29 08:06:05 -06:00
sigs.cc nix cat/dump-path/key: stop progress bar before writeFull 2024-05-18 17:51:16 +00:00
store-cat.md Add 'nix store' NAR-related manpages 2020-12-21 13:32:28 +01:00
store-copy-log.cc Fix misrendering of 'nix store --help' 2023-03-21 12:02:19 +01:00
store-copy-log.md link "store derivation" to glossary definition 2022-12-21 11:42:50 +01:00
store-delete.cc Make command infra less stateful and more regular 2023-03-15 16:29:07 -04:00
store-delete.md clarify definition of "installable" 2023-03-05 01:46:17 +01:00
store-dump-path.md clarify definition of "installable" 2023-03-05 01:46:17 +01:00
store-gc.cc Deduplicate the Store downcasting with a template 2022-03-11 13:32:33 +00:00
store-gc.md Add 'nix store gc' command 2021-01-10 23:29:14 +01:00
store-ls.md Also use long options in src/nix/*.md 2023-05-17 08:10:30 +01:00
store-prefetch-file.md Fix some typos 2021-03-26 16:14:38 +01:00
store-repair.cc Make command infra less stateful and more regular 2023-03-15 16:29:07 -04:00
store-repair.md clarify definition of "installable" 2023-03-05 01:46:17 +01:00
store.cc Move store docs to 'nix help-stores' 2023-03-21 14:37:09 +01:00
upgrade-nix.cc util.{hh,cc}: Split out processes.{hh,cc} 2024-05-29 11:01:34 +02:00
upgrade-nix.md Fix the pages in the manual for Lix 2024-05-05 16:11:01 -07:00
verify.cc util.hh: split out signals stuff 2024-03-11 00:52:09 -07:00
verify.md Also use long options in src/nix/*.md 2023-05-17 08:10:30 +01:00
why-depends.cc Overhaul completions, redo #6693 (#8131) 2024-03-25 15:30:36 +00:00
why-depends.md chore: rebrand Nix to Lix when it makes sense 2024-06-01 20:31:24 +02:00