Bug 57257 – Add -fsanitize=address to univention_policy_result for memory checks during runtime

Bug 57257 - Add -fsanitize=address to univention_policy_result for memory checks during runtime


Summary:	Add -fsanitize=address to univention_policy_result for memory checks during r...

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	General
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 5.0-7-errata
Assigned To:	Mika Westphal
QA Contact:	Philipp Hahn

URL:	https://git.knut.univention.de/univen...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2024-05-06 10:39 CEST by Mika Westphal
Modified:	2024-05-15 12:32 CEST (History)
CC List:	0 users

See Also:
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mika Westphal

2024-05-06 10:39:29 CEST

After we fixed the Bug #57173 we talked about compiler flags, that could have saved/helped us. GCC does not have any compiler flags that could detect such errors during compile time because our C code was syntactically right and legal C. But it will show a good error + traceback during the runtime when an error occurs. If you want to know more about it, here is the documentation from Google about it: https://github.com/google/sanitizers/wiki/AddressSanitizer

Comment 1 Mika Westphal

2024-05-14 11:53:35 CEST

We are now using address sanitizer to get more informations when we run into as example into an buffer overflow.

5.0-7
univention-policy.yaml
432f89ade303 | Bug #57257: Added compiler flag -fsanitize=address to univention-policy-result to detect as example memory leaks or overflows.

univention-policy (11.0.4-4)
432f89ade303 | Bug #57257: Added compiler flag -fsanitize=address to univention-policy-result to detect as example memory leaks or overflows.

5.1-0
univention-policy (12.0.6)
5837dd6d6a92 | Bug #57257: Added compiler flag -fsanitize=address to univention-policy-result to detect as example memory leaks or overflows.

5.2-0
univention-policy (13.0.5)
a4a6806ce88f | Bug #57257: Added compiler flag -fsanitize=address to univention-policy-result to detect as example memory leaks or overflows.

Comment 2 Philipp Hahn

2024-05-14 13:02:46 CEST

# 5.0-7
OK: 432f89ade303
OK: Version: 11.0.4-4
OK: 

# 5.1-0
OK: 5837dd6d6a92
OK: Version: 13.0.5

# 5.2-0
OK: a4a6806ce88f
OK: Version: 12.0.6
OK: univention_policy_result -D "$(ucr get ldap/hostdn)" -y /etc/machine.secret "$(ucr get ldap/base)"

OK: bzgrep --color -e -fsanitize=address /var/univention/buildsystem2/logs/ucs_5.0-0-errata5.0-7/univention-policy_11.0.4-4_202405141134.log.bz2 /var/univention/buildsystem2/logs/ucs_5.1-0/univention-policy_12.0.6_202405141148.log.bz2 /var/univention/buildsystem2/logs/ucs_5.2-0/univention-policy_13.0.5_202405141146.log.bz2

OK: triggers crash on heap-buffer-overflow as documented (and fixed!) at https://git.knut.univention.de/univention/ucs/-/merge_requests/1134

Comment 3 Christian Castens

2024-05-15 12:32:14 CEST

<https://errata.software-univention.de/#/?erratum=5.0x1050>