vppinfra: fix random buffer OOB crash with ASAN

Don't truncate with vec_set_len bytes before they can be used. When built with ASAN, it these bytes are poisoned and trigger SIGSEGV when read. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: I912dbbd83822b884f214b3ddcde02e3527848592
author: Dmitry Valter <d-valter@yandex-team.ru> 2023-01-22 13:09:15 +0000
committer: Dmitry Valter <dvalter@protonmail.com> 2023-01-22 13:09:15 +0000
commit: 3b5ab65bd3a821dd82acfc34069293ff39dc1ef7 (patch)
tree: 0be23d83bd55895409a2b0db8d23d2a979ff2ebd /src/vppinfra
parent: 6a782ca3b0782116c5f34d1c958998e9a0af41ca (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/src/vppinfra/random_buffer.h b/src/vppinfra/random_buffer.h
index 078e9607caa..83e6bcef479 100644
--- a/src/vppinfra/random_buffer.h
+++ b/src/vppinfra/random_buffer.h
@@ -54,6 +54,9 @@ typedef struct
   /* Random buffer. */
   uword *buffer;
 
+  /* An actual length to be applied before using the buffer. */
+  uword next_read_len;
+
   /* Cache up to 1 word worth of bytes for random data
      less than one word at a time. */
   uword n_cached_bytes;
@@ -84,6 +87,11 @@ clib_random_buffer_get_data (clib_random_buffer_t * b, uword n_bytes)
 {
   uword n_words, i, l;
 
+  if (b->buffer)
+    vec_set_len (b->buffer, b->next_read_len);
+  else
+    ASSERT (b->next_read_len == 0);
+
   l = b->n_cached_bytes;
   if (n_bytes <= l)
     {
@@ -100,7 +108,7 @@ clib_random_buffer_get_data (clib_random_buffer_t * b, uword n_bytes)
     clib_random_buffer_fill (b, n_words);
 
   i = vec_len (b->buffer) - n_words;
-  vec_set_len (b->buffer, i);
+  b->next_read_len = i;
 
   if (n_bytes < sizeof (uword))
     {
author	Dmitry Valter <d-valter@yandex-team.ru>	2023-01-22 13:09:15 +0000
committer	Dmitry Valter <dvalter@protonmail.com>	2023-01-22 13:09:15 +0000
commit	3b5ab65bd3a821dd82acfc34069293ff39dc1ef7 (patch)
tree	0be23d83bd55895409a2b0db8d23d2a979ff2ebd /src/vppinfra
parent	6a782ca3b0782116c5f34d1c958998e9a0af41ca (diff)