<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/62893>62893</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
[scudo] incorrect ScopedString::append overload picked up on several platforms, leading to crashes
</td>
</tr>
<tr>
<th>Labels</th>
<td>
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
q66
</td>
</tr>
</table>
<pre>
The `ScopedString::append` method has two overloads:
```
void append(const char *Format, va_list Args);
void append(const char *Format, ...) FORMAT(2, 3);
```
On some platforms, `va_list` is typedef'd to `char *` (while on others it's some opaque object etc., the actual definition is not clear). On those platforms, when you call `.append("formatstring", x)` with `x` being a `char *` or a string constant, it the `va_list` overload will get picked up, in case of string constants with this warning:
```
./tests/strings_test.cpp:66:22: warning: ISO C++ forbids converting a string constant to 'va_list' {aka 'char*'} [-Wwrite-strings]
```
This crashes at least some tests (known on 32-bit x86 and on ppc64le with musl at very least), and may possibly (but I'm not 100% sure) crash the allocator when logging.
Disambiguating this by making the `va_list` variant a non-overload fixes the problem.
Patch:
```
>From f2f90378d4a2c1f744c85d327c67ae8e862fdc7f Mon Sep 17 00:00:00 2001
From: Daniel Kolesa <daniel@octaforge.org>
Date: Tue, 23 May 2023 21:09:55 +0200
Subject: [PATCH] disambiguate ScopedString::append
On some targets, the definition of va_list may result in a wrong
overload of append getting picked up when passing a single string
as a variadic argument.
---
lib/scudo/standalone/report.cpp | 2 +-
lib/scudo/standalone/string_utils.cpp | 6 +++---
lib/scudo/standalone/string_utils.h | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/lib/scudo/standalone/report.cpp b/lib/scudo/standalone/report.cpp
index a37faac..9cb70ad 100644
--- a/lib/scudo/standalone/report.cpp
+++ b/lib/scudo/standalone/report.cpp
@@ -21,7 +21,7 @@ public:
void append(const char *Format, ...) {
va_list Args;
va_start(Args, Format);
- Message.append(Format, Args);
+ Message.vappend(Format, Args);
va_end(Args);
}
NORETURN ~ScopedErrorReport() {
diff --git a/lib/scudo/standalone/string_utils.cpp b/lib/scudo/standalone/string_utils.cpp
index 13fdb9c..3d921ba 100644
--- a/lib/scudo/standalone/string_utils.cpp
+++ b/lib/scudo/standalone/string_utils.cpp
@@ -218,7 +218,7 @@ int formatString(char *Buffer, uptr BufferLength, const char *Format, ...) {
return Res;
}
-void ScopedString::append(const char *Format, va_list Args) {
+void ScopedString::vappend(const char *Format, va_list Args) {
va_list ArgsCopy;
va_copy(ArgsCopy, Args);
// formatString doesn't currently support a null buffer or zero buffer length,
@@ -239,7 +239,7 @@ void ScopedString::append(const char *Format, va_list Args) {
void ScopedString::append(const char *Format, ...) {
va_list Args;
va_start(Args, Format);
- append(Format, Args);
+ vappend(Format, Args);
va_end(Args);
}
@@ -247,7 +247,7 @@ void Printf(const char *Format, ...) {
va_list Args;
va_start(Args, Format);
ScopedString Msg;
- Msg.append(Format, Args);
+ Msg.vappend(Format, Args);
outputRaw(Msg.data());
va_end(Args);
}
diff --git a/lib/scudo/standalone/string_utils.h b/lib/scudo/standalone/string_utils.h
index 4190119..a4cab52 100644
--- a/lib/scudo/standalone/string_utils.h
+++ b/lib/scudo/standalone/string_utils.h
@@ -25,7 +25,7 @@ public:
String.clear();
String.push_back('\0');
}
- void append(const char *Format, va_list Args);
+ void vappend(const char *Format, va_list Args);
void append(const char *Format, ...) FORMAT(2, 3);
void output() const { outputRaw(String.data()); }
void reserve(size_t Size) { String.reserve(Size + 1); }
--
2.39.0
```
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJysWEtz2zrS_TXwpkssChQfWmghyVF9t77xTcr21CxdINkkMYYAXgCUrCzmt08BJPWKnZGTm0rJJNhoNE6fPngwY3gtERckXpH4_o51tlF68VeS3OWqPCyeGwSShE-FarF8sprLmkRLEi1Z26IsSRLCFm2jSmiYAbtXoHaohWKlcXbhPQnH3yQc_vvXneIlDE5oVihpLBQN00DocqP0lllC17BjL4IbC0tdG0LnJFp9pncQBITOYfP18WH5TGhGXWN07ucqqP73qwSjtgitYLZSemtcN5KEQzBuztyAPbRYYkVoWoJV7vsYgDMgNNs3XCAoCco2qA1wS2hqeteqZX91CCr_NxYW0BaBG8M2CKywHRNQYsUlt1xJN5ZUFgqBTBM6D-CrBNsocxXgvkEJB9VBwYRw4QRHfAillQfF9AmkHog3B0QSwp7bxtm_uZccuayBXU9HaWDQ9waPNpMeYW590JfgjAyAPRcCarTQ8uIVS-ha30dCwQyCqq49mj4W23ADe6blQLaPSRQQurForCF00_syL-49KNqWRMskIdGSUhItz9zBH09fYU3oitAVVErnvDQugh1q28_9KiqfXZqOE6QpkHTFXplrdBg5iGhK0nsg8Wryr73mFidDNCS-_wnRnt1EC81MgwaYBYHM2J4gflaORa9S7aVjUUQnObfwliXAZOla2rZIZgJ70LadEc7HDvWhd-TSS9feeMsO0CpjeC4OzmneWfiD0HTrmTUNQ0JjMJ1GVy4-oJ6LQqiCWaV7cglV11zWwfkU7rlh25zXHfPg-dTlB9iy1_71mhs7prnDlIFUcnJkSsXf0HjzVqtc4PZikG_MFs3PmbDRagsVreZhlGbljNFiWqWzWZHFZUTTIkkZZpgltCqLtIIHJeEJW5imEIYkWg4_QMNwevLnyHLPJEcB_68EGgYkWpe-gcxCVVhWKV1joHRNoi8DHsyi6_fcoQOfRvDADkBDGgGdukHmJFrGMRC6Cmk4BP_UeR1w_Ui8-rZ8Xv8fie-hPGGL8KECvyNclukarRkl5UxLVHWUVMcJjaYT1lUkg71Wsu79HNOiqkFkXRX7BB8ruadE69aPvmi4rAUOtdO7YQZYn_CSF8B03W1R2iGzk8mkfwDBc1e-RVcqX8ZMlkwoiYRuNLZK-2qG_h9J10AdeDd07kN56SwXxrtwnRPoK9-5uCWCCyfNexFEUHGBxi0_ssbSgR4Dl8bJiZLGy-9qqMUYShQ4tk9c61n6Sl5VMJnU3AIjdHMbLvmtlv0YXJb4BixKK8aKIJgXeRqy0klAMpsdM3P7-EP8I6afDYfMQjILYUKnhK5TB-v41H9ou1zw4lj6APCplZ-kq2NHuNxMjDsA12os05bQrN9lrGH0c9onTFz_BzSG1XhaV0_jXe9PHBSj-e4G-zG-3u6dryS9Pz7_-fXxy_M_H_-E__Si8EVrpR89sp5tZ_O-nVI_VMv_yOS1_Tm9plFV5vMiCKJyTqc5-yy93vd9M8k-6H6kWnbiWnZONi4t9PukQWZpNjJr1VUVape5rrUa-td_oKxt4xpvpqFG22kJj3hGwFNqB4A8xT_U-5s3y6dhCV194HP3606vCmqt2sM5YXfspXBNPZv91_d5T-iG0M0F8FAqNJLQ1ELRaY3SigOYrnUMdzuHTgjIfQrcxvQ7ajW-ijElVzmP5secj4_9p78d61_2-ANX3pcruFmwbpSpG-XpY3G65u8R9Fl6BH18PAP9m-bSVp_T8N9QcICLpMCDqc_BejD1rbrubW9ETXW27ewj2xOauW4ls6zX6AvDG8D9RSVvPiWWzbmKz6bzcDqdBwGbFSyP6W-pePM7Gt5cESs-8ir-2Wahz3QwHJyzH9bb4XvbmeYlZ8Wrt0lJvA7dnw_W38mtW5CPri48hbyLT4vvRT3-TTcgo6ueqcP-oXdH0tUFgQe8rjl8sTfxvjQa1DskNDP8O75YeOLfcajlEfWTjfvokgnTa3-TySApNIjmQXh18LsrF1E5j-bsDhfTJJtlyTyj2V2zCMusmpchzqY5VlVVsDwvp1WSztM0TrMsvOMLdyALYxpN5zSaZUFclVhiVmGesCwuIjILccu4CITYbd357o4b0-Eiodk8uhMsR2HGGzO9cEaTvKsNmYUuXebUzXIr_N1aT_L4HrgslNZY2A_XiNP9yemwpSQY3KFm4vLSRyAr_UFbjfcId50Wi8ba1t-_-bW15rbp8qBQW1dzYjf-mbRa-XMn3fjpGUI3fob_DQAA__-5aBE9">