Fix overflow for permanent peer address TTL#343
Open
alienx5499 wants to merge 1 commit intolibp2p:masterfrom
Open
Fix overflow for permanent peer address TTL#343alienx5499 wants to merge 1 commit intolibp2p:masterfrom
alienx5499 wants to merge 1 commit intolibp2p:masterfrom
Conversation
alienx5499
force-pushed
the
fix-281-permanent-ttl
branch
from
25d39bc to
409add9
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fix undefined behaviour in
InmemAddressRepository::calculateExpirationTimewhen usingpeer::ttl::kPermanentby mapping permanent TTLs directly toClock::time_point::max()and adding a regression test.Details
Signed overflow in InmemAddressRepository::upsertAddresses(GitHub issue#281).calculateExpirationTimeusedmax_time - ttlandnow + ttl; forttl::kPermanent == std::chrono::milliseconds::max()both operations can overflow the underlying duration type and trigger UBSAN.ttl::kPermanentincalculateExpirationTimeand immediately returnClock::time_point::max().now >= max_time - ttl ? max_time : now + ttl) for all other TTL values.Tests
InmemAddressRepository_Test.PermanentTtlNoOverflowintest/libp2p/peer/address_repository/inmem_address_repository_test.cpp, which:ttl::kPermanentviaaddAddressesandupsertAddresses.collectGarbage()(permanent TTL addresses should never expire).InmemAddressRepository_Test.LargeTtlClampedToMax, which:Milliseconds::max()and ensures the address remains aftercollectGarbage().-DUBSAN=ON) on macOS:runtime error: signed integer overflowin libc++ chrono with a frame inInmemAddressRepository::calculateExpirationTime.PermanentTtlNoOverflowpasses under UBSAN with no reports.ctestinbuild(all 67 tests passed).Design note
An alternative would be to clamp large TTLs to
max_timewhile still doing duration arithmetic. This change instead mapsttl::kPermanentdirectly totime_point::max()and leaves the existing logic for other TTLs unchanged, avoiding overflow in the sentinel case while keeping the fix minimal. A separate follow‑up issue proposes modeling permanence explicitly (e.g. aPermanent | ExpiresAt(time_point)style representation) to eliminate this class of bugs long‑term.Screenshot
The PR includes a UBSAN screenshot taken from
build-ubsanshowing:UBSAN_OPTIONS=print_stacktrace=1:halt_on_error=1 ./test_bin/libp2p_inmem_address_repository_test --gtest_filter="*ReproduceKPermanentUBSAN*"(before the fix).runtime error: signed integer overflowmessage.InmemAddressRepository::calculateExpirationTimeand the repro test.Screenshot:
Closes #281