From 0c770947daa53c0ed33c034b47f888b7104c2574 Mon Sep 17 00:00:00 2001
From: Sylvain Didelot <sdidelot@ddn.com>
Date: Thu, 6 Jul 2017 22:08:27 +0200
Subject: [PATCH] core: fix invalid read reported by address sanitizer

=================================================================
==849267== ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff4caa7230 at pc 0x7ffdf8608687 bp 0x7fff4caa71b0 sp 0x7fff4caa71a0
READ of size 8 at 0x7fff4caa7230 thread T0
    #0 0x7ffdf8608686 in fi_tostr_ libfabric-current/src/fi_tostr.c:618
    #1 0x402f3a in run_test_set ofi/libfabric-current/fabtest/unit/size_left_test.c:262
    #2 0x403457 in main libfabric-current/fabtest/unit/size_left_test.c:317
    #3 0x7ffdf4819b14 in __libc_start_main (/usr/lib64/libc.so.6+0x21b14)
    #4 0x401988 in _start (libfabric-1.4.0/ofi_inst/bin/fi_size_left_test+0x401988)
Address 0x7fff4caa7230 is located at offset 32 in frame <run_test_set> of T0's stack:
  This frame has 2 object(s):
    [32, 36) 'ep_type'
    [96, 104) 'info'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow libfabric-current/src/fi_tostr.c:618 fi_tostr_
Shadow bytes around the buggy address:
  0x10006994cdf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006994ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006994ce10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006994ce20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006994ce30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10006994ce40: 00 00 f1 f1 f1 f1[04]f4 f4 f4 f2 f2 f2 f2 00 f4
  0x10006994ce50: f4 f4 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
  0x10006994ce60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006994ce70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006994ce80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006994ce90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:     fa
  Heap righ redzone:     fb
  Freed Heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==849267== ABORTING

Signed-off-by: Sylvain Didelot <sdidelot@ddn.com>
---
 src/fi_tostr.c | 44 ++++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/src/fi_tostr.c b/src/fi_tostr.c
index 810c31f3035..d6768a5802a 100644
--- a/src/fi_tostr.c
+++ b/src/fi_tostr.c
@@ -640,16 +640,16 @@ __attribute__((visibility ("default")))
 char *DEFAULT_SYMVER_PRE(fi_tostr)(const void *data, enum fi_type datatype)
 {
 	static char *buf = NULL;
-	uint64_t val64;
-	uint32_t val32;
-	int enumval;
+	const uint64_t *val64;
+	const uint32_t *val32;
+	const int *enumval;
 
 	if (!data)
 		return NULL;
 
-	val64 = *(const uint64_t *) data;
-	val32 = *(const uint32_t *) data;
-	enumval = *(const int *) data;
+	val64 = (const uint64_t *) data;
+	val32 = (const uint32_t *) data;
+	enumval = (const int *) data;
 
 	if (!buf) {
 		buf = calloc(FI_BUFSIZ, 1);
@@ -663,16 +663,16 @@ char *DEFAULT_SYMVER_PRE(fi_tostr)(const void *data, enum fi_type datatype)
 		fi_tostr_info(buf, data);
 		break;
 	case FI_TYPE_EP_TYPE:
-		fi_tostr_ep_type(buf, enumval);
+		fi_tostr_ep_type(buf, *enumval);
 		break;
 	case FI_TYPE_CAPS:
-		fi_tostr_caps(buf, val64);
+		fi_tostr_caps(buf, *val64);
 		break;
 	case FI_TYPE_OP_FLAGS:
-		fi_tostr_flags(buf, val64);
+		fi_tostr_flags(buf, *val64);
 		break;
 	case FI_TYPE_ADDR_FORMAT:
-		fi_tostr_addr_format(buf, val32);
+		fi_tostr_addr_format(buf, *val32);
 		break;
 	case FI_TYPE_TX_ATTR:
 		fi_tostr_tx_attr(buf, data, "");
@@ -690,44 +690,44 @@ char *DEFAULT_SYMVER_PRE(fi_tostr)(const void *data, enum fi_type datatype)
 		fi_tostr_fabric_attr(buf, data, "");
 		break;
 	case FI_TYPE_THREADING:
-		fi_tostr_threading(buf, enumval);
+		fi_tostr_threading(buf, *enumval);
 		break;
 	case FI_TYPE_PROGRESS:
-		fi_tostr_progress(buf, enumval);
+		fi_tostr_progress(buf, *enumval);
 		break;
 	case FI_TYPE_PROTOCOL:
-		fi_tostr_protocol(buf, val32);
+		fi_tostr_protocol(buf, *val32);
 		break;
 	case FI_TYPE_MSG_ORDER:
-		fi_tostr_order(buf, val64);
+		fi_tostr_order(buf, *val64);
 		break;
 	case FI_TYPE_MODE:
-		fi_tostr_mode(buf, val64);
+		fi_tostr_mode(buf, *val64);
 		break;
 	case FI_TYPE_AV_TYPE:
-		fi_tostr_av_type(buf, enumval);
+		fi_tostr_av_type(buf, *enumval);
 		break;
 	case FI_TYPE_ATOMIC_TYPE:
-		fi_tostr_atomic_type(buf, enumval);
+		fi_tostr_atomic_type(buf, *enumval);
 		break;
 	case FI_TYPE_ATOMIC_OP:
-		fi_tostr_atomic_op(buf, enumval);
+		fi_tostr_atomic_op(buf, *enumval);
 		break;
 	case FI_TYPE_VERSION:
 		fi_tostr_version(buf);
 		break;
 	case FI_TYPE_EQ_EVENT:
-		fi_tostr_eq_event(buf, enumval);
+		fi_tostr_eq_event(buf, *enumval);
 		break;
 	case FI_TYPE_CQ_EVENT_FLAGS:
-		fi_tostr_cq_event_flags(buf, val64);
+		fi_tostr_cq_event_flags(buf, *val64);
 		break;
 	case FI_TYPE_MR_MODE:
 		/* mr_mode was an enum converted to int flags */
-		fi_tostr_mr_mode(buf, enumval);
+		fi_tostr_mr_mode(buf, *enumval);
 		break;
 	case FI_TYPE_OP_TYPE:
-		fi_tostr_op_type(buf, enumval);
+		fi_tostr_op_type(buf, *enumval);
 		break;
 	default:
 		strcatf(buf, "Unknown type");