opentelemetry-cpp
opentelemetry-cpp copied to clipboard
open-telemetry
[CRASH] Segmentation fault in `LogRecordSetterTrait<EventId>` for events without a name
Describe your environment opentelemetry-cpp v1.18.0 (I found this bug in v1.11.0)
Steps to reproduce
#include <memory>
#include <utility>
#include <opentelemetry/exporters/ostream/log_record_exporter.h>
#include <opentelemetry/logs/event_id.h>
#include <opentelemetry/logs/logger_provider.h>
#include <opentelemetry/logs/provider.h>
#include <opentelemetry/sdk/logs/exporter.h>
#include <opentelemetry/sdk/logs/logger_provider_factory.h>
#include <opentelemetry/sdk/logs/simple_log_record_processor_factory.h>
int main()
{
auto exporter = std::unique_ptr<opentelemetry::sdk::logs::LogRecordExporter>(
new opentelemetry::exporter::logs::OStreamLogRecordExporter
);
auto processor = opentelemetry::sdk::logs::SimpleLogRecordProcessorFactory::Create(std::move(exporter));
std::shared_ptr<opentelemetry::sdk::logs::LoggerProvider> sdk_provider(
opentelemetry::sdk::logs::LoggerProviderFactory::Create(std::move(processor))
);
const std::shared_ptr<opentelemetry::logs::LoggerProvider> &api_provider = sdk_provider;
opentelemetry::logs::Provider::SetLoggerProvider(api_provider);
const opentelemetry::logs::EventId event(123);
auto logger = opentelemetry::logs::Provider::GetLoggerProvider()->GetLogger("example");
logger->Info(event, "Hello!");
return 0;
}
What is the expected behavior? No crash
What is the actual behavior? Segmentation fault
==227163==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x78818718b75d bp 0x7fff85666470 sp 0x7fff85665c28 T0)
==227163==The signal is caused by a READ memory access.
==227163==Hint: address points to the zero page.
#0 0x78818718b75d in __strlen_avx2 string/../sysdeps/x86_64/multiarch/strlen-avx2.S:76
#1 0x5ca9ba53df27 in strlen (/home/volodymyr/work/github/otel-heap-use-after-free/build/bug-repro+0x56f27) (BuildId: 3d0c8da11893a8ba14a9592b3606f7c585b371f5)
#2 0x5ca9ba60f320 in opentelemetry::v1::nostd::string_view::string_view(char const*) /home/volodymyr/work/github/otel-heap-use-after-free/build/vcpkg_installed/x64-linux/include/opentelemetry/nostd/string_view.h:46:51
#3 0x5ca9ba613371 in opentelemetry::v1::logs::LogRecord* opentelemetry::v1::logs::detail::LogRecordSetterTrait<opentelemetry::v1::logs::EventId>::Set<opentelemetry::v1::logs::EventId const&>(opentelemetry::v1::logs::LogRecord*, opentelemetry::v1::logs::EventId const&) /home/volodymyr/work/github/otel-heap-use-after-free/build/vcpkg_installed/x64-linux/include/opentelemetry/logs/logger_type_traits.h:50:37
#4 0x5ca9ba619f57 in void opentelemetry::v1::logs::Logger::EmitLogRecord<opentelemetry::v1::logs::Severity, opentelemetry::v1::logs::EventId const&, char const (&) [7]>(opentelemetry::v1::nostd::unique_ptr<opentelemetry::v1::logs::LogRecord>&&, opentelemetry::v1::logs::Severity&&, opentelemetry::v1::logs::EventId const&, char const (&) [7]) /home/volodymyr/work/github/otel-heap-use-after-free/build/vcpkg_installed/x64-linux/include/opentelemetry/logs/logger.h:76:9
#5 0x5ca9ba619d18 in void opentelemetry::v1::logs::Logger::EmitLogRecord<opentelemetry::v1::logs::Severity, opentelemetry::v1::logs::EventId const&, char const (&) [7]>(opentelemetry::v1::logs::Severity&&, opentelemetry::v1::logs::EventId const&, char const (&) [7]) /home/volodymyr/work/github/otel-heap-use-after-free/build/vcpkg_installed/x64-linux/include/opentelemetry/logs/logger.h:104:5
#6 0x5ca9ba60fb0b in void opentelemetry::v1::logs::Logger::Info<opentelemetry::v1::logs::EventId const&, char const (&) [7]>(opentelemetry::v1::logs::EventId const&, char const (&) [7]) /home/volodymyr/work/github/otel-heap-use-after-free/build/vcpkg_installed/x64-linux/include/opentelemetry/logs/logger.h:176:11
#7 0x5ca9ba60eff4 in main /home/volodymyr/work/github/otel-heap-use-after-free/repro.cpp:30:13
#8 0x78818702a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#9 0x78818702a28a in __libc_start_main csu/../csu/libc-start.c:360:3
#10 0x5ca9ba524a74 in _start (/home/volodymyr/work/github/otel-heap-use-after-free/build/bug-repro+0x3da74) (BuildId: 3d0c8da11893a8ba14a9592b3606f7c585b371f5)
==227163==Register values:
rax = 0x0000000000000000 rbx = 0x0000000085666401 rcx = 0xf3f30000f1f1f1f1 rdx = 0x0000000000000000
rdi = 0x0000000000000000 rsi = 0x0000000000000000 rbp = 0x00007fff85666470 rsp = 0x00007fff85665c28
r8 = 0x0000000000000000 r9 = 0x00007fffffffff01 r10 = 0x0000000000001f01 r11 = 0xe2e30db1468c3f01
r12 = 0x0000000000000001 r13 = 0x0000000000000000 r14 = 0x0000000000000000 r15 = 0x00007881877eb000
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV string/../sysdeps/x86_64/multiarch/strlen-avx2.S:76 in __strlen_avx2
==227163==ABORTING
Additional context
- An
EventIdis created with an emptyname_:EventId(int64_t id) noexcept : id_{id}, name_{nullptr} {}(ref) - The
EventIdis passed toLogger::Info(), then toEmitLogRecord(). LogRecordSetterTrait<EventId>is invoked to set the Event ID for theLogRecord:log_record->SetEventId(arg.id_, nostd::string_view{arg.name_.get()});(ref)- Because
EventId::name_holds anullptrvalue,nostd::string_view()is constructed withnullptr. nostd::string_view::string_view(const char*)gets invoked, and it callsstd::strlen()on anullptr, crashing the application.
For this particular bug, the fix could be
diff --git a/api/include/opentelemetry/logs/logger_type_traits.h b/api/include/opentelemetry/logs/logger_type_traits.h
index d88a6ffb..83a78c4d 100644
--- a/api/include/opentelemetry/logs/logger_type_traits.h
+++ b/api/include/opentelemetry/logs/logger_type_traits.h
@@ -47,7 +47,7 @@ struct LogRecordSetterTrait<EventId>
template <class ArgumentType>
inline static LogRecord *Set(LogRecord *log_record, ArgumentType &&arg) noexcept
{
- log_record->SetEventId(arg.id_, nostd::string_view{arg.name_.get()});
+ log_record->SetEventId(arg.id_, nostd::string_view{arg.name_ ? arg.name_.get() : ""});
return log_record;
}
However, it would be interesting to try to find other places where a similar bug is present.
Another possible bug: https://github.com/sjinks/opentelemetry-cpp/blob/f1b5fbdedd5beb7e7ca6aacfb3f430686d694d9c/exporters/etw/include/opentelemetry/exporters/etw/etw_properties.h#L303-L304
const char *data = nostd::get<const char *>(*this);
return nostd::string_view(data, (data) ? strlen(data) : 0);
In C++17, when std::string_view is used as nonstd::string_view, it is undefined behavior to construct a string_view from nullptr.
Maybe
- return nostd::string_view(data, (data) ? strlen(data) : 0);
+ return data ? nostd::string_view(data, strlen(data)) : nostd::string_view();
For this particular bug, the fix could be
diff --git a/api/include/opentelemetry/logs/logger_type_traits.h b/api/include/opentelemetry/logs/logger_type_traits.h index d88a6ffb..83a78c4d 100644 --- a/api/include/opentelemetry/logs/logger_type_traits.h +++ b/api/include/opentelemetry/logs/logger_type_traits.h @@ -47,7 +47,7 @@ struct LogRecordSetterTrait<EventId> template <class ArgumentType> inline static LogRecord *Set(LogRecord *log_record, ArgumentType &&arg) noexcept { - log_record->SetEventId(arg.id_, nostd::string_view{arg.name_.get()}); + log_record->SetEventId(arg.id_, nostd::string_view{arg.name_ ? arg.name_.get() : ""}); return log_record; }However, it would be interesting to try to find other places where a similar bug is present.
Thanks, @ThomsonTan I'm not sure about the specification of event id. could you please check if it's OK to let event name be empty or set a default name?
According to https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/event-api.md#eventlogger and https://github.com/open-telemetry/semantic-conventions/blob/main/docs/general/events.md#event-definition .
In my understanding, a event only has event.name attribute, event.id and event.domain are removed in the latest specification.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}