fix(libmain/common-args): do not exceed maximum allowed verbosity #11853
Conversation
xokdvium
force-pushed
the
dev/fix-verbosity-overflow-and-make-verbosity-strong-type
branch
6 times, most recently
from
c490b61
to
fb75d27
Compare
There was a problem hiding this comment.
This is extremely verbose, so I'd really prefer to stick with an enum. Is there any real-world scenario where it being an enum causes a problem?
If we want to keep UBSAN happy, we could use a type specifier for the enum (enum Verbosity : uint32_t for instance).
I'm not sure I'm following you about keeping UBSAN happy. Having an enum with an incorrect value is UB and is absolutely an error. Making the underlying type a uint32_t wouldn't change anything. The problem is in the I debated just fixing the bug and clamp the value in the I do agree that this is a bit verbose, but has the benefit of guarding against unsafe implicit conversions from integral types and giving safe member functions and constructors. Now it's impossible to accidentally construct/assign an invalid As an alternative we could change it to be an IMHO this approach is best for conciseness and barely affects user code, but that's just my personal opinion. |
No. This is simply not a real-world issue. What's the problem here? That a user might specify |
|
Sorry, I might have phrased my thoughts incorrectly. By Here the verbosity does not get clamped to the maximum allowed value This actually gets asserted in some places: Lines 266 to 267 in 14edb78 Here's the minified fix to clarify what the purpose is: diff --git a/src/libmain/common-args.cc b/src/libmain/common-args.cc
index 768b2177c..9306acac4 100644
--- a/src/libmain/common-args.cc
+++ b/src/libmain/common-args.cc
@@ -17,7 +17,7 @@ MixCommonArgs::MixCommonArgs(const std::string & programName)
.shortName = 'v',
.description = "Increase the logging verbosity level.",
.category = loggingCategory,
- .handler = {[]() { verbosity = (Verbosity) (verbosity + 1); }},
+ .handler = {[]() { verbosity = (Verbosity) std::min<std::underlying_type_t<Verbosity>>(verbosity + 1, lvlVomit); }},
});
addFlag({Sorry for the poor phrasing. |
xokdvium
changed the title
The minimal fix sound good to me. @edolstra any concerns about that? |
|
In the nix meeting @edolstra said, he would be fine with the one-line fix as well. |
This patch gets rid of UB when verbosity exceeds the maximum logging value of `lvlVomit = 7` and reaches invalid values (e.g. 8). This is actually triggered in functional tests. There are too many occurrences to list, but here's one from the UBSAN log: ../src/libstore/gc.cc:610:5: runtime error: load of value 8, which is not a valid value for type 'Verbosity'
xokdvium
force-pushed
the
dev/fix-verbosity-overflow-and-make-verbosity-strong-type
branch
from
fb75d27
to
b9f8c4a
Compare
|
@Mic92, pushed the minimal fix. Sorry once again for poor wording and for going a bit over the top with the initial patch. |
|
@mergify queue |
🟠 Waiting for conditions to match
|
xokdvium
deleted the
dev/fix-verbosity-overflow-and-make-verbosity-strong-type
branch
Motivation
This patch gets rid of UB when verbosity exceeds the maximum logging value of
lvlVomit = 7andreaches invalid values (e.g. 8). This is actually triggered in functional tests.
There are too many occurrences to list, but here's one from the UBSAN log:
../src/libstore/gc.cc:610:5: runtime error: load of value 8, which is not a valid value for type 'Verbosity'Context
#10969
Priorities and Process
Add 👍 to pull requests you find important.
The Nix maintainer team uses a GitHub project board to schedule and track reviews.