log: Check that the timestamp string is non-empty to avoid undefined behavior #27317

pull john-moffett wants to merge 1 commits into bitcoin:master from john-moffett:2023_04_FixTimestampPotentialUB changing 1 files +1 −1
  1. john-moffett commented at 7:20 pm on March 23, 2023: contributor

    Follow-up to #27233

    The current FormatISO8601DateTime function will return an empty string if it encounters an error when converting the int64_t seconds-since-epoch to a formatted date time. In the unlikely case that happens, here strStamped.pop_back() would be undefined behavior.

  2. DrahtBot commented at 7:20 pm on March 23, 2023: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK stickies-v, MarcoFalke

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

  3. DrahtBot added the label Utils/log/libs on Mar 23, 2023
  4. Check that the Timestamp String is valid
    The current `FormatISO8601DateTime` function will
    return an empty string if it encounters an error
    when converting the `int64_t` seconds since epoch
    to a formatted date time. In the unlikely case that happens,
    `strStamped.pop_back()` would be undefined behavior.
    73f4eb511c
  5. in src/logging.cpp:356 in e68230a98e outdated
    351@@ -352,9 +352,13 @@ std::string BCLog::Logger::LogTimestampStr(const std::string& str)
    352         const auto now{SystemClock::now()};
    353         const auto now_seconds{std::chrono::time_point_cast<std::chrono::seconds>(now)};
    354         strStamped = FormatISO8601DateTime(TicksSinceEpoch<std::chrono::seconds>(now_seconds));
    355-        if (m_log_time_micros) {
    356-            strStamped.pop_back();
    357-            strStamped += strprintf(".%06dZ", Ticks<std::chrono::microseconds>(now - now_seconds));
    358+        if (strStamped.empty()) {
    359+            strStamped = "Error obtaining current timestamp";
    


    maflcko commented at 7:24 pm on March 23, 2023:
    This should never happen, so instead of adding dead code, what about simply combining the two if conditions?

    john-moffett commented at 7:42 pm on March 23, 2023:

    My thinking was that if it never happens, then this PR is unnecessary. If it could happen, then I’d rather have an explicit message rather than output that entirely lacks timestamps, which someone may not notice is bizarre.

    Happy to change it, though, if people prefer your approach.


    jonatack commented at 7:54 pm on March 23, 2023:
    Assuming it can happen, maybe wrap the message in, say, square brackets ("[Error obtaining current timestamp]") to be clearer in the log.

    john-moffett commented at 8:00 pm on March 23, 2023:

    I think I’ve already come around to the view that it’s so unlikely as to be not worth the additional LoC, so I’ll switch to the simpler version.

    Thanks!


    martinus commented at 4:04 pm on March 26, 2023:
    I’ve seen this happening to computers before, but never when bitcoind was running. Usually that happens when time synchronization goes wrong for whatever reason.

    maflcko commented at 7:56 am on March 27, 2023:
    If there are steps to reproduce this, it would be good to write a detection for it at Bitcoin Core init time and refuse to start the program (if this isn’t already done).
  6. john-moffett force-pushed on Mar 23, 2023
  7. in src/logging.cpp:355 in 73f4eb511c
    351@@ -352,7 +352,7 @@ std::string BCLog::Logger::LogTimestampStr(const std::string& str)
    352         const auto now{SystemClock::now()};
    353         const auto now_seconds{std::chrono::time_point_cast<std::chrono::seconds>(now)};
    354         strStamped = FormatISO8601DateTime(TicksSinceEpoch<std::chrono::seconds>(now_seconds));
    355-        if (m_log_time_micros) {
    356+        if (m_log_time_micros && !strStamped.empty()) {
    


    stickies-v commented at 4:01 pm on March 24, 2023:

    Could wrap this in an Assume() to both make it clear to the reader that it’s not supposed to happen and easier to catch any (very unexpected) bugs without crashing non-development builds?

    0        if (m_log_time_micros && Assume(!strStamped.empty())) {
    
  8. stickies-v approved
  9. stickies-v commented at 4:02 pm on March 24, 2023: contributor
    ACK 73f4eb511cf80cf52b78627347727ca02774b731
  10. hernanmarino approved
  11. maflcko commented at 8:54 am on April 5, 2023: member
    lgtm ACK 73f4eb511cf80cf52b78627347727ca02774b731
  12. fanquake merged this on Apr 5, 2023
  13. fanquake closed this on Apr 5, 2023

  14. sidhujag referenced this in commit 8040a5b31b on Apr 5, 2023
  15. bitcoin locked this on Apr 4, 2024

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-26 12:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me