On 5/4/23 11:26 PM, Karthick Bhaskar wrote:
Subject: eBPF verifier does not check pointer's pointing location
before doing memcpy.
Hi Team,
static __always_inline void ebpf_memcpy(void *dst, const void
*src, int len) {
for (int i = 0; i < 3; i++) {
((char *)dst)[i] = ((const char *)src)[i];
}
}
In the above code, i am passing a char pointer without allocating any
memory to it. But the verifier didn't throw any error or warning, as a
result, during run time it didn't execute " ((char *)dst)[i] = ((const
char *)src)[i]; instruction and return. Fundamentally it is incorrect.
Since the memcpy is not executed at runtime, I suspect the verifier
decided it is dead code and hence no verification error.
If you think my above guess is not right, you can post complete
test here so people can help you to check whether there is a
verifier bug or not.
If we execute the same expression in the standard 'C' it must have
thrown a "Segmentation fault" error.
Thanks,
Karthick.
