Create apisec-scan.yml #2
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Lagrang3
pushed a commit
that referenced
this pull request
Oct 15, 2025
Changelog-None: 'closing_signed' and 'closing_complete' are channel closing negotiation messages defined in BOLT #2. While 'closing_signed' has a wire fuzz test, 'closing_complete' does not. Add a test to perform a round-trip encoding check (towire -> fromwire) similar to the other wire fuzzers.
Lagrang3
pushed a commit
that referenced
this pull request
Oct 15, 2025
Changelog-None: 'closing_signed' and 'closing_sig' are channel closing negotiation messages defined in BOLT #2. While 'closing_signed' has a wire fuzz test, 'closing_sig' does not. Add a test to perform a round-trip encoding check (towire -> fromwire) similar to the other wire fuzzers.
Lagrang3
pushed a commit
that referenced
this pull request
Oct 24, 2025
This was changing all the time when I tried to make autogenerate-rpc-examples.py reproducible. Turns out it was being corrupted (it does suspicious things with pointers); rather than try to diagnose it, I simply rewrote the code to create it only when we need it. ``` Valgrind error file: valgrind-errors.34506 ==34506== Uninitialised byte(s) found during client check request ==34506== at 0x241732: memcheck_ (mem.h:247) ==34506== by 0x2417BC: towire (towire.c:17) ==34506== by 0x24185C: towire_u16 (towire.c:28) ==34506== by 0x20C8E4: towire_tlv_scb_tlvs_remote_to_self_delay (scb_wiregen.c:213) ==34506== by 0x240E78: towire_tlv (tlvstream.c:342) ==34506== by 0x20C99F: towire_tlv_scb_tlvs (scb_wiregen.c:234) ==34506== by 0x20C298: towire_modern_scb_chan (scb_wiregen.c:89) ==34506== by 0x1A6CF3: json_add_scb (peer_control.c:2488) ==34506== by 0x1A6E0C: json_staticbackup (peer_control.c:2519) ==34506== by 0x177E3F: command_exec (jsonrpc.c:799) ==34506== by 0x1785AE: rpc_command_hook_final (jsonrpc.c:945) ==34506== by 0x1BEC2D: plugin_hook_call_next (plugin_hook.c:199) ==34506== Address 0x1ffeffe736 is on thread 1's stack ==34506== in frame #2, created by towire_u16 (towire.c:26) ==34506== { <insert_a_suppression_name_here> Memcheck:User fun:memcheck_ fun:towire fun:towire_u16 fun:towire_tlv_scb_tlvs_remote_to_self_delay fun:towire_tlv fun:towire_tlv_scb_tlvs fun:towire_modern_scb_chan fun:json_add_scb fun:json_staticbackup fun:command_exec fun:rpc_command_hook_final fun:plugin_hook_call_next } ==34506== Uninitialised byte(s) found during client check request ==34506== at 0x241732: memcheck_ (mem.h:247) ==34506== by 0x2417BC: towire (towire.c:17) ==34506== by 0x240EF0: towire_tlv (tlvstream.c:354) ==34506== by 0x20C99F: towire_tlv_scb_tlvs (scb_wiregen.c:234) ==34506== by 0x20C298: towire_modern_scb_chan (scb_wiregen.c:89) ==34506== by 0x1A6CF3: json_add_scb (peer_control.c:2488) ==34506== by 0x1A6E0C: json_staticbackup (peer_control.c:2519) ==34506== by 0x177E3F: command_exec (jsonrpc.c:799) ==34506== by 0x1785AE: rpc_command_hook_final (jsonrpc.c:945) ==34506== by 0x1BEC2D: plugin_hook_call_next (plugin_hook.c:199) ==34506== by 0x1BEBA8: plugin_hook_callback (plugin_hook.c:186) ==34506== by 0x1B771E: plugin_response_handle (plugin.c:705) ==34506== Address 0x7bd1d08 is 40 bytes inside a block of size 42 alloc'd ==34506== at 0x484DCD3: realloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==34506== by 0x3C8614: tal_resize_ (tal.c:755) ==34506== by 0x2417A2: towire (towire.c:14) ==34506== by 0x24185C: towire_u16 (towire.c:28) ==34506== by 0x20C8E4: towire_tlv_scb_tlvs_remote_to_self_delay (scb_wiregen.c:213) ==34506== by 0x240E78: towire_tlv (tlvstream.c:342) ==34506== by 0x20C99F: towire_tlv_scb_tlvs (scb_wiregen.c:234) ==34506== by 0x20C298: towire_modern_scb_chan (scb_wiregen.c:89) ==34506== by 0x1A6CF3: json_add_scb (peer_control.c:2488) ==34506== by 0x1A6E0C: json_staticbackup (peer_control.c:2519) ==34506== by 0x177E3F: command_exec (jsonrpc.c:799) ==34506== by 0x1785AE: rpc_command_hook_final (jsonrpc.c:945) ==34506== ``` Signed-off-by: Rusty Russell <[email protected]>
Lagrang3
pushed a commit
that referenced
this pull request
Oct 24, 2025
And add a check for new uses creeping in, since it got cut & paste
everywhere.
This means "this is a valid string, but truncate it to this many characters"
vs "%.*s" which means "only read this many characters of string":
```
['lightningd-3 2025-10-23T02:31:40.890Z **BROKEN** plugin-funder: Plugin marked as important, shutting down lightningd!']
--------------------------- Captured stderr teardown ---------------------------
#0 0x557da58ad1dc in printf_common(void*, char const*, __va_list_tag*) asan_interceptors.cpp.o
#1 0x557da5aff814 in json_out_addv /home/runner/work/lightning/lightning/ccan/ccan/json_out/json_out.c:239:11
#2 0x557da59740ce in plugin_logv /home/runner/work/lightning/lightning/plugins/libplugin.c:1777:2
ElementsProject#3 0x557da5969b6f in plugin_log /home/runner/work/lightning/lightning/plugins/libplugin.c:1934:2
ElementsProject#4 0x557da595c4f6 in datastore_del_success /home/runner/work/lightning/lightning/plugins/funder.c:161:2
ElementsProject#5 0x557da598b837 in handle_rpc_reply /home/runner/work/lightning/lightning/plugins/libplugin.c:1072:10
ElementsProject#6 0x557da598a4b0 in rpc_conn_read_response /home/runner/work/lightning/lightning/plugins/libplugin.c:1361:3
ElementsProject#7 0x557da5adbea5 in next_plan /home/runner/work/lightning/lightning/ccan/ccan/io/io.c:60:9
ElementsProject#8 0x557da5ae06ff in do_plan /home/runner/work/lightning/lightning/ccan/ccan/io/io.c:422:8
ElementsProject#9 0x557da5adfb58 in io_ready /home/runner/work/lightning/lightning/ccan/ccan/io/io.c:439:10
ElementsProject#10 0x557da5aec2ce in io_loop /home/runner/work/lightning/lightning/ccan/ccan/io/poll.c:455:5
ElementsProject#11 0x557da59757ac in plugin_main /home/runner/work/lightning/lightning/plugins/libplugin.c:2409:3
ElementsProject#12 0x557da594fe23 in main /home/runner/work/lightning/lightning/plugins/funder.c:1723:2
ElementsProject#13 0x7f6572229d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
ElementsProject#14 0x7f6572229e3f in __libc_start_main csu/../csu/libc-start.c:392:3
ElementsProject#15 0x557da588b584 in _start (/home/runner/work/lightning/lightning/plugins/funder+0x10d584) (BuildId: 71ba63ab577fc6fa60573d3e8555f6db7d5c584d)
0x624000009d28 is located 0 bytes to the right of 7208-byte region [0x624000008100,0x624000009d28)
allocated by thread T0 here:
#0 0x557da590e7f6 in __interceptor_realloc (/home/runner/work/lightning/lightning/plugins/funder+0x1907f6) (BuildId: 71ba63ab577fc6fa60573d3e8555f6db7d5c584d)
#1 0x557da5b2149b in tal_resize_ /home/runner/work/lightning/lightning/ccan/ccan/tal/tal.c:755:13
#2 0x557da59f2032 in membuf_tal_resize /home/runner/work/lightning/lightning/common/utils.c:203:2
ElementsProject#3 0x557da5b03934 in membuf_prepare_space_ /home/runner/work/lightning/lightning/ccan/ccan/membuf/membuf.c:45:12
ElementsProject#4 0x557da59d4289 in jsonrpc_io_read_ /home/runner/work/lightning/lightning/common/jsonrpc_io.c:127:2
ElementsProject#5 0x557da598a635 in rpc_conn_read_response /home/runner/work/lightning/lightning/plugins/libplugin.c:1366:9
ElementsProject#6 0x557da5adbea5 in next_plan /home/runner/work/lightning/lightning/ccan/ccan/io/io.c:60:9
ElementsProject#7 0x557da5ae06ff in do_plan /home/runner/work/lightning/lightning/ccan/ccan/io/io.c:422:8
ElementsProject#8 0x557da5adfb58 in io_ready /home/runner/work/lightning/lightning/ccan/ccan/io/io.c:439:10
ElementsProject#9 0x557da5aec2ce in io_loop /home/runner/work/lightning/lightning/ccan/ccan/io/poll.c:455:5
ElementsProject#10 0x557da59757ac in plugin_main /home/runner/work/lightning/lightning/plugins/libplugin.c:2409:3
ElementsProject#11 0x557da594fe23 in main /home/runner/work/lightning/lightning/plugins/funder.c:1723:2
ElementsProject#12 0x7f6572229d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
SUMMARY: AddressSanitizer: heap-buffer-overflow asan_interceptors.cpp.o in printf_common(void*, char const*, __va_list_tag*)
Shadow bytes around the buggy address:
0x0c487fff9350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c487fff9360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c487fff9370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c487fff9380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c487fff9390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c487fff93a0: 00 00 00 00 00[fa]fa fa fa fa fa fa fa fa fa fa
0x0c487fff93b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c487fff93c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c487fff93d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c487fff93e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c487fff93f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==26122==ABORTING
```
Signed-off-by: Rusty Russell <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Important
25.09 FREEZE July 28TH: Non-bugfix PRs not ready by this date will wait for 25.12.
RC1 is scheduled on August 11th
The final release is scheduled for September 1st.
Checklist
Before submitting the PR, ensure the following tasks are completed. If an item is not applicable to your PR, please mark it as checked: