util: Fix UB in SetStdinEcho when ENOTTY

[maflcko]

The call to tcgetattr may fail with ENOTTY, leaving the struct possibly uninitialized (UB).

Fix this UB by returning early when isatty fails, or when tcgetattr fails. (Same for Windows)

This can be tested by a command that fails valgrind before the change and passes after:

echo 'pipe' | valgrind --quiet ./bld-cmake/bin/bitcoin-cli -stdinrpcpass uptime

[DrahtBot]

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Reviews

See the guideline for information on the review process.

Type	Reviewers
ACK	achow101, sedited, l0rinc

If your review is incorrectly listed, please copy-paste <!--meta-tag:bot-skip--> into the comment that the bot should ignore.

Conflicts

Reviewers, this pull request conflicts with the following ones:

• #34589 (ci: Temporarily use clang in valgrind tasks by maflcko)
• #34004 (Implementation of SwiftSync by rustaceanrob)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

[l0rinc]

concept ACK

Does this enable the removal of

bitcoin/test/sanitizer_suppressions/ubsan

Line 58 in d7c9d6c

implicit-integer-sign-change:SetStdinEcho

?

[maflcko]

No, that is just a harmless warning. I guess I can refactor it a bit while touching this...

[maflcko]

Pushed that as well. Needs compilation with the integer sanitizer (-DSANITIZERS=integer, ref: https://godbolt.org/z/YGjWa89vs) and can be tested via:

UBSAN_OPTIONS="suppressions=$(pwd)/test/sanitizer_suppressions/ubsan:print_stacktrace=1:halt_on_error=1:report_error_type=1" ./bld-cmake/bin/bitcoin-cli -stdinrpcpass uptime

[luke-jr]

Since this is now checked here, should failure below log an error? (Maybe visibly so the user knows to expect echo?)

[maflcko]

I don't think an error can happen, so this seems a bit too much effort for basically dead/untested code

[maflcko]

actually, done with a simple fputs and a string literal for each case

[luke-jr]

Probably should do the case before the bitwise negation?

[maflcko]

I don't think it matters here, because everything will be compiled down to the same executable anyway and this is just to silence a harmless ubsan warning.

[achow101]

ACK fa6af85

[sedited]

ACK fa6af85

Was thinking why we don't just throw on these errors, but I think printing something to stderr is the correct thing to do, and introducing exceptions was discussed in the original PR: #13716 (comment) .

[maflcko]

Was thinking why we don't just throw on these errors, but I think printing something to stderr is the correct thing to do, and introducing exceptions was discussed in the original PR: #13716 (comment) .

I think that was referring to the test/lint/lint-locale-dependence.py exception. But yeah, printing to stderr seems sufficient and aborting the whole program may not be needed.

[l0rinc]

lightly tested code review ACK fa6af85

Thanks for fixing these and removing the suppressions - they always make me nervous.

[fanquake]

Backported to 30.x in #34689.