stack overrun at print_expr_struct_debug()

[n-toshikazu]

Hi, I met netopeer2-server crash when 'get' operation with long bytes subtree filter is send by netopeer2-cli.
This will be possible to be occurred in different operation like 'create-subscription'.

Proposal fix image

0001-xpath-use-open_memstream-to-avoid-stack-overrun.patch

Debugging coredump

ctx@entry=0x4d323344273d656d

On call trace lys_find_xpath_atoms() -> lyxp_expr_parse() -> print_expr_struct_debug(expr),
tmp[128] stack looks to be overrun (ctx pointer field in backtrace was overwritten by some chars).

(gdb) bt
#0 0x00007f6b455ab57d in lyxp_atomize (ctx=ctx@entry=0x4d323344273d656d,
exp=0x7f6b3802d2e0, cur_mod=cur_mod@entry=0x0,
format=format@entry=LY_VALUE_JSON, prefix_data=prefix_data@entry=0x0,
cur_scnode=cur_scnode@entry=0x22225d276e692d, ctx_scnode=,
set=, options=)
at /usr/src/debug/libyang/2.1.111-r0/src/xpath.c:9875
#1 0x00007f6b45543ff3 in lys_find_xpath_atoms (ctx=0x4d323344273d656d,
ctx@entry=0x1856e80, ctx_node=0x22225d276e692d, ctx_node@entry=0x0,
xpath=xpath@entry=0x7f6b3802e4d0 "/org-openroadm-pm:current-pm-list/current-pm-entry[pm-resource-type='port'][pm-resource-instance="/org-openroadm-device:org-openroadm-device/circuit-packs[circuit-pack-name="..., options=, options@entry=576,
set=set@entry=0x7f6b447db708)
at /usr/src/debug/libyang/2.1.111-r0/src/tree_schema.c:467
#2 0x00007f6b4547c269 in sr_modinfo_collect_xpath (ly_ctx=0x1856e80,
xpath=xpath@entry=0x7f6b3802e4d0 "/org-openroadm-pm:current-pm-list/current-pm-entry[pm-resource-type='port'][pm-resource-instance="/org-openroadm-device:org-openroadm-device/circuit-packs[circuit-pack-name="..., ds=SR_DS_RUNNING, store_xpath=store_xpath@entry=1,
dup_xpath=dup_xpath@entry=0, mod_info=mod_info@entry=0x7f6b447db7d0)
at /usr/src/debug/sysrepo/2.2.105-r0/src/modinfo.c:213

Token length that we specified in subtree filter is separated to135( > 128) bytes literal
(gdb) p exp->tokens[12]
$3 = LYXP_TOKEN_LITERAL
(gdb) p exp->tok_len[12]
$4 = 135

[michalvasko]

Alright, fixed by your patch.