Merge remote-tracking branch 'origin/topic/awelzel/no-null-strings-in-threading-vals'

* origin/topic/awelzel/no-null-strings-in-threading-vals:
  logging/Manager: Also pass non-null vector and set
  logging/Manager: Non-null strings for empty strings

CHANGES

@@ -1,3 +1,25 @@
+8.1.0-dev.97 | 2025-08-19 20:27:13 +0200
+
+  * logging/Manager: Also pass non-null vector and set (Arne Welzel, Corelight)
+
+    Primarily to align with strings and also to keep the plugin
+    API the same.
+
+  * logging/Manager: Non-null strings for empty strings (Arne Welzel, Corelight)
+
+    After #4724, empty strings would result in nullptrs being stored in the
+    threading::Value's string_val.data field instead of a valid pointer to
+    an empty strings. This upsets UBSAN's  nonnull check for memcpy()
+
+        [01:29:45.807]   ../../src/SerializationFormat.cc:80:33: runtime error: null pointer passed as argument 2, which is declared to never be null
+        [01:29:45.807]   /usr/include/string.h:44:28: note: nonnull attribute specified here
+        [01:29:45.807]       #0 0x5b2e9c933a3f in zeek::detail::SerializationFormat::WriteData(void const*, unsigned long) /zeek/build/src/../../src/SerializationFormat.cc:80:5
+        [01:29:45.807]       #1 0x5b2e9c935184 in zeek::detail::BinarySerializationFormat::Write(char const*, int, char const*) /zeek/build/src/../../src/SerializationFormat.cc:371:40
+
+    Continue to allocate the empty string for now as a fix.
+
+  * CI: Ubuntu 24.10 is eol, add Ubuntu 25.04 (Johanna Amann, Corelight)
+
 8.1.0-dev.91 | 2025-08-18 14:59:41 -0700
 
   * Add a missing header for the broker cluster serializer (Tim Wojtulewicz, Corelight)

VERSION

@@ -1 +1 @@
-8.1.0-dev.91
+8.1.0-dev.97

src/logging/Manager.cc

@@ -1511,9 +1511,6 @@ threading::Value Manager::ValToLogVal(WriterInfo* info, const Stream* stream, st
                 info->total_truncated_string_fields->Inc();
             }
 
-            if ( allowed_bytes == 0 )
-                return lval;
-
             char* buf = new char[allowed_bytes];
             memcpy(buf, s->Bytes(), allowed_bytes);
 
@@ -1569,9 +1566,6 @@ threading::Value Manager::ValToLogVal(WriterInfo* info, const Stream* stream, st
                 info->total_truncated_containers->Inc();
             }
 
-            if ( allowed_elements == 0 )
-                return lval;
-
             lval.val.set_val.vals = new threading::Value*[allowed_elements];
 
             for ( size_t i = 0; i < allowed_elements && total_record_size < max_log_record_size; i++ ) {
@@ -1600,9 +1594,6 @@ threading::Value Manager::ValToLogVal(WriterInfo* info, const Stream* stream, st
                 info->total_truncated_containers->Inc();
             }
 
-            if ( allowed_elements == 0 )
-                return lval;
-
             lval.val.vector_val.vals = new threading::Value*[allowed_elements];
 
             auto& vv = vec->RawVec();

src/threading/SerialTypes.cc

@@ -376,7 +376,10 @@ bool Value::Write(detail::SerializationFormat* fmt) const {
         case TYPE_ENUM:
         case TYPE_STRING:
         case TYPE_FILE:
-        case TYPE_FUNC: return fmt->Write(val.string_val.data, val.string_val.length, "string");
+        case TYPE_FUNC: {
+            assert(val.string_val.data);
+            return fmt->Write(val.string_val.data, val.string_val.length, "string");
+        }
 
         case TYPE_TABLE: {
             if ( ! fmt->Write(val.set_val.size, "set_size") )