heap-buffer-overflow (WRITE of size 1) in sdb_json_indent and doIndent #150
Comments
|
Thanks!
… On 10 Apr 2018, at 21:40, geeknik ***@***.***> wrote:
While testing sdb (85eeb0e), I was able to trigger a heap-buffer-overflow in sdb_json_indent with a simple JSON file: test002.json.gz
./sdb - < test002.json
==8501==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000000051 at pc 0x000000509ea0 bp 0x7ffc06785d60 sp 0x7ffc06785d58
WRITE of size 1 at 0x603000000051 thread T0
#0 0x509e9f in sdb_json_indent /root/sdb/src/./json/indent.c:104:5
#1 0x514646 in sdb_querys /root/sdb/src/query.c:790:16
#2 0x51233b in sdb_query /root/sdb/src/query.c:840:8
#3 0x4ee616 in main /root/sdb/src/main.c:496:13
#4 0x7fbf583121c0 in __libc_start_main /build/glibc-itYbWN/glibc-2.26/csu/../csu/libc-start.c:308
#5 0x41aa39 in _start (/root/sdb/src/sdb+0x41aa39)
0x603000000051 is located 0 bytes to the right of 17-byte region [0x603000000040,0x603000000051)
allocated by thread T0 here:
#0 0x4c0a33 in malloc /b/build/slave/linux_upload_clang/build/src/third_party/llvm/compiler-rt/lib/asan/asan_malloc_linux.cc:88:3
#1 0x508f8b in sdb_json_indent /root/sdb/src/./json/indent.c:53:6
SUMMARY: AddressSanitizer: heap-buffer-overflow /root/sdb/src/./json/indent.c:104:5 in sdb_json_indent
During the same testing period, I was also able to trigger a similar heap-buffer-overflow in another part of the code called doIndent with this file: test005.json.gz
./sdb - < test005.json
==20513==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000005a at pc 0x000000509eb8 bp 0x7ffd9af5e780 sp 0x7ffd9af5e778
WRITE of size 1 at 0x60300000005a thread T0
#0 0x509eb7 in doIndent /root/sdb/src/./json/indent.c:10:12
#1 0x509eb7 in sdb_json_indent /root/sdb/src/./json/indent.c:90
#2 0x514646 in sdb_querys /root/sdb/src/query.c:790:16
#3 0x51233b in sdb_query /root/sdb/src/query.c:840:8
#4 0x4ee616 in main /root/sdb/src/main.c:496:13
#5 0x7fc32dbd31c0 in __libc_start_main /build/glibc-itYbWN/glibc-2.26/csu/../csu/libc-start.c:308
#6 0x41aa39 in _start (/root/sdb/src/sdb+0x41aa39)
0x60300000005a is located 0 bytes to the right of 26-byte region [0x603000000040,0x60300000005a)
allocated by thread T0 here:
#0 0x4c0a33 in malloc /b/build/slave/linux_upload_clang/build/src/third_party/llvm/compiler-rt/lib/asan/asan_malloc_linux.cc:88:3
#1 0x508f8b in sdb_json_indent /root/sdb/src/./json/indent.c:53:6
SUMMARY: AddressSanitizer: heap-buffer-overflow /root/sdb/src/./json/indent.c:10:12 in doIndent
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
While testing sdb (
85eeb0e), I was able to trigger a heap-buffer-overflow insdb_json_indentwith a simple JSON file: test002.json.gz./sdb - < test002.jsonDuring the same testing period, I was also able to trigger a similar heap-buffer-overflow in another part of the code called
doIndentwith this file: test005.json.gz./sdb - < test005.jsonThe text was updated successfully, but these errors were encountered: