DaveGamble / cJSON

Ultralightweight JSON parser in ANSI C
MIT License
10.88k stars 3.23k forks source link

ASAN detects a 3 byte overstep in the call to cJSON_ParseWithOpts #778

Open lhzasd opened 1 year ago

lhzasd commented 1 year ago

==376==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x007f78003b43 at pc 0x007f7f67c14c bp 0x007fc3abf850 sp 0x007fc3abf8c8 READ of size 708 at 0x007f78003b43 thread T0

0 0x7f7f67c14b in __interceptor_strlen /home/tcwg-buildslave/workspace/tcwg-make-release_0/snapshots/gcc.git~linaro-7.5-2019.12/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:225

#1 0x7f7de49c6b in cJSON_ParseWithOpts (/usrdata/lib/libcjson.so.1+0x3c6b)

0x007f78003b43 is located 0 bytes to the right of 707-byte region [0x007f78003880,0x007f78003b43) allocated by thread T0 here:

0 0x7f7f6faaab in operator new[](unsigned long)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/tcwg-buildslave/workspace/tcwg-make-release_0/snapshots/gcc.git~linaro-7.5-2019.12/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:225 in __interceptor_strlen

Shadow bytes around the buggy address: 0x001fef000710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x001fef000720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x001fef000730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x001fef000740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x001fef000750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x001fef000760: 00 00 00 00 00 00 00 00[03]fa fa fa fa fa fa fa 0x001fef000770: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x001fef000780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x001fef000790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x001fef0007a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x001fef0007b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb

niooss-ledger commented 6 months ago

Hello, could you please try to reproduce your issue with the latest release (v1.7.18)? This release fixed a heap buffer overflow too and I am wondering whether your issue was also fixed.