Open huamuyichun opened 4 months ago
So in this function you should first determine if the pointer is pointing to the correct memory address, and then call the strlen() function.
This is impossible to do in a portable manner. Also, your spec is UB, you can't cast an invalid pointer value. It is safe to assume that your program won't work correctly if you invoke UB. C is a memory unsafe language.
You're passing an invalid memory address to a public API function. It expects the caller to pass a pointer to a valid address.
The function already checks for a null pointer value, and that's all it can do. There is no magic pointer validating in low-level code. The responsibility of not feeding garbage pointers is on the programmer who calls the API methods. This is not a philosophical question but a practical reality.
So in this function you should first determine if the pointer is pointing to the correct memory address, and then call the strlen() function.
As @snake-4 and @imaami said, C is memory unsafe language, which means there is no way to achieve this.
Bug Report
Required Info:
Steps to reproduce issue:
Hi, while fuzz testing FreeRTOS using Syzkaller, I encountered an illegal memory access error in the
cJSON
module. this is my SPEC which can trigger the bugError Report
During the fuzzing process, I received the following error report:
It appears there is an illegal access at
components/json/cJSON/cJSON.c
in thecJSON_ParseWithOpts
function. The specific error occurs on this linebuffer_length = strlen(value) + sizeof("");
If the value string is pointing to an illegal memory address, then an illegal memory access occurs whenstrlen()
is called. So in this function you should first determine if the pointer is pointing to the correct memory address, and then call thestrlen()
function.Expected Behavior
The program should execute without any memory errors or crashes.
Actual Behavior
The program crashes with an unhandled exception indicating an illegal memory access error.
Additional Information
I would greatly appreciate it if you could review this bug report. Any suggestions or feedback you can provide would be very helpful. Thank you for your time.