Open retpoline opened 3 years ago
@retpoline running osmx on untrusted .osmx file input seems like a nonstandard use case. Can you explain how the fuzz tester works? Considering an .osmx file is just an LMDB database, it seems like this parsing issue is relevant to any LMDB database? https://bugs.openldap.org/buglist.cgi?component=liblmdb&product=LMDB&resolution=---
@bdon thanks for looking into this.
Well, in general file parsers should not crash on malformed filed and ideally should handle error conditions that would otherwise cause them to crash gracefully instead. The fuzz testing performed was to check if the parser would handle invalid files or crash when parsing them.
As far as parsing an untrusted file as a nonstandard use case, I'd say although osmx files are different file types than doc, jpeg or other types of files, we still expect to be able to open a word document and if it contains errors, Word says eg. "Invalid file content" instead of crashing or allowing the file contents to dictate control over process memory. So that's why its a good idea to fix crashes in such scenarios.
Hmm other parses that operate on LMDB databases may crash on malformed input as well and if so, should be hardened to gracefully exit with an error message instead of allowing memory to get corrupted as well.
Hi there,
During fuzz testing of the OSMX parsing there were a couple crashes discovered. Although these files only crash the apps, they could potentially be crafted further into security issues where a malformed OSMX file would be able compromise the process's memory through memory corruption, so hardening the code to prevent these kinds of bugs would be great.
You can download the crashing files in a zip from Ufile to debug and understand where the code is crashing.
Here's a snip of one of the crash logs.
Thanks!