search

brave-experiments / ad-block

Ad block engine used in the Brave browser for ABP filter syntax based lists like EasyList.
https://www.brave.com
Mozilla Public License 2.0
239 stars 95 forks source link

Fix parse filter memory access of an invalid byte from valgrind #209

Closed bbondy closed 5 years ago

bbondy commented 5 years ago

valgrind parsing can lead to a memory access error for host anchored filters like: ||example.com| where it wrongly parsed the host as | instead of example.com

==11821== Invalid read of size 1
==11821==    at 0x100004201: AdBlockClient::getFingerprint(char*, char const*) (ad_block_client.cc:142)
==11821==    by 0x1000043D8: AdBlockClient::getFingerprint(char*, Filter const&) (ad_block_client.cc:188)
==11821==    by 0x100004B3E: parseFilter(char const*, char const*, Filter*, BloomFilter*, BloomFilter*, HashSet<Filter>*, HashSet<Filter>*, HashSet<CosmeticFilter>*, bool) (ad_block_client.cc:469)
==11821==    by 0x100006BFA: AdBlockClient::parse(char const*, bool) (ad_block_client.cc:1153)
==11821==    by 0x1000017B8: main (perf.cc:92)
==11821==  Address 0x101627ae3 is 0 bytes after a block of size 19 alloc'd
==11821==    at 0x100102086: malloc (in /usr/local/Cellar/valgrind/3.14.0/lib/valgrind/vgpreload_memcheck-amd64-darwin.so)
==11821==    by 0x1001CF627: operator new(unsigned long) (in /usr/lib/libc++abi.dylib)
==11821==    by 0x100004A14: parseFilter(char const*, char const*, Filter*, BloomFilter*, BloomFilter*, HashSet<Filter>*, HashSet<Filter>*, HashSet<CosmeticFilter>*, bool) (ad_block_client.cc:448)
==11821==    by 0x100006BFA: AdBlockClient::parse(char const*, bool) (ad_block_client.cc:1153)
==11821==    by 0x1000017B8: main (perf.cc:92)