search

corelight / zeekjs

ZeekJS - Experimental JavaScript support for Zeek.
BSD 3-Clause "New" or "Revised" License
9 stars 4 forks source link

zeek.as crash for "table" type name #83

Closed awelzel closed 9 months ago

awelzel commented 12 months ago

Reported by @simeonmiteff , using zeek.as() with just "table" as type_name argument causes a TypeError and sometimes crash.

$ cat examples/z.js 
zeek.on('zeek_init', () => {
        let s = zeek.as('table', ["192.168.0.1/24"]);
        console.log(s);
});

# RelWithDebInfo build
$ zeek examples/z.js 
/home/awelzel/corelight-oss/zeekjs/examples/z.js:2
        let s = zeek.as('table', ["192.168.0.1/24"]);
                     ^

TypeError: Unsupported index size 11852055368087 for type 
    at /home/awelzel/corelight-oss/zeekjs/examples/z.js:2:15

Node.js v21.2.0

# ASAN build:
$ zeek examples/z.js 
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3608162==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000050 (pc 0x7f4e9a4c046c bp 0x7ffc82948f80 sp 0x7ffc82948f80 T0)
==3608162==The signal is caused by a READ memory access.
==3608162==Hint: address points to the zero page.
    #0 0x7f4e9a4c046c in std::vector<zeek::IntrusivePtr<zeek::Type>, std::allocator<zeek::IntrusivePtr<zeek::Type> > >::size() const /usr/include/c++/11/bits/stl_vector.h:919
    #1 0x7f4e9a4ba7fe in ZeekValWrapper::ToZeekVal(v8::Local<v8::Value>, zeek::IntrusivePtr<zeek::Type> const&) /home/awelzel/corelight-oss/zeekjs/src/Types.cc:723
    #2 0x7f4e9a49dcf9 in plugin::Nodejs::Instance::ZeekAs(v8::Local<v8::String>, v8::Local<v8::Value>) /home/awelzel/corelight-oss/zeekjs/src/Nodejs.cc:498
    #3 0x7f4e9a49c491 in plugin::Nodejs::Instance::ZeekAsCallback(v8::FunctionCallbackInfo<v8::Value> const&) /home/awelzel/corelight-oss/zeekjs/src/Nodejs.cc:277
    #4 0x7f4e9330cadc in Builtins_CallApiCallbackGeneric (/opt/node-21.2.0/lib/libnode.so.120+0x110cadc)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /usr/include/c++/11/bits/stl_vector.h:919 in std::vector<zeek::IntrusivePtr<zeek::Type>, std::allocator<zeek::IntrusivePtr<zeek::Type> > >::size() const
==3608162==ABORTING
Aborted (core dumped)
simeonmiteff commented 12 months ago

Thanks @awelzel.

I also found that let x = zeek.as("vector", [1,2,3]); segfaults when zeek::Type::Tag() is called on a null pointer.

simeonmiteff commented 12 months ago

A related problem (please let me know if I should open a separate issue for this): zeek.as() won't accept the type name in set[count] syntax - it has to be count_set (and so on for other index types).

simeonmiteff commented 11 months ago

A related problem (please let me know if I should open a separate issue for this): zeek.as() won't accept the type name in set[count] syntax - it has to be count_set (and so on for other index types).

More accurately, I think you need a type alias. For types where no type alias is defined it doesn't work, e.g. this:

let port_set = [1,2,3];
zeek.as("set[port]", port_set);

...fails with 'set[port]' is not a Zeek type.

I guess I could define aliases for every perumation of containers and index types, but that will only work for built-in types.