Closed gmolina-a2e closed 3 years ago
mikkelfj
commented
3 years ago Can you provide a concrete example? As far as I can tell, the function is bounds checking within the function, but I may have missed something, I just need to know where. https://github.com/dvidelabs/flatcc/blob/988b149b5e29b95d8c2587fe40ed927d3418a1c7/src/runtime/json_parser.c#L277
gmolina-a2e
commented
3 years ago Sure, basically I am getting this when trying to compile the tests.
In function ‘test’:
flatcc/test/json_test/test_basic_parse.c:221:31: error: ‘flatcc_json_parser_string_escape’ accessing 5 bytes in a region of size 4 [-Werror=stringop-overflow=]
221 | buf = flatcc_json_parser_string_escape(ctx, buf, end, code);
| ^~~~~~~~~~~~~
flatcc/test/json_test/test_basic_parse.c:221:31: note: referencing argument 4 of type ‘char ’
In file included from flatcc/test/json_test/test_basic_parse.c:3:
flatcc/include/flatcc/flatcc_json_parser.h:205:13: note: in a call to function ‘flatcc_json_parser_string_escape’
205 | const char flatcc_json_parser_string_escape(flatcc_json_parser_t ctx, const char buf, const char *end, flatcc_json_parser_escape_buffer_t code);
| ^~~~~~~~
cc1: all warnings being treated as errors
mikkelfj
commented
3 years ago Should be fixed on master, Please check. The same issue might be present elsewhere, but I fixed where you reported it.
The code argument is a typedef'ed char[5] array which used to be a plain char[4] argument. One json test wasn't updated but it is unlikely any memory was actually overwritten. The function itself is not the issue here.
gmolina-a2e
commented
3 years ago Awesome, it is now working.
The function flatcc_json_parser_string_escape is accessing 5 bytes in a region of size 4.