search

joncmu / rapidjson

Automatically exported from code.google.com/p/rapidjson
MIT License
0 stars 0 forks source link

Memory access error due to 'memcmp' #109

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
I tried to use rapidjson on the large json, and valgrind/memcheck finds errors, 
see below. The offending line is this:

if (name[member->name.data_.s.length] == '\0' && 
memcmp(member->name.data_.s.str, name, member->name.data_.s.length * 
sizeof(Ch)) == 0)

This happens during map value lookup. 'memcmp' can't be used in this place, 
because some keys can be longer than the supplied value, and it is illegal to 
read a string past its terminating zero character.

In fact, this bug can cause segmentation fault if the end of the string 
supplied by the caller would happen to align with the end of the memory segment.

---error log---
==81117== Invalid read of size 1
==81117==    at 0x110A543: memcmp (mc_replace_strmem.c:1001)
==81117==    by 0x49F01C: rapidjson::GenericValue<rapidjson::UTF8<char>, 
rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator> >::FindMember(char 
const*) (document.h:271) 
==81117==    by 0x49EECC: rapidjson::GenericValue<rapidjson::UTF8<char>, 
rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator> >::operator[](char 
const*) (document.h:239)
==81117==    by 0x49EE9C: rapidjson::GenericValue<rapidjson::UTF8<char>, 
rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator> >::operator[](char 
const*) const (document.h:247)

Original issue reported on code.google.com by yuriv...@gmail.com on 28 Apr 2014 at 11:42

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
[deleted comment]