Open harryreps opened 1 year ago
i+y
in the code above may overrun the global buffer listBuffer
, leading the following bug
==271680==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000f11dd0 at pc 0x00000055a750 bp 0x7fff25f2b3b0 sp 0x7fff25f2b3a8
READ of size 1 at 0x000000f11dd0 thread T0
#0 0x55a74f in smlOBISByUnit(long long&, signed char&, sml_units_t) /home/parallels/sml_parser/src/sml.cpp:368:28
#1 0x55a979 in smlOBISWh(double&) /home/parallels/sml_parser/src/sml.cpp:378:3
i+1
and size+1
at Lines 313 and 314 may overrun the buffer and lead to the following bug:
==272722==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000f11cc6 at pc 0x000000559dcb bp 0x7ffc4eef20d0 sp 0x7ffc4eef20c8
WRITE of size 1 at 0x000000f11cc6 thread T0
#0 0x559dca in smlOBISManufacturer(unsigned char*, int) /home/parallels/sml_parser/src/sml.cpp:314:21
#1 0x557743 in Manufacturer() /home/parallels/sml_parser/src/main.cpp:15:23
https://github.com/olliiiver/sml_parser/blob/ca76a0ac017601731d57d1078d0c92e730043d13/src/sml.cpp#L90-L93
Suppose
currentLevel = MAX_TREE_SIZE - 1
at Line 90. Then,currentLevel = MAX_TREE_SIZE
at Line 92, which leads to the following overflow bug.