Closed geeknik closed 6 years ago
Thanks!
On 10 Apr 2018, at 21:40, geeknik notifications@github.com wrote:
While testing sdb (85eeb0e), I was able to trigger a heap-buffer-overflow in sdb_json_indent with a simple JSON file: test002.json.gz
./sdb - < test002.json
==8501==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000000051 at pc 0x000000509ea0 bp 0x7ffc06785d60 sp 0x7ffc06785d58 WRITE of size 1 at 0x603000000051 thread T0
0 0x509e9f in sdb_json_indent /root/sdb/src/./json/indent.c:104:5
#1 0x514646 in sdb_querys /root/sdb/src/query.c:790:16 #2 0x51233b in sdb_query /root/sdb/src/query.c:840:8 #3 0x4ee616 in main /root/sdb/src/main.c:496:13 #4 0x7fbf583121c0 in __libc_start_main /build/glibc-itYbWN/glibc-2.26/csu/../csu/libc-start.c:308 #5 0x41aa39 in _start (/root/sdb/src/sdb+0x41aa39)
0x603000000051 is located 0 bytes to the right of 17-byte region [0x603000000040,0x603000000051) allocated by thread T0 here:
0 0x4c0a33 in malloc /b/build/slave/linux_upload_clang/build/src/third_party/llvm/compiler-rt/lib/asan/asan_malloc_linux.cc:88:3
#1 0x508f8b in sdb_json_indent /root/sdb/src/./json/indent.c:53:6
SUMMARY: AddressSanitizer: heap-buffer-overflow /root/sdb/src/./json/indent.c:104:5 in sdb_json_indent During the same testing period, I was also able to trigger a similar heap-buffer-overflow in another part of the code called doIndent with this file: test005.json.gz
./sdb - < test005.json
==20513==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000005a at pc 0x000000509eb8 bp 0x7ffd9af5e780 sp 0x7ffd9af5e778 WRITE of size 1 at 0x60300000005a thread T0
0 0x509eb7 in doIndent /root/sdb/src/./json/indent.c:10:12
#1 0x509eb7 in sdb_json_indent /root/sdb/src/./json/indent.c:90 #2 0x514646 in sdb_querys /root/sdb/src/query.c:790:16 #3 0x51233b in sdb_query /root/sdb/src/query.c:840:8 #4 0x4ee616 in main /root/sdb/src/main.c:496:13 #5 0x7fc32dbd31c0 in __libc_start_main /build/glibc-itYbWN/glibc-2.26/csu/../csu/libc-start.c:308 #6 0x41aa39 in _start (/root/sdb/src/sdb+0x41aa39)
0x60300000005a is located 0 bytes to the right of 26-byte region [0x603000000040,0x60300000005a) allocated by thread T0 here:
0 0x4c0a33 in malloc /b/build/slave/linux_upload_clang/build/src/third_party/llvm/compiler-rt/lib/asan/asan_malloc_linux.cc:88:3
#1 0x508f8b in sdb_json_indent /root/sdb/src/./json/indent.c:53:6
SUMMARY: AddressSanitizer: heap-buffer-overflow /root/sdb/src/./json/indent.c:10:12 in doIndent — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
While testing sdb (
85eeb0e
), I was able to trigger a heap-buffer-overflow insdb_json_indent
with a simple JSON file: test002.json.gz./sdb - < test002.json
During the same testing period, I was also able to trigger a similar heap-buffer-overflow in another part of the code called
doIndent
with this file: test005.json.gz./sdb - < test005.json