search

squeaky-pl / japronto

Screaming-fast Python 3.5+ HTTP toolkit integrated with pipelining HTTP server based on uvloop and picohttpparser.
MIT License
8.62k stars 580 forks source link

A risk of writing to an invalid address with memcpy in function Parser_feed #183

Open awen-li opened 3 years ago

awen-li commented 3 years ago

Code snippet

Parser_feed(Parser* self, PyObject *args)
{
     ........
     if((size_t)data_len > self->buffer_capacity - (self->buffer_end - self->buffer_start)) {
            self->buffer_capacity = MAX(self->buffer_capacity * 2, self->buffer_end - self->buffer_start + data_len);
            if(self->buffer == self->inline_buffer) {
                   self->buffer = malloc(self->buffer_capacity);    --------> may return a NULL pointer
                   memcpy(self->buffer + self->buffer_start, self->inline_buffer + self->buffer_start,
                                  self->buffer_end - self->buffer_start);
    } 
    ........
}

Description

Function: Parser_feed File: cparser.c Call-path: feed (Python) -> Parser_feed -> memcpy WarningType: Invalid write. Our analysis tool reported a warning on potential write at an invalid address. As the buffer_capacity may depend on external inputs, hence it is possible that malloc-fail happens. Return value validation is necessary at this point. Also seen in Details

awen-li commented 3 years ago

Anyone can help confirm this issue? thanks.