Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-1403

Potential buffer overrun in bson_strndup

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 1.4.0
    • Fix Version/s: 1.4.0
    • Component/s: None
    • Labels:
      None

      Description

      Trying to get a address sanitizer build going:

      [2016/07/18 21:24:51.047] + make test TEST_ARGS=-d -F test-results.json
      [2016/07/18 21:24:51.502] =================================================================
      [2016/07/18 21:24:51.502] ==392==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000737428 at pc 0x0000004a7bad bp 0x7ffe0296ca40 sp 0x7ffe0296c1f0
      [2016/07/18 21:24:51.502] READ of size 32 at 0x000000737428 thread T0
      [2016/07/18 21:24:51.504]     #0 0x4a7bac  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x4a7bac)
      [2016/07/18 21:24:51.504]     #1 0x7fc6f5bf7dda  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/src/libbson/.libs/libbson-1.0.so.0+0x91dda)
      [2016/07/18 21:24:51.504]     #2 0x645b91  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x645b91)
      [2016/07/18 21:24:51.504]     #3 0x645b3f  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x645b3f)
      [2016/07/18 21:24:51.504]     #4 0x631e2c  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x631e2c)
      [2016/07/18 21:24:51.504]     #5 0x7fc6f4d6fad8  (/lib/x86_64-linux-gnu/libpthread.so.0+0xead8)
      [2016/07/18 21:24:51.504]     #6 0x631dca  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x631dca)
      [2016/07/18 21:24:51.504]     #7 0x50f7d4  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x50f7d4)
      [2016/07/18 21:24:51.504]     #8 0x7fc6f439682f  (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
      [2016/07/18 21:24:51.504]     #9 0x41dd48  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x41dd48)
      [2016/07/18 21:24:51.504] 0x000000737428 is located 56 bytes to the left of global variable '<string literal>' defined in 'src/mongoc/mongoc-metadata.c:61:42' (0x737460) of size 7
      [2016/07/18 21:24:51.504]   '<string literal>' is ascii string 'mongoc'
      [2016/07/18 21:24:51.505] 0x000000737428 is located 0 bytes to the right of global variable '<string literal>' defined in 'src/mongoc/mongoc-metadata.c:39:38' (0x737420) of size 8
      [2016/07/18 21:24:51.505]   '<string literal>' is ascii string 'unknown'
      [2016/07/18 21:24:51.505] SUMMARY: AddressSanitizer: global-buffer-overflow (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x4a7bac)
      [2016/07/18 21:24:51.505] Shadow bytes around the buggy address:
      [2016/07/18 21:24:51.505]   0x0000800dee30: f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
      [2016/07/18 21:24:51.505]   0x0000800dee40: f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
      [2016/07/18 21:24:51.505]   0x0000800dee50: 05 f9 f9 f9 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9
      [2016/07/18 21:24:51.505]   0x0000800dee60: 00 00 00 00 00 04 f9 f9 f9 f9 f9 f9 00 04 f9 f9
      [2016/07/18 21:24:51.505]   0x0000800dee70: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 00 05 f9 f9
      [2016/07/18 21:24:51.505] =>0x0000800dee80: f9 f9 f9 f9 00[f9]f9 f9 f9 f9 f9 f9 07 f9 f9 f9
      [2016/07/18 21:24:51.505]   0x0000800dee90: f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 00 01 f9 f9
      [2016/07/18 21:24:51.505]   0x0000800deea0: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 00 00 06
      [2016/07/18 21:24:51.505]   0x0000800deeb0: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 02 f9 f9 f9
      [2016/07/18 21:24:51.505]   0x0000800deec0: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 00 00 06 f9
      [2016/07/18 21:24:51.505]   0x0000800deed0: f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 00 00 07 f9
      [2016/07/18 21:24:51.505] Shadow byte legend (one shadow byte represents 8 application bytes):
      [2016/07/18 21:24:51.505]   Addressable:           00
      [2016/07/18 21:24:51.505]   Partially addressable: 01 02 03 04 05 06 07
      [2016/07/18 21:24:51.505]   Heap left redzone:       fa
      [2016/07/18 21:24:51.505]   Heap right redzone:      fb
      [2016/07/18 21:24:51.505]   Freed heap region:       fd
      [2016/07/18 21:24:51.505]   Stack left redzone:      f1
      [2016/07/18 21:24:51.505]   Stack mid redzone:       f2
      [2016/07/18 21:24:51.505]   Stack right redzone:     f3
      [2016/07/18 21:24:51.505]   Stack partial redzone:   f4
      [2016/07/18 21:24:51.505]   Stack after return:      f5
      [2016/07/18 21:24:51.505]   Stack use after scope:   f8
      [2016/07/18 21:24:51.505]   Global redzone:          f9
      [2016/07/18 21:24:51.505]   Global init order:       f6
      [2016/07/18 21:24:51.505]   Poisoned by user:        f7
      [2016/07/18 21:24:51.505]   Container overflow:      fc
      [2016/07/18 21:24:51.505]   Array cookie:            ac
      [2016/07/18 21:24:51.505]   Intra object redzone:    bb
      [2016/07/18 21:24:51.505]   ASan internal:           fe
      [2016/07/18 21:24:51.505]   Left alloca redzone:     ca
      [2016/07/18 21:24:51.505]   Right alloca redzone:    cb
      [2016/07/18 21:24:51.505] ==392==ABORTING
      [2016/07/18 21:24:51.508] make: *** [test] Error 1
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              ian.boros Ian Boros
              Reporter:
              bjori Hannes Magnusson
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: