Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-1403

Potential buffer overrun in bson_strndup

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 1.4.0
    • Affects Version/s: 1.4.0
    • Component/s: None
    • None

      Trying to get a address sanitizer build going:

      [2016/07/18 21:24:51.047] + make test TEST_ARGS=-d -F test-results.json
[2016/07/18 21:24:51.502] =================================================================
[2016/07/18 21:24:51.502] ==392==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000737428 at pc 0x0000004a7bad bp 0x7ffe0296ca40 sp 0x7ffe0296c1f0
[2016/07/18 21:24:51.502] READ of size 32 at 0x000000737428 thread T0
[2016/07/18 21:24:51.504]     #0 0x4a7bac  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x4a7bac)
[2016/07/18 21:24:51.504]     #1 0x7fc6f5bf7dda  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/src/libbson/.libs/libbson-1.0.so.0+0x91dda)
[2016/07/18 21:24:51.504]     #2 0x645b91  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x645b91)
[2016/07/18 21:24:51.504]     #3 0x645b3f  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x645b3f)
[2016/07/18 21:24:51.504]     #4 0x631e2c  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x631e2c)
[2016/07/18 21:24:51.504]     #5 0x7fc6f4d6fad8  (/lib/x86_64-linux-gnu/libpthread.so.0+0xead8)
[2016/07/18 21:24:51.504]     #6 0x631dca  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x631dca)
[2016/07/18 21:24:51.504]     #7 0x50f7d4  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x50f7d4)
[2016/07/18 21:24:51.504]     #8 0x7fc6f439682f  (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
[2016/07/18 21:24:51.504]     #9 0x41dd48  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x41dd48)
[2016/07/18 21:24:51.504] 0x000000737428 is located 56 bytes to the left of global variable '<string literal>' defined in 'src/mongoc/mongoc-metadata.c:61:42' (0x737460) of size 7
[2016/07/18 21:24:51.504]   '<string literal>' is ascii string 'mongoc'
[2016/07/18 21:24:51.505] 0x000000737428 is located 0 bytes to the right of global variable '<string literal>' defined in 'src/mongoc/mongoc-metadata.c:39:38' (0x737420) of size 8
[2016/07/18 21:24:51.505]   '<string literal>' is ascii string 'unknown'
[2016/07/18 21:24:51.505] SUMMARY: AddressSanitizer: global-buffer-overflow (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x4a7bac)
[2016/07/18 21:24:51.505] Shadow bytes around the buggy address:
[2016/07/18 21:24:51.505]   0x0000800dee30: f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
[2016/07/18 21:24:51.505]   0x0000800dee40: f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
[2016/07/18 21:24:51.505]   0x0000800dee50: 05 f9 f9 f9 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9
[2016/07/18 21:24:51.505]   0x0000800dee60: 00 00 00 00 00 04 f9 f9 f9 f9 f9 f9 00 04 f9 f9
[2016/07/18 21:24:51.505]   0x0000800dee70: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 00 05 f9 f9
[2016/07/18 21:24:51.505] =>0x0000800dee80: f9 f9 f9 f9 00[f9]f9 f9 f9 f9 f9 f9 07 f9 f9 f9
[2016/07/18 21:24:51.505]   0x0000800dee90: f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 00 01 f9 f9
[2016/07/18 21:24:51.505]   0x0000800deea0: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 00 00 06
[2016/07/18 21:24:51.505]   0x0000800deeb0: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 02 f9 f9 f9
[2016/07/18 21:24:51.505]   0x0000800deec0: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 00 00 06 f9
[2016/07/18 21:24:51.505]   0x0000800deed0: f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 00 00 07 f9
[2016/07/18 21:24:51.505] Shadow byte legend (one shadow byte represents 8 application bytes):
[2016/07/18 21:24:51.505]   Addressable:           00
[2016/07/18 21:24:51.505]   Partially addressable: 01 02 03 04 05 06 07
[2016/07/18 21:24:51.505]   Heap left redzone:       fa
[2016/07/18 21:24:51.505]   Heap right redzone:      fb
[2016/07/18 21:24:51.505]   Freed heap region:       fd
[2016/07/18 21:24:51.505]   Stack left redzone:      f1
[2016/07/18 21:24:51.505]   Stack mid redzone:       f2
[2016/07/18 21:24:51.505]   Stack right redzone:     f3
[2016/07/18 21:24:51.505]   Stack partial redzone:   f4
[2016/07/18 21:24:51.505]   Stack after return:      f5
[2016/07/18 21:24:51.505]   Stack use after scope:   f8
[2016/07/18 21:24:51.505]   Global redzone:          f9
[2016/07/18 21:24:51.505]   Global init order:       f6
[2016/07/18 21:24:51.505]   Poisoned by user:        f7
[2016/07/18 21:24:51.505]   Container overflow:      fc
[2016/07/18 21:24:51.505]   Array cookie:            ac
[2016/07/18 21:24:51.505]   Intra object redzone:    bb
[2016/07/18 21:24:51.505]   ASan internal:           fe
[2016/07/18 21:24:51.505]   Left alloca redzone:     ca
[2016/07/18 21:24:51.505]   Right alloca redzone:    cb
[2016/07/18 21:24:51.505] ==392==ABORTING
[2016/07/18 21:24:51.508] make: *** [test] Error 1

            Assignee:
            ian.boros@mongodb.com Ian Boros
            Reporter:
            bjori Hannes Magnusson
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: