-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: libbson
-
Labels:None
Bad JavaScript/JSON input to libbson causes assertion failure. This was identified during fuzz testing. Fuzzer output follows:
/home/admin/mongo-c-driver.git/src/libbson/src/bson/bson.c:1005 bson_append_code_with_scope(): precondition failed: javascript
==2261== ERROR: libFuzzer: deadly signal
#0 0x4fbfe7 in __sanitizer_print_stack_trace (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x4fbfe7)
#1 0x44aceb in fuzzer::PrintStackTrace() (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x44aceb)
#2 0x42e91b in fuzzer::Fuzzer::CrashCallback() (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x42e91b)
#3 0x42e8df in fuzzer::Fuzzer::StaticCrashSignalCallback() (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x42e8df)
#4 0x7f18d839872f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1272f)
#5 0x7f18d804e7ba in gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x377ba)
#6 0x7f18d8039534 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x22534)
#7 0x7f18d840b7f1 in bson_append_code_with_scope /home/admin/mongo-c-driver.git/src/libbson/src/bson/bson.c
#8 0x7f18d8438600 in _bson_json_read_append_code /home/admin/mongo-c-driver.git/src/libbson/src/bson/bson-json.c:1422:8
#9 0x7f18d8438600 in _bson_json_read_end_map /home/admin/mongo-c-driver.git/src/libbson/src/bson/bson-json.c:1592
#10 0x7f18d8438600 in _pop_callback /home/admin/mongo-c-driver.git/src/libbson/src/bson/bson-json.c:1936
#11 0x7f18d84567aa in jsonsl_feed /home/admin/mongo-c-driver.git/src/libbson/src/jsonsl/jsonsl.c:692:17
#12 0x7f18d8431e83 in bson_json_reader_read /home/admin/mongo-c-driver.git/src/libbson/src/bson/bson-json.c:2069:10
#13 0x522633 in LLVMFuzzerTestOneInput /home/admin/mongo-c-driver.git/src/libbson/examples/json-to-bson.c:53:16
#14 0x42feaa in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x42feaa)
#15 0x42f445 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x42f445)
#16 0x43118e in fuzzer::Fuzzer::MutateAndTestOne() (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x43118e)
#17 0x431e65 in fuzzer::Fuzzer::Loop(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, fuzzer::fuzzer_allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x431e65)
#18 0x427e90 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x427e90)
#19 0x44b4a2 in main (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x44b4a2)
#20 0x7f18d803b09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
#21 0x4219a9 in _start (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x4219a9)