Uploaded image for project: 'Node.js Driver'
  1. Node.js Driver
  2. NODE-5728

Fuzzing results in uncaught exception

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Works as Designed
    • Priority: Icon: Unknown Unknown
    • None
    • Affects Version/s: None
    • Component/s: BSON
    • 1
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      What problem are you facing?

      Fuzzing deserialize using jazzer.js results in Uncaught RangeError exception at

      https://github.com/mongodb/js-bson/blob/77fac2a369c9009e88604a9dce0c688778826973/src/parser/deserializer.ts#L290C7-L290C40

      What driver and relevant dependency versions are you using?

      Tested against HEAD https://github.com/mongodb/js-bson/commit/77fac2a369c9009e88604a9dce0c688778826973

      ❯ git describe --tags
      v6.2.0

      Steps to reproduce?

      // code placeholder
> const BSON = require('bson');
undefined
> const d = Buffer.from('0e00000001060000ff40000e0000', 'hex');
undefined
> BSON.deserialize(d);
Uncaught RangeError: Offset is outside the bounds of the DataView
    at DataView.getFloat64 (<anonymous>)
    at deserializeObject (/home/maxx/dev/security/oss-fuzz-projects/js-bson/lib/bson.cjs:2685:30)
    at internalDeserialize (/home/maxx/dev/security/oss-fuzz-projects/js-bson/lib/bson.cjs:2571:12)
    at Object.deserialize (/home/maxx/dev/security/oss-fuzz-projects/js-bson/lib/bson.cjs:4050:12)

        1. crash-a66db8c11931749e475f6ec6ea9624418e100207
          0.0 kB
        2. crash-68f1862b3cea17689006d3d8af25e9f9f188138d
          0.0 kB

            Assignee:
            neal.beeken@mongodb.com Neal Beeken
            Reporter:
            max.manu.nair@gmail.com manunio N/A
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: