Details
-
Bug
-
Status: Closed
-
Major - P3
-
Resolution: Fixed
-
None
-
None
Description
When running wtperf with multiple tables, there is an off-by-one error in the size calculation when allocating a buffer to hold the URI:
==31246==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000cebf at pc 0x7ffff6ec7b32 bp 0x7fffffffd690 sp 0x7fffffffce20
|
WRITE of size 16 at 0x60200000cebf thread T0
|
#0 0x7ffff6ec7b31 in vsprintf (/lib64/libasan.so.3+0x8fb31)
|
#1 0x7ffff6ec7d62 in sprintf (/lib64/libasan.so.3+0x8fd62)
|
#2 0x417863 in create_uris ../../../bench/wtperf/wtperf.c:1879
|
#3 0x418bef in start_run ../../../bench/wtperf/wtperf.c:2048
|
#4 0x418350 in start_all_runs ../../../bench/wtperf/wtperf.c:1956
|
#5 0x41ba08 in main ../../../bench/wtperf/wtperf.c:2425
|
#6 0x7ffff5b34730 in __libc_start_main (/lib64/libc.so.6+0x20730)
|
#7 0x4034f8 in _start (/mnt/fast/mjc/wt/src/wiredtiger-git/build_posix/bench/wtperf/wtperf+0x4034f8)
|
|
|
0x60200000cebf is located 0 bytes to the right of 15-byte region [0x60200000ceb0,0x60200000cebf)
|
allocated by thread T0 here:
|
#0 0x7ffff6efefe0 in calloc (/lib64/libasan.so.3+0xc6fe0)
|
#1 0x41f543 in dcalloc ../../../test/utility/misc.c:150
|
#2 0x417768 in create_uris ../../../bench/wtperf/wtperf.c:1872
|
#3 0x418bef in start_run ../../../bench/wtperf/wtperf.c:2048
|
#4 0x418350 in start_all_runs ../../../bench/wtperf/wtperf.c:1956
|
#5 0x41ba08 in main ../../../bench/wtperf/wtperf.c:2425
|
#6 0x7ffff5b34730 in __libc_start_main (/lib64/libc.so.6+0x20730)
|