Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-5132

Fix buffer overflow caused by fscanf range check

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.2.1, 4.3.1, WT10.0.0
    • Component/s: None
    • Labels:
      None
    • Story Points:
      2
    • Sprint:
      Storage Engines 2019-10-07

      Description

      This appears very likely related to WT-5097 that was merged into develop yesterday. The wiredtiger-clang-sanitizer Jenkins job failed: http://build.wiredtiger.com:8080/job/wiredtiger-clang-sanitizer/3766/console

      The failure is:

      Parent: Create 5 threads; sleep 10 seconds
      CONFIG: test_random_abort -h WT_TEST.random-abort -T 5 -t 10
      Create 5 writer threads
      Thread 0 starts at 0
      Thread 1 starts at 1000000000
      Thread 2 starts at 2000000000
      Thread 3 starts at 3000000000
      Spawned 5 writer threads
      =================================================================
      ==14297==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffcf63f8690 at pc 0x0000004400fa bp 0x7ffcf63f7440 sp 0x7ffcf63f6bb0
      WRITE of size 4097 at 0x7ffcf63f8690 thread T0
          #0 0x4400f9 in scanf_common(void*, int, bool, char const*, __va_list_tag*) (/mnt/data0/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/csuite/test_random_abort+0x4400f9)
          #1 0x440725 in __interceptor_fscanf (/mnt/data0/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/csuite/test_random_abort+0x440725)
          #2 0x4f741c in recover_and_verify /mnt/data0/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/csuite/../../../test/csuite/random_abort/main.c:500:23
          #3 0x4f741c in main /mnt/data0/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/csuite/../../../test/csuite/random_abort/main.c:734
          #4 0x7f7954939b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
          #5 0x41b849 in _start (/mnt/data0/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/csuite/test_random_abort+0x41b849)
       
      Address 0x7ffcf63f8690 is located in stack of thread T0 at offset 4368 in frame
          #0 0x4f668f in main /mnt/data0/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/csuite/../../../test/csuite/random_abort/main.c:583
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              chenhao.qu Chenhao Qu
              Reporter:
              sue.loverso Susan LoVerso
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: