[CDRIVER-1403] Potential buffer overrun in bson_strndup Created: 19/Jul/16  Updated: 10/Aug/16  Resolved: 21/Jul/16

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: 1.4.0
Fix Version/s: 1.4.0

Type: Bug Priority: Major - P3
Reporter: Hannes Magnusson Assignee: Ian Boros
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to CDRIVER-747 Test with address sanitizer Closed
Epic Link: mongodb-handshake

 Description   

Trying to get a address sanitizer build going:

[2016/07/18 21:24:51.047] + make test TEST_ARGS=-d -F test-results.json
[2016/07/18 21:24:51.502] =================================================================
[2016/07/18 21:24:51.502] ==392==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000737428 at pc 0x0000004a7bad bp 0x7ffe0296ca40 sp 0x7ffe0296c1f0
[2016/07/18 21:24:51.502] READ of size 32 at 0x000000737428 thread T0
[2016/07/18 21:24:51.504]     #0 0x4a7bac  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x4a7bac)
[2016/07/18 21:24:51.504]     #1 0x7fc6f5bf7dda  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/src/libbson/.libs/libbson-1.0.so.0+0x91dda)
[2016/07/18 21:24:51.504]     #2 0x645b91  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x645b91)
[2016/07/18 21:24:51.504]     #3 0x645b3f  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x645b3f)
[2016/07/18 21:24:51.504]     #4 0x631e2c  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x631e2c)
[2016/07/18 21:24:51.504]     #5 0x7fc6f4d6fad8  (/lib/x86_64-linux-gnu/libpthread.so.0+0xead8)
[2016/07/18 21:24:51.504]     #6 0x631dca  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x631dca)
[2016/07/18 21:24:51.504]     #7 0x50f7d4  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x50f7d4)
[2016/07/18 21:24:51.504]     #8 0x7fc6f439682f  (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
[2016/07/18 21:24:51.504]     #9 0x41dd48  (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x41dd48)
[2016/07/18 21:24:51.504] 0x000000737428 is located 56 bytes to the left of global variable '<string literal>' defined in 'src/mongoc/mongoc-metadata.c:61:42' (0x737460) of size 7
[2016/07/18 21:24:51.504]   '<string literal>' is ascii string 'mongoc'
[2016/07/18 21:24:51.505] 0x000000737428 is located 0 bytes to the right of global variable '<string literal>' defined in 'src/mongoc/mongoc-metadata.c:39:38' (0x737420) of size 8
[2016/07/18 21:24:51.505]   '<string literal>' is ascii string 'unknown'
[2016/07/18 21:24:51.505] SUMMARY: AddressSanitizer: global-buffer-overflow (/data/mci/cc019a81ebafd48be2bacbdef589379b/mongoc/.libs/lt-test-libmongoc+0x4a7bac)
[2016/07/18 21:24:51.505] Shadow bytes around the buggy address:
[2016/07/18 21:24:51.505]   0x0000800dee30: f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
[2016/07/18 21:24:51.505]   0x0000800dee40: f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
[2016/07/18 21:24:51.505]   0x0000800dee50: 05 f9 f9 f9 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9
[2016/07/18 21:24:51.505]   0x0000800dee60: 00 00 00 00 00 04 f9 f9 f9 f9 f9 f9 00 04 f9 f9
[2016/07/18 21:24:51.505]   0x0000800dee70: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 00 05 f9 f9
[2016/07/18 21:24:51.505] =>0x0000800dee80: f9 f9 f9 f9 00[f9]f9 f9 f9 f9 f9 f9 07 f9 f9 f9
[2016/07/18 21:24:51.505]   0x0000800dee90: f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 00 01 f9 f9
[2016/07/18 21:24:51.505]   0x0000800deea0: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 00 00 06
[2016/07/18 21:24:51.505]   0x0000800deeb0: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 02 f9 f9 f9
[2016/07/18 21:24:51.505]   0x0000800deec0: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 00 00 06 f9
[2016/07/18 21:24:51.505]   0x0000800deed0: f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 00 00 07 f9
[2016/07/18 21:24:51.505] Shadow byte legend (one shadow byte represents 8 application bytes):
[2016/07/18 21:24:51.505]   Addressable:           00
[2016/07/18 21:24:51.505]   Partially addressable: 01 02 03 04 05 06 07
[2016/07/18 21:24:51.505]   Heap left redzone:       fa
[2016/07/18 21:24:51.505]   Heap right redzone:      fb
[2016/07/18 21:24:51.505]   Freed heap region:       fd
[2016/07/18 21:24:51.505]   Stack left redzone:      f1
[2016/07/18 21:24:51.505]   Stack mid redzone:       f2
[2016/07/18 21:24:51.505]   Stack right redzone:     f3
[2016/07/18 21:24:51.505]   Stack partial redzone:   f4
[2016/07/18 21:24:51.505]   Stack after return:      f5
[2016/07/18 21:24:51.505]   Stack use after scope:   f8
[2016/07/18 21:24:51.505]   Global redzone:          f9
[2016/07/18 21:24:51.505]   Global init order:       f6
[2016/07/18 21:24:51.505]   Poisoned by user:        f7
[2016/07/18 21:24:51.505]   Container overflow:      fc
[2016/07/18 21:24:51.505]   Array cookie:            ac
[2016/07/18 21:24:51.505]   Intra object redzone:    bb
[2016/07/18 21:24:51.505]   ASan internal:           fe
[2016/07/18 21:24:51.505]   Left alloca redzone:     ca
[2016/07/18 21:24:51.505]   Right alloca redzone:    cb
[2016/07/18 21:24:51.505] ==392==ABORTING
[2016/07/18 21:24:51.508] make: *** [test] Error 1



 Comments   
Comment by Githook User [ 21/Jul/16 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@10gen.com'}

Message: Merge pull request #171 from puppyofkosh/strndup-fix

CDRIVER-1403 fixed buffer overrun/read in bson_strndup
Branch: master
https://github.com/mongodb/libbson/commit/3734da44d0bec1c9689bc0ddb4cef4ef3e564db0

Comment by Githook User [ 21/Jul/16 ]

Author:

{u'name': u'ian boros', u'email': u'ian.boros@10gen.com'}

Message: CDRIVER-1403 fixed buffer overrun/read in bson_strndup
Branch: master
https://github.com/mongodb/libbson/commit/a7e5cc8bfa6a426eca2a901333fd078cfaa0c3e2

Generated at Wed Feb 07 21:12:24 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.