[CDRIVER-1894] Address Sanitizer issues in /bson/json/allow_multiple Created: 02/Nov/16  Updated: 11/Nov/16  Resolved: 11/Nov/16

Status: Closed
Project: C Driver
Component/s: json, libbson
Affects Version/s: 1.5.0
Fix Version/s: 1.5.0

Type: Bug Priority: Major - P3
Reporter: Hannes Magnusson Assignee: A. Jesse Jiryu Davis
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

 
[2016/10/28 19:58:01.525] =================================================================
[2016/10/28 19:58:01.525] ==25311==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000587db1 at pc 0x0000004a603d bp 0x7ffcc1ef5dc0 sp 0x7ffcc1ef5570
[2016/10/28 19:58:01.526] READ of size 16383 at 0x000000587db1 thread T0
[2016/10/28 19:58:01.527]     #0 0x4a603c  (/data/mci/74af095986b42324aca6aa6cf1c64792/libbson/.libs/lt-test-libbson+0x4a603c)
[2016/10/28 19:58:01.527]     #1 0x51cc9c  (/data/mci/74af095986b42324aca6aa6cf1c64792/libbson/.libs/lt-test-libbson+0x51cc9c)
[2016/10/28 19:58:01.527]     #2 0x7f7bebb5e8bb  (/data/mci/74af095986b42324aca6aa6cf1c64792/libbson/.libs/libbson-1.0.so.0+0x788bb)
[2016/10/28 19:58:01.527]     #3 0x515590  (/data/mci/74af095986b42324aca6aa6cf1c64792/libbson/.libs/lt-test-libbson+0x515590)
[2016/10/28 19:58:01.527]     #4 0x4eee86  (/data/mci/74af095986b42324aca6aa6cf1c64792/libbson/.libs/lt-test-libbson+0x4eee86)
[2016/10/28 19:58:01.527]     #5 0x4f1267  (/data/mci/74af095986b42324aca6aa6cf1c64792/libbson/.libs/lt-test-libbson+0x4f1267)
[2016/10/28 19:58:01.527]     #6 0x4f0621  (/data/mci/74af095986b42324aca6aa6cf1c64792/libbson/.libs/lt-test-libbson+0x4f0621)
[2016/10/28 19:58:01.527]     #7 0x4ef462  (/data/mci/74af095986b42324aca6aa6cf1c64792/libbson/.libs/lt-test-libbson+0x4ef462)
[2016/10/28 19:58:01.527]     #8 0x4f232f  (/data/mci/74af095986b42324aca6aa6cf1c64792/libbson/.libs/lt-test-libbson+0x4f232f)
[2016/10/28 19:58:01.527]     #9 0x7f7beabf582f  (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
[2016/10/28 19:58:01.527]     #10 0x41c1d8  (/data/mci/74af095986b42324aca6aa6cf1c64792/libbson/.libs/lt-test-libbson+0x41c1d8)
[2016/10/28 19:58:01.527] 0x000000587db1 is located 47 bytes to the left of global variable '<string literal>' defined in 'tests/test-json.c:47:4' (0x587de0) of size 7
[2016/10/28 19:58:01.527]   '<string literal>' is ascii string 'reader'
[2016/10/28 19:58:01.527] 0x000000587db1 is located 0 bytes to the right of global variable '<string literal>' defined in 'tests/test-json.c:39:26' (0x587da0) of size 17
[2016/10/28 19:58:01.528]   '<string literal>' is ascii string '{"a": 1}{"b": 1}'
[2016/10/28 19:58:01.528] SUMMARY: AddressSanitizer: global-buffer-overflow (/data/mci/74af095986b42324aca6aa6cf1c64792/libbson/.libs/lt-test-libbson+0x4a603c)
[2016/10/28 19:58:01.528] Shadow bytes around the buggy address:
[2016/10/28 19:58:01.528]   0x0000800a8f60: 00 04 f9 f9 f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9
[2016/10/28 19:58:01.528]   0x0000800a8f70: 00 00 00 00 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 06
[2016/10/28 19:58:01.528]   0x0000800a8f80: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 01
[2016/10/28 19:58:01.528]   0x0000800a8f90: f9 f9 f9 f9 00 00 00 07 f9 f9 f9 f9 06 f9 f9 f9
[2016/10/28 19:58:01.528]   0x0000800a8fa0: f9 f9 f9 f9 00 00 00 03 f9 f9 f9 f9 00 01 f9 f9
[2016/10/28 19:58:01.528] =>0x0000800a8fb0: f9 f9 f9 f9 00 00[01]f9 f9 f9 f9 f9 07 f9 f9 f9
[2016/10/28 19:58:01.528]   0x0000800a8fc0: f9 f9 f9 f9 00 00 00 00 05 f9 f9 f9 f9 f9 f9 f9
[2016/10/28 19:58:01.528]   0x0000800a8fd0: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 06 f9 f9 f9 f9
[2016/10/28 19:58:01.528]   0x0000800a8fe0: 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
[2016/10/28 19:58:01.528]   0x0000800a8ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2016/10/28 19:58:01.528]   0x0000800a9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2016/10/28 19:58:01.528] Shadow byte legend (one shadow byte represents 8 application bytes):
[2016/10/28 19:58:01.528]   Addressable:           00
[2016/10/28 19:58:01.528]   Partially addressable: 01 02 03 04 05 06 07
[2016/10/28 19:58:01.528]   Heap left redzone:       fa
[2016/10/28 19:58:01.528]   Heap right redzone:      fb
[2016/10/28 19:58:01.528]   Freed heap region:       fd
[2016/10/28 19:58:01.528]   Stack left redzone:      f1
[2016/10/28 19:58:01.528]   Stack mid redzone:       f2
[2016/10/28 19:58:01.528]   Stack right redzone:     f3
[2016/10/28 19:58:01.528]   Stack partial redzone:   f4
[2016/10/28 19:58:01.528]   Stack after return:      f5
[2016/10/28 19:58:01.528]   Stack use after scope:   f8
[2016/10/28 19:58:01.528]   Global redzone:          f9
[2016/10/28 19:58:01.528]   Global init order:       f6
[2016/10/28 19:58:01.528]   Poisoned by user:        f7
[2016/10/28 19:58:01.528]   Container overflow:      fc
[2016/10/28 19:58:01.528]   Array cookie:            ac
[2016/10/28 19:58:01.528]   Intra object redzone:    bb
[2016/10/28 19:58:01.528]   ASan internal:           fe
[2016/10/28 19:58:01.528]   Left alloca redzone:     ca
[2016/10/28 19:58:01.528]   Right alloca redzone:    cb
[2016/10/28 19:58:01.528] ==25311==ABORTING
[2016/10/28 19:58:01.555] make: *** [test] Error 1

https://evergreen.mongodb.com/task/libbson_releng_debug_compile_sanitizer_address_9b105d772c99dc84d69387e3b21097267082605e_16_10_29_02_48_32



 Comments   
Comment by Githook User [ 11/Nov/16 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}

Message: CDRIVER-1894 read out of bounds in JSON test
Branch: master
https://github.com/mongodb/libbson/commit/613072378c036f04364c9b49387f1381e34e5304

Generated at Wed Feb 07 21:13:32 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.