[SERVER-76776] Crash found by op_msg_fuzzer Created: 03/May/23 Updated: 29/Oct/23 Resolved: 01/Jun/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 7.1.0-rc0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Yongheng Chen | Assignee: | Amirsaman Memaripour |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Assigned Teams: |
Service Arch
|
| Backwards Compatibility: | Fully Compatible |
| Operating System: | ALL |
| Sprint: | Service Arch 2023-06-12 |
| Participants: |
| Description |
|
Hi, I found a crash input using the op_msg_fuzzer. The POC (base64 form) is :
To reproduce:
Tested on Ubuntu 22.04 I have a question abou the harness. In `op_msg_fuzzer_fixture.cpp`, the harness creates a `Msg` from the fuzzer provided buffer:
It seems such a message is not always valid (cannot be sent to the server from the client) so it might be a false crash? If so, is there any way to filter out such false crashes? If not, should I report all the crash I find using the harness? I would like to contribute to improve the correctness and security of mongodb. Looking forwards to hearing back from you. |
| Comments |
| Comment by Yongheng Chen [ 02/Jun/23 ] |
|
amirsaman.memaripour@mongodb.com Thank you for the fix! |
| Comment by Amirsaman Memaripour [ 01/Jun/23 ] |
|
changochen1@gmail.com, the issue is now fixed on the master branch. Thank you for reporting. |
| Comment by Githook User [ 01/Jun/23 ] |
|
Author: {'name': 'Amirsaman Memaripour', 'email': 'amirsaman.memaripour@mongodb.com', 'username': 'samanca'}Message: |
| Comment by Yongheng Chen [ 26/May/23 ] |
|
Hi amirsaman.memaripour@mongodb.com, thanks for the reply! Do you have any advise to filter out such test-only failure? |
| Comment by Amirsaman Memaripour [ 26/May/23 ] |
|
changochen1@gmail.com, thank you for reporting this issue. The reported crash is test-only: failure to parse an incoming message only terminates the user-operation in production builds. We will keep this ticket in our backlog to address the test failure in near future. Thanks again for reporting this. |