fix(memory): heap-buffer-overflow due to wrong use of strcpy. #263
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ShannonDing
changed the title
ShannonDing
approved these changes
Feb 28, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What is the purpose of the change
Fix heap-buffer-overflow due to wrong use of strcpy.
Brief changelog
Fix heap-buffer-overflow due to wrong use of strcpy.
Verifying this change
Verified. Want a code review.
The ASAN Report
==45669==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000ed10 at pc 0x4dc0a5 bp 0x7ffee848e850 sp 0x7ffee848e848
WRITE of size 9 at 0x60200000ed10 thread T0
#0 0x4dc0a4 in big_endian_bigEndianObject_Test::TestBody() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x4dc0a4)
#1 0x50c7fd in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::)(), char const) (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x50c7fd)
#2 0x50652b in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::)(), char const) (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x50652b)
#3 0x4e6b36 in testing::Test::Run() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x4e6b36)
#4 0x4e73fd in testing::TestInfo::Run() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x4e73fd)
#5 0x4e7ac1 in testing::TestCase::Run() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x4e7ac1)
#6 0x4f22c4 in testing::internal::UnitTestImpl::RunAllTests() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x4f22c4)
#7 0x50dbfb in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::)(), char const) (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x50dbfb)
#8 0x5072ad in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::)(), char const) (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x5072ad)
#9 0x4f0d6a in testing::UnitTest::Run() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x4f0d6a)
#10 0x4dd15d in RUN_ALL_TESTS() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x4dd15d)
#11 0x4dcbde in main (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x4dcbde)
#12 0x7fef534fa444 in __libc_start_main (/lib64/libc.so.6+0x22444)
#13 0x478108 (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x478108)
0x60200000ed18 is located 0 bytes to the right of 8-byte region [0x60200000ed10,0x60200000ed18)
allocated by thread T0 here:
#0 0x4b2e9f in malloc (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x4b2e9f)
#1 0x4dbfbf in big_endian_bigEndianObject_Test::TestBody() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x4dbfbf)
#2 0x50c7fd in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::)(), char const) (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x50c7fd)
#3 0x50652b in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::)(), char const) (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x50652b)
#4 0x4e6b36 in testing::Test::Run() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x4e6b36)
#5 0x4e73fd in testing::TestInfo::Run() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x4e73fd)
#6 0x4e7ac1 in testing::TestCase::Run() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x4e7ac1)
#7 0x4f22c4 in testing::internal::UnitTestImpl::RunAllTests() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x4f22c4)
#8 0x50dbfb in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::)(), char const) (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x50dbfb)
#9 0x5072ad in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::)(), char const) (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x5072ad)
#10 0x4f0d6a in testing::UnitTest::Run() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x4f0d6a)
#11 0x4dd15d in RUN_ALL_TESTS() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x4dd15d)
#12 0x4dcbde in main (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/big_endianTest+0x4dcbde)
#13 0x7fef534fa444 in __libc_start_main (/lib64/libc.so.6+0x22444)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 big_endian_bigEndianObject_Test::TestBody()
Shadow bytes around the buggy address:
0x0c047fff9d50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9d60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9d70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9d90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c047fff9da0: fa fa[00]fa fa fa 00 fa fa fa fd fa fa fa fd fa
0x0c047fff9db0: fa fa fd fa fa fa fd fa fa fa 00 00 fa fa 00 fa
0x0c047fff9dc0: fa fa fd fa fa fa 00 fa fa fa 00 fa fa fa 00 fa
0x0c047fff9dd0: fa fa 00 00 fa fa 00 fa fa fa fd fa fa fa fd fa
0x0c047fff9de0: fa fa 04 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa
0x0c047fff9df0: fa fa 00 fa fa fa 00 fa fa fa 00 00 fa fa 00 fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==45669==ABORTING
Follow this checklist to help us incorporate your contribution quickly and easily. Notice,
it would be helpful if you could finish the following 5 checklist(the last one is not necessary)before request the community to review your PR.[ISSUE #123] Fix UnknownException when host config not exist. Each commit in the pull request should have a meaningful subject line and body.