Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This fixes a global buffer overflow (underflow?) reported by ASAN as follows: ERROR: AddressSanitizer: global-buffer-overflow on address \ 0x000100144e3f at pc 0x000100084424 bp 0x00016fdfd380 sp 0x00016fdfd378 READ of size 1 at 0x000100144e3f thread T0 #0 0x100084420 in put_a_line main.c:975 #1 0x100082974 in putout main.c:895 eclipse-cyclonedds#2 0x100080ab4 in mcpp_main main.c:753 eclipse-cyclonedds#3 0x10007d3fc in mcpp_lib_main main.c:430 eclipse-cyclonedds#4 0x10000a230 in idlc_parse idlc.c:375 eclipse-cyclonedds#5 0x100006f1c in main idlc.c:772 eclipse-cyclonedds#6 0x181d51054 (<unknown module>) 0x000100144e3f is located 1 bytes before global variable 'output' \ defined in 'src/tools/idlpp/src/main.c' (0x100144e40) of size 262144 0x000100144e3f is located 23 bytes after global variable 'src_col' \ defined in 'src/tools/idlpp/src/main.c' (0x100144e20) of size 8 Triggered by the following input ("hexdump -C" output): 00000000 23 fc ff 0a 23 64 65 66 69 6e 65 20 69 0a 23 64 |#...#define i.#d| 00000010 65 66 69 6e 65 20 4a 00 0a 20 4a 00 0a 23 64 69 |efine J.. J..#di| 00000020 44 66 7f f8 ff ff 66 00 32 44 0a 23 64 69 69 6e |Df....f.2D.#diin| 00000030 65 20 4a 32 32 32 44 12 64 27 ff 7f ff 23 3e 69 |e J222D.d'...#>i| 00000040 0a |.| 00000041 (I tried to reduce it further, but gave up.) The problem is caused by scanning for the last non-whitespace character just before outputting a line without accounting for the case where the line consists solely of whitespace. Credits for finding the bug: - Carlos Andres Ramirez (https://carlos.engineer) - Goktug Serez (https://github.com/g0ku704) - Xin Huang (https://github.com/xinhuang) Signed-off-by: Erik Boasson <eb@ilities.com>
- Loading branch information