OOM when load_file for special folder #560
Description
Sometimes when you use load_file with ASAN for special folder it can cause OOM exception:
root@fuzzing:/home/user/pugixml/src# cat main.cpp
#include "pugixml.hpp"
int main(int argc, char **argv) {
pugi::xml_document doc;
doc.load_file(argv[1], 116U, pugi::encoding_auto);
return 0;
}
root@fuzzing:/home/user/pugixml/src# clang++ -fsanitize=address -g -O0 -ferror-limit=1 main.cpp pugixml.cpp -o main_asan
root@fuzzing:/home/user/pugixml/src# ./main_asan /
root@fuzzing:/home/user/pugixml/src# ./main_asan /home/
root@fuzzing:/home/user/pugixml/src# ./main_asan /home/user/
root@fuzzing:/home/user/pugixml/src# ./main_asan /home/user/pugixml/
=================================================================
==269==ERROR: AddressSanitizer: requested allocation size 0x8000000000000000 (0x8000000000001000 after adjustments for alignment, red zones etc.) exceeds maximum supported size of 0x10000000000 (thread T0)
#0 0x5557c32944be in malloc (/home/user/pugixml/src/main_asan+0xad4be) (BuildId: 20f3d37b214a5fd4245eefc0288fa6b0563186d6)
#1 0x5557c334c6e4 in pugi::impl::(anonymous namespace)::default_allocate(unsigned long) /home/user/pugixml/src/pugixml.cpp:190:10
#2 0x5557c32ec0df in pugi::impl::(anonymous namespace)::load_file_impl(pugi::impl::(anonymous namespace)::xml_document_struct*, _IO_FILE*, unsigned int, pugi::xml_encoding, char**) /home/user/pugixml/src/pugixml.cpp:4836:39
#3 0x5557c32ebd36 in pugi::xml_document::load_file(char const*, unsigned int, pugi::xml_encoding) /home/user/pugixml/src/pugixml.cpp:7347:10
#4 0x5557c32d1a31 in main /home/user/pugixml/src/main.cpp:4:8
#5 0x7f7611ba2d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
==269==HINT: if you don't care about these errors you may set allocator_may_return_null=1
SUMMARY: AddressSanitizer: allocation-size-too-big (/home/user/pugixml/src/main_asan+0xad4be) (BuildId: 20f3d37b214a5fd4245eefc0288fa6b0563186d6) in malloc
==269==ABORTING
root@fuzzing:/home/user/pugixml/src# cat /etc/*release*
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.1 LTS"
PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
root@fuzzing:/home/user/pugixml/src# clang --version
Ubuntu clang version 14.0.6
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
root@fuzzing:/home/user/pugixml/src#
In such cases on Linux fseek return 0 and ftell return INT64_MAX.
You should check if a file is a regular file.