Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NULL pointer dereference in D4ParserSax2 #39

Closed
gy741 opened this issue Jan 29, 2018 · 2 comments
Closed

NULL pointer dereference in D4ParserSax2 #39

gy741 opened this issue Jan 29, 2018 · 2 comments

Comments

@gy741
Copy link

gy741 commented Jan 29, 2018

Hello.

I found a NULL pointer dereference in libdap4.

Please confirm.

Thanks.

OS: CentOS 7 64bit
Version: commit 9806db1
PoC Download: Null_D4ParserSax2.zip

Steps to reproduce:
1.Download the .POC files.
2.Execute the following command
: ./dmr-test -p $FILE

ASAN:DEADLYSIGNAL
=================================================================
==20816==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004b2c1f bp 0x7ffc42e12560 sp 0x7ffc42e11c90 T0)
==20816==The signal is caused by a READ memory access.
==20816==Hint: address points to the zero page.
    #0 0x4b2c1e in AddressIsPoisoned /home/karas/src/llvm/projects/compiler-rt/lib/asan/asan_mapping.h:322
    #1 0x4b2c1e in QuickCheckForUnpoisonedRegion /home/karas/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:43
    #2 0x4b2c1e in printf_common(void*, char const*, __va_list_tag*) /home/karas/src/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors_format.inc:529
    #3 0x4b5725 in __interceptor_vsnprintf /home/karas/src/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1396
    #4 0x7dda14 in libdap::D4ParserSax2::dmr_error(void*, char const*, ...) /home/karas/libdap4/D4ParserSax2.cc:1223:5
    #5 0x7e150f in libdap::D4ParserSax2::process_dimension_def(char const*, unsigned char const**, int) /home/karas/libdap4/D4ParserSax2.cc:209:9
    #6 0x7f82fb in libdap::D4ParserSax2::dmr_start_element(void*, unsigned char const*, unsigned char const*, unsigned char const*, int, unsigned char const**, int, int, unsigned char const**) /home/karas/libdap4/D4ParserSax2.cc:704:30
    #7 0x7fedad7648cf  (/lib64/libxml2.so.2+0x498cf)
    #8 0x7fedad76ae61  (/lib64/libxml2.so.2+0x4fe61)
    #9 0x7fedad76c61d  (/lib64/libxml2.so.2+0x5161d)
    #10 0x8092e7 in libdap::D4ParserSax2::intern(std::istream&, libdap::DMR*, bool) /home/karas/libdap4/D4ParserSax2.cc:1342:9
    #11 0x523d80 in test_dap4_parser(std::string const&, bool, bool) /home/karas/libdap4/tests/dmr-test.cc:94:20
    #12 0x52d2ef in main /home/karas/libdap4/tests/dmr-test.cc:380:15
    #13 0x7fedac74dc04 in __libc_start_main (/lib64/libc.so.6+0x21c04)
    #14 0x42670b in _start (/home/karas/libdap4/tests/dmr-test+0x42670b)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/karas/src/llvm/projects/compiler-rt/lib/asan/asan_mapping.h:322 in AddressIsPoisoned
==20816==ABORTING

==========
[Acknowledgement]
This work was supported by ICT R&D program of MSIP/IITP. [R7518-16-1001, Innovation hub for high Performance Computing]
@udayopen
Copy link

Reproduced, opened ticket:
https://opendap.atlassian.net/browse/HYRAX-598

@jgallagher59701
Copy link
Member

Fixed. See https://opendap.atlassian.net/browse/HYRAX-598. On the branch hyrax-598. I'll issue a pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jgallagher59701 @udayopen @gy741