AddressSanitizer: store to null pointer of type 'char' in str.h #31

Closed
PerGraa opened this Issue Nov 3, 2016 · 0 comments

Projects

None yet

2 participants

@PerGraa
Contributor
PerGraa commented Nov 3, 2016

Crash bug found while fuzzing with afl and verified with sanitizer.

I have a fix ready, pull request is coming up.

Dump the test into example/jsontest/
store_to_null_pointer.json.txt

graa@luvm:~/json/jvar$ cmake -DCMAKE_CXX_FLAGS="-fsanitize=address,undefined -Wformat -Werror=format-security -Werror=array-bounds -ggdb3" .
-- CXX11 = OFF
-- CMAKE_CXX_FLAGS = -fsanitize=address,undefined -Wformat -Werror=format-security -Werror=array-bounds -ggdb3 -O3 -Wall -Wextra -Wno-unused-parameter -Wno-variadic-macros -Wno-ignored-qualifiers -D_GLIBCXX_USE_CXX11_ABI=0
-- AUTOADDPROP = OFF
-- Configuring done
-- Generating done
-- Build files have been written to: /home/graa/json/jvar
graa@luvm:~/json/jvar$ make
<snip>
graa@luvm:~/json/jvar$ cd bin/
graa@luvm:~/json/jvar/bin$ ./ex_jsonparse 
Parsed...
toString={"id":9781460700297,"name":"manuscript found in accra","price":12.5}

toJsonString={
	"id":9781460700297,
	"name":"manuscript found in accra",
	"price":12.5
}

Running test on json files in ../example/jsontest directory....

Filename: '../example/jsontest/store_to_null_pointer.json' should fail
/home/graa/json/jvar/include/str.h:540:29: runtime error: store to null pointer of type 'char'
ASAN:SIGSEGV
=================================================================
==2886==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000414d8a bp 0x0fffa6c16d26 sp 0x7ffd360b6900 T0)
    #0 0x414d89 in jvar::Parser::expectErr(char, char const*) /home/graa/json/jvar/src/str.cpp:663
    #1 0x47abd6 in jvar::Parser::advance(char) /home/graa/json/jvar/include/str.h:754
    #2 0x47abd6 in jvar::JsonParser::parseMembers(jvar::Variant&) /home/graa/json/jvar/src/json.cpp:85
    #3 0x47c6a2 in jvar::JsonParser::parseObject(jvar::Variant&) /home/graa/json/jvar/src/json.cpp:58
    #4 0x47eb93 in jvar::JsonParser::JsonParser(jvar::Variant&, char const*, unsigned int) /home/graa/json/jvar/src/json.cpp:29
    #5 0x42ff12 in jvar::Variant::parseJson(char const*) /home/graa/json/jvar/src/var.cpp:41
    #6 0x407250 in testJsonSuite() /home/graa/json/jvar/example/jsonparse.cpp:115
    #7 0x406824 in main /home/graa/json/jvar/example/jsonparse.cpp:175
    #8 0x7f63a44bc82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #9 0x406a78 in _start (/home/graa/json/jvar/bin/ex_jsonparse+0x406a78)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/graa/json/jvar/src/str.cpp:663 jvar::Parser::expectErr(char, char const*)
==2886==ABORTING
graa@luvm:~/json/jvar/bin$ 
@PerGraa PerGraa added a commit to PerGraa/jvar that referenced this issue Nov 3, 2016
@PerGraa PerGraa Fix issue #31 e6d37ff
@YasserAsmi YasserAsmi closed this Nov 21, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment