Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
btest/bifs/to_port: Test empty string
Ran into this when using to_port(getenv(...)). It crashes under ASAN, but not sure if that's because strtol() is intercepted. Testing CI ``` ================================================================= ==2832157==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55d178a21121 at pc 0x7f5df300127c bp 0x7fffcb3b83b0 sp 0x7fffcb3b7b60 READ of size 1 at 0x55d178a21121 thread T0 #0 0x7f5df300127b in __interceptor_strcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:446 #1 0x55d179d8b954 in zeek::util::streq(char const*, char const*) ../src/util.cc:1107 #2 0x55d17a18d0cd in zeek::BifFunc::to_port_bif(zeek::detail::Frame*, std::vector<zeek::IntrusivePtr<zeek::Val>, std::allocator<zeek::IntrusivePtr<zeek::Val> > > const*) <...>/zeek/build/zeek.bif:2888 #3 0x55d17a16a99b in zeek::detail::BuiltinFunc::Invoke(std::vector<zeek::IntrusivePtr<zeek::Val>, std::allocator<zeek::IntrusivePtr<zeek::Val> > >*, zeek::detail::Frame*) const ../src/Func.cc:706 #4 0x55d17a07b7f3 in zeek::detail::CallExpr::Eval(zeek::detail::Frame*) const ../src/Expr.cc:4709 #5 0x55d17a339bce in zeek::detail::ExprStmt::Exec(zeek::detail::Frame*, zeek::detail::StmtFlowType&) ../src/Stmt.cc:427 #6 0x55d17a33ab6f in zeek::detail::StmtList::Exec(zeek::detail::Frame*, zeek::detail::StmtFlowType&) ../src/Stmt.cc:1649 #7 0x55d179e78b9c in zeek::detail::setup(int, char**, zeek::Options*) ../src/zeek-setup.cc:1063 #8 0x55d17bcfd18d in main ../src/main.cc:13 #9 0x7f5df268cd09 in __libc_start_main ../csu/libc-start.c:308 #10 0x55d179ade2a9 in _start (<...>/zeek/build/src/zeek+0x346c2a9) 0x55d178a21121 is located 63 bytes to the left of global variable '*.LC3' defined in '../src/ZeekString.cc' (0x55d178a21160) of size 11 '*.LC3' is ascii string 'ZeekString' 0x55d178a21121 is located 0 bytes to the right of global variable '*.LC2' defined in '../src/ZeekString.cc' (0x55d178a21120) of size 1 '*.LC2' is ascii string '' SUMMARY: AddressSanitizer: global-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:446 in __interceptor_strcmp Shadow bytes around the buggy address: 0x0abaaf13c1d0: f9 f9 f9 f9 00 00 00 00 06 f9 f9 f9 f9 f9 f9 f9 0x0abaaf13c1e0: 00 00 04 f9 f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 0x0abaaf13c1f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 02 f9 f9 0x0abaaf13c200: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 00 06 f9 f9 0x0abaaf13c210: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 f9 f9 =>0x0abaaf13c220: f9 f9 f9 f9[01]f9 f9 f9 f9 f9 f9 f9 00 03 f9 f9 0x0abaaf13c230: f9 f9 f9 f9 00 05 f9 f9 f9 f9 f9 f9 00 00 00 02 0x0abaaf13c240: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 02 f9 f9 0x0abaaf13c250: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 0x0abaaf13c260: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 0x0abaaf13c270: f9 f9 f9 f9 00 00 02 f9 f9 f9 f9 f9 00 00 00 07 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==2832157==ABORTING ```
- Loading branch information