Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pack: fix type confusion bugs. Amongst other OSS-Fuzz 5136174263566336 #3115

Merged
merged 1 commit into from Feb 23, 2021
Merged

pack: fix type confusion bugs. Amongst other OSS-Fuzz 5136174263566336 #3115

merged 1 commit into from Feb 23, 2021

Conversation

DavidKorczynski
Copy link
Contributor

@DavidKorczynski DavidKorczynski commented Feb 23, 2021

This a fairly important fix, in that many plugins call flb_pack_msgpack_to_json_format, however there are some important bugs in this function due to missing checking of the type of msgpack objects. This leads to type confusion bugs that interprets whatever is on the stack as msgpack maps and arrays. This leads to all sorts of trouble.

Signed-off-by: davkor david@adalogics.com


Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

  • [N/A] Example configuration file for the change
  • [N/A] Debug log output from testing the change
  • [N/A] Attached Valgrind output that shows no leaks or memory corruption was found

Documentation

  • [N/A] Documentation required for this feature

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

@edsiper edsiper merged commit 172f393 into fluent:master Feb 23, 2021
2 checks passed
edsiper pushed a commit that referenced this pull request Mar 2, 2021
DrewZhang13 pushed a commit to DrewZhang13/fluent-bit that referenced this pull request May 3, 2021
DrewZhang13 pushed a commit to DrewZhang13/fluent-bit that referenced this pull request May 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants