-
Notifications
You must be signed in to change notification settings - Fork 199
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Out of bounds heap read in skel_instance_of / put.c #398
Comments
Nice catch .. I can also see this with valgrind now. I'll look into what's going on there. |
lutter
added a commit
to lutter/augeas
that referenced
this issue
Sep 25, 2016
We used to always access skel->skels; but that is only valid if the tag for skel->skels is L_CONCAT or L_STAR. Because of this, we could, for example access skel->skels for a skel tagged as L_DEL, which is illegal. This patch adds a fix to the L_CONCAT case so that we only look at skel->skels if the skel is tagged that way. Fixes hercules-team#398
For posterity, here's a simpler test case that exposes this problem:
Unfortunately, I don't know how to turn that into an actual test without requiring running all tests with address sanitizer, which is not fun, to say the least. |
lutter
added a commit
that referenced
this issue
Sep 28, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There's an out of bounds read access that is triggered by running make check and can be detected using Address Sanitizer.
To reproduce:
The error happens in test_vstab. Manually run it:
ASAN_OPTIONS="fast_unwind_on_check=0:fast_unwind_on_fatal=0:fast_unwind_on_malloc=0" src/augparse --nostdinc -I ./lenses ./lenses/tests/test_vfstab.aug
(these asan options make the test much slower, but give more detailed stack traces).
Here's the full error message from Address Sanitizer:
The text was updated successfully, but these errors were encountered: