New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segmentation fault with crafted sample in lib/ofx_containers_misc.cpp OfxPushUpContainer::add_attribute #11

Closed
fgeek opened this Issue Nov 5, 2017 · 2 comments

Comments

Projects
None yet
2 participants
@fgeek

fgeek commented Nov 5, 2017

Create reproducer file:

echo "<OFX><OO<OFX</>0</>0" > libofx-ofxdump-OfxPushUpContainer-add_attribute-segfault-min-001.ofx

Execute:

./bin/ofxdump libofx-ofxdump-OfxPushUpContainer-add_attribute-segfault-min-001.ofx

Output:

(Above message occurred on Line 1, Column 20)
ASAN:SIGSEGV
=================================================================
==7788==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f753b0db21c sp 0x7ffd7cbd5870 bp 0x60400004cea8 T0)
    #0 0x7f753b0db21b in OfxPushUpContainer::add_attribute(std::string, std::string) /home/hsalo/src/libofx/lib/ofx_containers_misc.cpp:65
    #1 0x7f753b134a7c in OFXApplication::endElement(SGMLApplication::EndElementEvent const&) /home/hsalo/src/libofx/lib/ofx_sgml.cpp:238
    #2 0x7f7539a35c2e in OpenSP::GenericEventHandler::endElement(OpenSP::EndElementEvent*) /home/hsalo/src/OpenSP-1.5.2/lib/GenericEventHandler.cxx:155
    #3 0x7f7539d18955 in OpenSP::Parser::implyCurrentElementEnd(OpenSP::Location const&) /home/hsalo/src/OpenSP-1.5.2/lib/parseInstance.cxx:1177
    #4 0x7f7539d18fe3 in OpenSP::Parser::endAllElements() /home/hsalo/src/OpenSP-1.5.2/lib/parseInstance.cxx:1124
    #5 0x7f7539d24b87 in OpenSP::Parser::endInstance() /home/hsalo/src/OpenSP-1.5.2/lib/parseInstance.cxx:59
    #6 0x7f7539d3bc1f in OpenSP::Parser::doContent() /home/hsalo/src/OpenSP-1.5.2/lib/parseInstance.cxx:93
    #7 0x7f7539afb3e7 in OpenSP::Parser::parseAll(OpenSP::EventHandler&, int const volatile*) /home/hsalo/src/OpenSP-1.5.2/lib/Parser.cxx:254
    #8 0x7f7539b11729 in OpenSP::ParserApp::parseAll(OpenSP::SgmlParser&, OpenSP::EventHandler&, int const volatile*) /home/hsalo/src/OpenSP-1.5.2/lib/ParserApp.cxx:97
    #9 0x7f7539b1ca10 in OpenSP::ParserEventGenerator::run(SGMLApplication&) /home/hsalo/src/OpenSP-1.5.2/lib/ParserEventGeneratorKit.cxx:197
    #10 0x7f753b130a0e in ofx_proc_sgml(LibofxContext*, int, char* const*) /home/hsalo/src/libofx/lib/ofx_sgml.cpp:385
    #11 0x7f753b0b69ad in ofx_proc_file(void*, char const*) /home/hsalo/src/libofx/lib/ofx_preproc.cpp:386
    #12 0x7f753b0a8762 in libofx_proc_file /home/hsalo/src/libofx/lib/file_preproc.cpp:94
    #13 0x402b82 in main /home/hsalo/src/libofx/ofxdump/ofxdump.cpp:491
    #14 0x7f753a4ddb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
    #15 0x40312c (/home/hsalo/builds/libofx/2017-10-31/bin/ofxdump+0x40312c)

Credit: Henri Salo from Nixu Corporation

cstim added a commit that referenced this issue Nov 6, 2017

Issue #11: Fix crash on some malformed input.
#11
Credit: Henri Salo from Nixu Corporation
@cstim

This comment has been minimized.

Show comment
Hide comment
@cstim

cstim Nov 6, 2017

Collaborator

Thanks for the description. The crash with this example is fixed.

Are you interested in commit priviledges? I'd rather like to keep away from active hacking in this library - my own involvement was too long ago. Thanks!

Collaborator

cstim commented Nov 6, 2017

Thanks for the description. The crash with this example is fixed.

Are you interested in commit priviledges? I'd rather like to keep away from active hacking in this library - my own involvement was too long ago. Thanks!

@cstim cstim closed this Nov 6, 2017

@fgeek

This comment has been minimized.

Show comment
Hide comment
@fgeek

fgeek Nov 30, 2017

@cstim Thank you, but I can send pull requests. No need for additional privileges.

fgeek commented Nov 30, 2017

@cstim Thank you, but I can send pull requests. No need for additional privileges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment