Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEGV in function ClientDataSet_getValues #82

Closed
fouzhe opened this issue Nov 3, 2018 · 2 comments
Closed

SEGV in function ClientDataSet_getValues #82

fouzhe opened this issue Nov 3, 2018 · 2 comments

Comments

@fouzhe
Copy link

fouzhe commented Nov 3, 2018

I used gcc 5.4 and AddressSanitizer(export CFLAGS="-g -fsanitize=address" CXXFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address" before make) to build libiec61850.

First, I run the server_example_basic_io in directory libiec61850/examples/server_example_basic_io by command sudo ./server_example_basic_io so that the server is set up. Then I tested iec61850_client_example4 in directory libiec61850/examples/iec61850_client_example4 by command sudo ./client_example4. But I got SEGV in function ClientDataSet_getValues in ied_connection.c.

This is the ASAN information:

=================================================================
==13178==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x000000412330 bp 0x7ffedff5df40 sp 0x7ffedff5df30 T0)
    #0 0x41232f in ClientDataSet_getValues src/iec61850/client/ied_connection.c:216
    #1 0x402a06 in main /home/fouzhe/libiec61850_pure/libiec61850/examples/iec61850_client_example4/client_example4.c:77
    #2 0x7f8f5eb6682f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #3 0x402658 in _start (/home/fouzhe/libiec61850_pure/libiec61850/examples/iec61850_client_example4/client_example4+0x402658)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV src/iec61850/client/ied_connection.c:216 ClientDataSet_getValues
==13178==ABORTING
@rfrohl
Copy link

rfrohl commented Nov 6, 2018

CVE-2018-18937

@mzillgith
Copy link
Contributor

I see. This is because the example code didn't check the result when creating the data set and then passing a NULL pointer to the next call. I fixed the example.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants