You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ntopng version/revision: latest commit at testing time(8786f06)
What happened:
The value Prefs::housekeeping_frequency is used uninitialized in both ProtoCounter::incStats and CategoryCounter::incStats when the Prefs object is created with the constructor at src/Prefs.cpp:39. Adding an initialization for that field inside the constructor should solve the issue.
For the nature of the code involved (logging of statistics), at a first analysis we don’t think the bug is security-relevant, hence the public report. Please double-check.
How did you reproduce it?
The bug was found in the context of an ongoing research about use-of-uninitialized-memory (UUM) errors while fuzzing. To reproduce it, a tool to detect memory-safety issues like valgrind is needed. With valgrind, you can reproduce the bug with a command similar to valgrind --track-origins=yes ./fuzz_dissect_packet bug/testcase. The binary program was built starting from the fuzzing harness you made available for OSS-Fuzz (i.e. fuzz_dissect_packet) with a main function that simply opens a file, reads its content and passes it to LLVMFuzzerTestOneInput.
Environment:
What happened:
The value
Prefs::housekeeping_frequencyis used uninitialized in bothProtoCounter::incStatsandCategoryCounter::incStatswhen thePrefsobject is created with the constructor at src/Prefs.cpp:39. Adding an initialization for that field inside the constructor should solve the issue.For the nature of the code involved (logging of statistics), at a first analysis we don’t think the bug is security-relevant, hence the public report. Please double-check.
How did you reproduce it?
The bug was found in the context of an ongoing research about use-of-uninitialized-memory (UUM) errors while fuzzing. To reproduce it, a tool to detect memory-safety issues like valgrind is needed. With valgrind, you can reproduce the bug with a command similar to
valgrind --track-origins=yes ./fuzz_dissect_packet bug/testcase. The binary program was built starting from the fuzzing harness you made available for OSS-Fuzz (i.e. fuzz_dissect_packet) with a main function that simply opens a file, reads its content and passes it toLLVMFuzzerTestOneInput.Debug Information:
In the attached archive you will find:
bugcontaining information about the reported bugbug/testcase)bug/callstack)bug/valgrind)The text was updated successfully, but these errors were encountered: