Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
AddressSanitizer: heap-buffer-overflow daemon/remote/XmlRpc.cpp:896 in XmlCommand::NextParamAsInt(int*) #567
I was playing with Address Sanitizer (https://github.com/google/sanitizers/wiki/AddressSanitizer): compiled nzbget (github version) with it, started nzbget (worked), but as soon as I access nzbget via the webinterface, nzbget stops and the console says the below. So a heap-buffer-overflow daemon/remote/XmlRpc.cpp:896 in XmlCommand::NextParamAsInt(int*).
Is this useful?
Please note: just playing with ASan.
This is how I configured (hacked?) Address Sanitizer aka ASAN into nzbget's Makefile:
Back from holiday, I could spend some time on this: the ASAN heap-buffer-overflow is gone with this code (see original https://github.com/nzbget/nzbget/blob/develop/daemon/remote/XmlRpc.cpp#L896-L900 )
So: just return if the end of the string is reached. I don't know if
@hugbug any feedback on this?
The debugging was this:
... and then de ASAN Heap Overflow kicked in.