Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix vulnerabilities found by fuzzer. #6579

Merged
merged 4 commits into from
Aug 6, 2023
Merged

Fix vulnerabilities found by fuzzer. #6579

merged 4 commits into from
Aug 6, 2023

Conversation

thomp-j
Copy link
Contributor

@thomp-j thomp-j commented Jul 27, 2023

Reference Issue

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49783
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44520

What does this implement/fix? Explain your changes.

(1) During fuzzing, it's possible that one atom object is added to the same Stereo group multiple times. The replaceAtom function only replaces a single occurrence. The code later references the second copy of the atom in the stereo group (which wasn't replaced) which accesses deleted memory. This change replaces all copies of an atom during the replaceAtom process.

(2) Catches situations during fuzzing where index values for text substrings in ParseOldAtomList could go out of range.

Any other comments?

@greglandrum
Copy link
Member

@thomp-j thanks for the contribution.
There's a typo in the code which is causing the builds to fail

@thomp-j
Fix Typo in RWMol.cpp
7695db0
@thomp-j
Update RWMol.cpp
f1d462a 
This is an attempt to double check where the test failure is coming from.
@thomp-j
Update RWMol.cpp
da73c6d 
Re-adding changes to test tests.
@greglandrum
Copy link
Member

@thomp-j : the most recent CI failure (after da73c6d) may not be real. I'm re-running the failing test to verify

@thomp-j
Copy link
Contributor Author

thomp-j commented Aug 4, 2023

Thanks for re-running. I was hoping that was the case - things look better now.

@greglandrum
Copy link
Member

Thanks for re-running. I was hoping that was the case - things look better now.

Yep. If you are ready I will go ahead and do the "review" and merge the fix

@thomp-j
Copy link
Contributor Author

thomp-j commented Aug 4, 2023

Thanks for re-running. I was hoping that was the case - things look better now.

Yep. If you are ready I will go ahead and do the "review" and merge the fix

I think we are ready to go!

@greglandrum greglandrum added the bug label Aug 6, 2023
@greglandrum greglandrum added this to the 2023_03_3 milestone Aug 6, 2023
greglandrum
greglandrum approved these changes Aug 6, 2023
View reviewed changes
Copy link
Member

@greglandrum greglandrum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@greglandrum
Copy link
Member

@thomp-j thanks for the contribution!

@greglandrum greglandrum merged commit 7053e97 into rdkit:master Aug 6, 2023
10 checks passed
greglandrum pushed a commit that referenced this pull request Aug 17, 2023
@thomp-j @greglandrum
Fix vulnerabilities found by fuzzer. (#6579)
20a759c 
* Fix vulnerabilities found by fuzzer.

* Fix Typo in RWMol.cpp

* Update RWMol.cpp

This is an attempt to double check where the test failure is coming from.

* Update RWMol.cpp

Re-adding changes to test tests.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@greglandrum greglandrum greglandrum approved these changes

Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
2023_03_3
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@thomp-j @greglandrum