Project

General

Profile

Actions

Bug #2307

closed

Global buffer overflow in TestName::ImplictSha256Digest test case

Added by Davide Pesavento almost 10 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Base
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
0.50 h

Description

==4469==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000bb3a60 at pc 0x98ac3b bp 0x7fff002ac0d0 sp 0x7fff002ac0c0
READ of size 1 at 0x000000bb3a60 thread T0
    #0 0x98ac3a in __copy_m<unsigned char> /usr/include/c++/4.9/bits/stl_algobase.h:378
    #1 0x98ac3a in __copy_move_a<false, unsigned char const*, unsigned char*> /usr/include/c++/4.9/bits/stl_algobase.h:396
    #2 0x98ac3a in __copy_move_a2<false, unsigned char const*, __gnu_cxx::__normal_iterator<unsigned char*, std::vector<unsigned char> > > /usr/include/c++/4.9/bits/stl_algobase.h:434
    #3 0x98ac3a in copy<unsigned char const*, __gnu_cxx::__normal_iterator<unsigned char*, std::vector<unsigned char> > > /usr/include/c++/4.9/bits/stl_algobase.h:466
    #4 0x98ac3a in ndn::EncodingImpl<true>::prependByteArray(unsigned char const*, unsigned long) ../src/encoding/encoding-buffer.hpp:418
    #5 0x98ac3a in prependByteArrayBlock<true> ../src/encoding/encoding-buffer.hpp:241
    #6 0x98ac3a in dataBlock ../src/encoding/block-helpers.hpp:70
    #7 0x98ac3a in ndn::name::Component::Component(unsigned char const*, unsigned long) ../src/name-component.cpp:77
    #8 0x695416 in ndn::Name::append(unsigned char const*, unsigned long) ../src/security/../name.hpp:157
    #9 0x68ea5a in ndn::TestName::ImplictSha256Digest::test_method() ../tests/unit-tests/test-name.cpp:346
    #10 0x6906da in ImplictSha256Digest_invoker ../tests/unit-tests/test-name.cpp:325
    #11 0x44e8fe in invoke<void (*)()> /usr/include/boost/test/utils/callback.hpp:56
    #12 0x44e8fe in boost::unit_test::ut_detail::callback0_impl_t<boost::unit_test::ut_detail::unused, void (*)()>::invoke() /usr/include/boost/test/utils/callback.hpp:89
    #13 0x7f497b1ea5a0 (/usr/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.55.0+0x685a0)
    #14 0x7f497b1c5865 in boost::execution_monitor::catch_signals(boost::unit_test::callback0<int> const&) (/usr/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.55.0+0x43865)
    #15 0x7f497b1c60a2 in boost::execution_monitor::execute(boost::unit_test::callback0<int> const&) (/usr/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.55.0+0x440a2)
    #16 0x7f497b1ea6a1 in boost::unit_test::unit_test_monitor_t::execute_and_translate(boost::unit_test::test_case const&) (/usr/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.55.0+0x686a1)
    #17 0x7f497b1d42f3 in boost::unit_test::framework_impl::visit(boost::unit_test::test_case const&) (/usr/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.55.0+0x522f3)
    #18 0x7f497b2032d2 in boost::unit_test::traverse_test_tree(boost::unit_test::test_suite const&, boost::unit_test::test_tree_visitor&) (/usr/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.55.0+0x812d2)
    #19 0x7f497b2032d2 in boost::unit_test::traverse_test_tree(boost::unit_test::test_suite const&, boost::unit_test::test_tree_visitor&) (/usr/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.55.0+0x812d2)
    #20 0x7f497b1cf819 in boost::unit_test::framework::run(unsigned long, bool) (/usr/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.55.0+0x4d819)
    #21 0x7f497b1e8283 in boost::unit_test::unit_test_main(bool (*)(), int, char**) (/usr/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.55.0+0x66283)
    #22 0x8390cc in main /usr/include/boost/test/unit_test.hpp:59
    #23 0x7f4979cd9ec4 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
    #24 0x43bcd8 (/home/davide/ndn-cxx/build/unit-tests+0x43bcd8)

0x000000bb3a60 is located 32 bytes to the left of global variable '__PRETTY_FUNCTION__' from '../tests/unit-tests/test-name.cpp' (0xbb3a80) of size 225
  '__PRETTY_FUNCTION__' is ascii string 'typename boost::detail::sp_dereference<T>::type boost::shared_ptr<T>::operator*() const [with T = boost::basic_wrap_stringstream<char>; typename boost::detail::sp_dereference<T>::type = boost::basic_wrap_stringstream<char>&]'
0x000000bb3a60 is located 0 bytes to the right of global variable 'DIGEST' from '../tests/unit-tests/test-name.cpp' (0xbb3a40) of size 32

SUMMARY: AddressSanitizer: global-buffer-overflow /usr/include/c++/4.9/bits/stl_algobase.h:378 __copy_m<unsigned char>
Shadow bytes around the buggy address:
  0x00008016e6f0: 00 00 00 00 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x00008016e700: 00 00 00 03 f9 f9 f9 f9 00 00 06 f9 f9 f9 f9 f9
  0x00008016e710: 00 00 00 00 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x00008016e720: 00 01 f9 f9 f9 f9 f9 f9 00 00 00 00 00 01 f9 f9
  0x00008016e730: f9 f9 f9 f9 00 00 00 00 00 00 07 f9 f9 f9 f9 f9
=>0x00008016e740: 05 f9 f9 f9 f9 f9 f9 f9 00 00 00 00[f9]f9 f9 f9
  0x00008016e750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008016e760: 00 00 00 00 00 00 00 00 00 00 00 00 01 f9 f9 f9
  0x00008016e770: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008016e780: 00 00 00 00 00 00 00 07 f9 f9 f9 f9 05 f9 f9 f9
  0x00008016e790: f9 f9 f9 f9 00 00 00 00 02 f9 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:           fe
==4469==ABORTING

Related issues 1 (0 open1 closed)

Blocks NFD - Task #2589: CI: enable AddressSanitizer for unit testsClosedDavide Pesavento

Actions
Actions

Also available in: Atom PDF