[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: out of bounds heap read in scan_node_contents
From: |
Gavin Smith |
Subject: |
Re: out of bounds heap read in scan_node_contents |
Date: |
Mon, 23 Jan 2017 20:52:14 +0000 |
On 23 January 2017 at 20:37, Gavin Smith <address@hidden> wrote:
> On 23 January 2017 at 20:36, Hanno Böck <address@hidden> wrote:
>> Hi,
>>
>> On Sat, 21 Jan 2017 20:58:40 +0000
>> Gavin Smith <address@hidden> wrote:
>>
>>> I didn't reproduce this with the latest development version. Perhaps
>>> one of the other changes fixed the problem.
>>
>> Have you tried to reproduce this with svn trunk?
>>
>> I actually just noted that this doesn't reproduce with an older compile
>> I have, but it does in latest svn trunk. So maybe one of the other
>> fixes introduced this?
>>
>> From my current list of files this is the last bug, but I'll let the
>> fuzzer run again to see if I find more.
>
> I just tried it with -fsanitize=address and got the error. For some
> reason, the version of valgrind I have installed didn't see anything
> wrong. I don't have a fix yet.
The difference appears to be in how 'memcmp' is run. Apparently it can
access bytes after those that indicate a difference between the two
operands. I'm not sure if it should be valid to use 'memcmp' to check
if we are looking at a particular string within a valid area of
memory, but changing it to strncmp removes the problem. 'strncmp'
doesn't look at anything past a null byte at the end of the buffer.