Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

encode buffer overflow #75

Open
doitian opened this issue Jan 20, 2018 · 3 comments
Open

encode buffer overflow #75

doitian opened this issue Jan 20, 2018 · 3 comments

Comments

@doitian
Copy link

doitian commented Jan 20, 2018
edited
Loading 

Assertion failed: (sz <= size-SIZEOF_LENGTH), function encode_object, file lualib-src/sproto/sproto.c, line 733.

如果先 encode 其它的,在 encode 这个有问题的就没问题。怀疑 expand_buffer 没起作用,可能是 data 刚好写满触发了哪里的临界条件。
@cloudwu
Copy link
Owner

cloudwu commented Jan 21, 2018

建议用 valgrind 在你能出错的环境做个测试。最好能提供 MWE 最小工作案例。

@doitian
Copy link
Author

doitian commented Jan 22, 2018

这是个可以重现的测试文件
https://gist.github.com/doitian/649e941f94e400e0d85bb8b6586036ab

cloudwu added a commit that referenced this issue Jan 23, 2018
@cloudwu
bugfix #75
4e089fa
@cloudwu
Copy link
Owner

cloudwu commented Jan 23, 2018

谢谢,我找到了问题。

是因为代码中在判断 buffer 是否够的时候使用了 if (size < sizeof(uint64_t)) 这样的写法,而 sizeof 是一个无符号数,当 size 为负数的时候,条件不成立。

见相关提交。

cloudwu added a commit that referenced this issue Jan 23, 2018
@cloudwu
bugfix #75
c0075e6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@doitian @cloudwu