Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Heap buffer overflow in string_match benchmark when malloc is used. #9

Open
dimstav23 opened this issue Apr 12, 2024 · 0 comments · May be fixed by #10
Open

Heap buffer overflow in string_match benchmark when malloc is used. #9

dimstav23 opened this issue Apr 12, 2024 · 0 comments · May be fixed by #10

Comments

@dimstav23
Copy link

Heap buffer overflow in string_match benchmark when malloc is used.

How to reproduce:

Compile the benchmarks with a patch that enables the NO_MMAP flag and AddressSanitizer (ASan):

$ git clone https://github.com/kozyraki/phoenix.git

$ cd phoenix/phoenix-2.0/

$ echo 'diff --git a/phoenix-2.0/tests/string_match/Makefile b/phoenix-2.0/tests/string_match/Makefile
index be7d94b..310b965 100644
--- a/phoenix-2.0/tests/string_match/Makefile
+++ b/phoenix-2.0/tests/string_match/Makefile
@@ -46,16 +46,16 @@ default: all
 all: $(PROGS)
 
 string_match: $(STR_MATCH_OBJS) $(LIB_DEP)
-    $(CC) $(CFLAGS) -o $@ $(STR_MATCH_OBJS) $(LIBS)
+    $(CC) $(CFLAGS) -o $@ $(STR_MATCH_OBJS) $(LIBS) -fsanitize=address
 
 string_match-seq: $(STR_MATCH_SEQ_OBJS)
-    $(CC) $(CFLAGS) -o $@ $(STR_MATCH_SEQ_OBJS) $(LIBS)
+    $(CC) $(CFLAGS) -o $@ $(STR_MATCH_SEQ_OBJS) $(LIBS) -fsanitize=address
 
 string_match-pthread: $(STR_MATCH_PTHREAD_OBJS)
-    $(CC) $(CFLAGS) -o $@ $(STR_MATCH_PTHREAD_OBJS) $(LIBS)
+    $(CC) $(CFLAGS) -o $@ $(STR_MATCH_PTHREAD_OBJS) $(LIBS) -fsanitize=address
 
 %.o: %.c
-    $(CC) $(CFLAGS) -c $< -o $@ -I$(HOME)/$(INC_DIR)
+    $(CC) $(CFLAGS) -c $< -o $@ -I$(HOME)/$(INC_DIR) -DNO_MMAP=1 -fsanitize=address
 
 clean:
     rm -f $(PROGS) $(STR_MATCH_OBJS) $(STR_MATCH_SEQ_OBJS) $(STR_MATCH_PTHREAD_OBJS)' > sm_overflow.patch

$ git apply sm_overflow.patch

$ make

Retrieve the inputs for the string_match benchmark:

$ cd tests/string_match

$ wget http://csl.stanford.edu/~christos/data/string_match.tar.gz

$ tar -xvf string_match.tar.gz

Run the string_matchbenchmark and observe the output of ASan:

$ ./string_match string_match_datafiles/key_file_50MB.txt

How to fix:

To fix the issue, you need to add 1 byte in the malloc call (to match the one used by the default mmap).
Then, the execution with ASan no longer reports the heap buffer overflow.
A sample patch is attached to this issue.
sm_overflow_fix_patch.txt

Tested on:

OS: Ubuntu 22.04.4 LTS
Kernel: 6.2.0-39-generic
gcc: 11.4.0
@dimstav23 dimstav23 changed the title Heap buffer overflow in string_match benchmark when malloc is used. [minor] Heap buffer overflow in string_match benchmark when malloc is used. Apr 12, 2024
@dimstav23 dimstav23 linked a pull request Apr 12, 2024 that will close this issue
Open
@dimstav23 dimstav23 changed the title [minor] Heap buffer overflow in string_match benchmark when malloc is used. Heap buffer overflow in string_match benchmark when malloc is used. Apr 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix heap buffer overflow for string_match benchmark when NO_MMAP flag is used. dimstav23/phoenix
1 participant
@dimstav23