Skip to content

Commit

Permalink
ASan: Fix stack overflow in system_unittest
Browse files Browse the repository at this point in the history 
This change fixes the following buffer overflow in system_unittest,
found by running `make tests` with AddressSanitizer:

==30977==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffddc9c3055 at pc 0x7ff7ec00f2d5 bp 0x7ffddc9c2ca0 sp 0x7ffddc9c2448
READ of size 6 at 0x7ffddc9c3055 thread T0
    #0 0x7ff7ec00f2d4  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x472d4)
    #1 0x44fa17 in write_pid_to_path_basic_Test::TestBody() system_unittest.cc:132

Address 0x7ffddc9c3055 is located in stack of thread T0 at offset 805 in frame
    #0 0x44ef6f in write_pid_to_path_basic_Test::TestBody() system_unittest.cc:121

  This frame has 7 object(s):
    [32, 40) 'path'
    [96, 104) 'fp'
    [160, 176) 'gtest_ar'
    [224, 256) '<unknown>'
    [288, 320) '<unknown>'
    [352, 744) 'ss'
    [800, 805) 'data' <== Memory access at offset 805 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 ??
Shadow bytes around the buggy address:
  0x10003b9305b0: f2 f2 00 f4 f4 f4 f2 f2 f2 f2 00 00 f4 f4 f2 f2
  0x10003b9305c0: f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2
  0x10003b9305d0: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10003b9305e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10003b9305f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10003b930600: 00 00 00 f4 f4 f4 f2 f2 f2 f2[05]f4 f4 f4 f3 f3
  0x10003b930610: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10003b930620: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
  0x10003b930630: 00 00 f4 f4 f3 f3 f3 f3 00 00 00 00 00 00 00 00
  0x10003b930640: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
  0x10003b930650: 00 00 f4 f4 f3 f3 f3 f3 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==30977==ABORTING

Bug: None
Test: make tests (with -fsanitize=address in {C,CXX}FLAGS).
Change-Id: If5145d60f34664c39b560bf5a739bdac7ee689b6
  • Loading branch information
@lhchavez
lhchavez authored and Treehugger Robot committed Sep 1, 2017
1 parent acfb8be commit 24b64c2
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion system_unittest.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ TEST(write_pid_to_path, basic) {
FILE *fp = fopen(path, "re");
unlink(path);
EXPECT_NE(nullptr, fp);
char data[5];
char data[6] = {};
EXPECT_EQ(5u, fread(data, 1, sizeof(data), fp));
fclose(fp);
EXPECT_EQ(0, strcmp(data, "1234\n"));
Expand Down

0 comments on commit 24b64c2

Please sign in to comment.