Fix buffer overflow in tests. #1299
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
CI failure on macOS is a false positive. It is because the |
|
Opened #1300 to update the CI. |
|
Can you rebase this PR now that #1300 is merged? |
collinfunk
force-pushed
the
tests-buffer-overflow-fix
branch
from
8beec74 to
bbf48ed
Compare
|
@michael-grunder Done. |
The length of this string is 30 not 31. This patch fixes a buffer
overflow found by address sanitizer:
```
=================================================================
==564795==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000046531e at pc 0x7efedd8e4ad7 bp 0x7ffd5854d330 sp 0x7ffd5854caf0
READ of size 31 at 0x00000046531e thread T0
#0 0x7efedd8e4ad6 in memcpy (/lib64/libasan.so.8+0xe4ad6) (BuildId: 6a82bb83b1f19d3f3a2118085acf79daa3b52371)
redis#1 0x00000042c7fa in sdscatlen /home/collin/.local/src/hiredis/sds.c:386
redis#2 0x000000450f1d in redisReaderFeed /home/collin/.local/src/hiredis/read.c:729
redis#3 0x0000004057be in test_reply_reader /home/collin/.local/src/hiredis/test.c:853
redis#4 0x0000004057be in main /home/collin/.local/src/hiredis/test.c:2378
redis#5 0x7efedce115f4 in __libc_start_call_main (/lib64/libc.so.6+0x35f4) (BuildId: 2b3c02fe7e4d3811767175b6f323692a10a4e116)
redis#6 0x7efedce116a7 in __libc_start_main@@GLIBC_2.34 (/lib64/libc.so.6+0x36a7) (BuildId: 2b3c02fe7e4d3811767175b6f323692a10a4e116)
redis#7 0x00000040bb54 in _start (/home/collin/.local/src/hiredis/hiredis-test+0x40bb54) (BuildId: eeb44cadf688f5f645493587f947a64fd150c28f)
0x00000046531e is located 34 bytes before global variable '*.LC334' defined in 'test.c' (0x000000465340) of size 5
'*.LC334' is ascii string '6379'
0x00000046531e is located 0 bytes after global variable '*.LC333' defined in 'test.c' (0x000000465300) of size 30
'*.LC333' is ascii string '*1
,3.14159265358979323846
'
SUMMARY: AddressSanitizer: global-buffer-overflow /home/collin/.local/src/hiredis/sds.c:386 in sdscatlen
```
collinfunk
force-pushed
the
tests-buffer-overflow-fix
branch
from
bbf48ed to
62985eb
Compare
michael-grunder
approved these changes
May 12, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The length of this string is 30 not 31. This patch fixes a buffer overflow found by address sanitizer: