Uploaded image for project: 'MariaDB Connector/C++'
  1. MariaDB Connector/C++
  2. CONCPP-14

Heap buffer overflow found with ASAN

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Fixed
    • None
    • 0.9.3
    • General
    • None

    Description

      When running the test suite via ASAN we see this:

      ==215356==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000055734 at pc 0x7f72b240a87d bp 0x7ffed27a03d0 sp 0x7ffed27a03c0
      READ of size 4 at 0x603000055734 thread T0
          #0 0x7f72b240a87c in store_param /home/linuxjedi/Programming/Git/mariadb-connector-cpp/libmariadb/libmariadb/mariadb_stmt.c:616
          #1 0x7f72b240bfb6 in mysql_stmt_execute_generate_simple_request /home/linuxjedi/Programming/Git/mariadb-connector-cpp/libmariadb/libmariadb/mariadb_stmt.c:824
          #2 0x7f72b241a366 in mysql_stmt_execute /home/linuxjedi/Programming/Git/mariadb-connector-cpp/libmariadb/libmariadb/mariadb_stmt.c:2052
          #3 0x7f72b28498d9 in sql::mariadb::capi::QueryProtocol::executePreparedQuery(bool, sql::mariadb::ServerPrepareResult*, std::shared_ptr<sql::mariadb::Results>&, std::vector<std::shared_ptr<sql::mariadb::ParameterHolder>, std::allocator<std::shared_ptr<sql::mariadb::ParameterHolder> > >&) /home/linuxjedi/Programming/Git/mariadb-connector-cpp/src/protocol/capi/QueryProtocol.cpp:991
          #4 0x7f72b28fdaf3 in sql::mariadb::ServerSidePreparedStatement::executeInternal(int) /home/linuxjedi/Programming/Git/mariadb-connector-cpp/src/ServerSidePreparedStatement.cpp:402
          #5 0x7f72b28e0aeb in sql::mariadb::BasePrepareStatement::execute() /home/linuxjedi/Programming/Git/mariadb-connector-cpp/src/BasePrepareStatement.cpp:1420
          #6 0x43d705 in test_prep_statement_0 /home/linuxjedi/Programming/Git/mariadb-connector-cpp/test/test_common.cpp:1673
          #7 0x45cea2 in run_tests(int, char const**) /home/linuxjedi/Programming/Git/mariadb-connector-cpp/test/test_common.cpp:3202
          #8 0x45e0d3 in main /home/linuxjedi/Programming/Git/mariadb-connector-cpp/test/driver_test.cpp:89
          #9 0x7f72b1ea3041 in __libc_start_main ../csu/libc-start.c:308
          #10 0x40d68d in _start (/home/linuxjedi/Programming/Git/mariadb-connector-cpp/test/driver_test+0x40d68d)
       
      0x603000055734 is located 0 bytes to the right of 20-byte region [0x603000055720,0x603000055734)
      allocated by thread T0 here:
          #0 0x7f72b2ba1067 in operator new(unsigned long) (/lib64/libasan.so.6+0xb2067)
          #1 0x7f72b2753e24 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char*>(char*, char*, std::forward_iterator_tag) /usr/include/c++/10/bits/basic_string.tcc:219
          #2 0x7f72b27f9e66 in sql::SQLString::SQLString(sql::SQLString const&) /home/linuxjedi/Programming/Git/mariadb-connector-cpp/src/SQLString.cpp:33
          #3 0x7f72b2911ee1 in sql::mariadb::TimestampParameter::TimestampParameter(sql::SQLString const&, sql::mariadb::TimeZone const*, bool) /home/linuxjedi/Programming/Git/mariadb-connector-cpp/src/parameters/TimestampParameter.cpp:38
          #4 0x7f72b28dfb5f in sql::mariadb::BasePrepareStatement::setDateTime(int, sql::SQLString const&) /home/linuxjedi/Programming/Git/mariadb-connector-cpp/src/BasePrepareStatement.cpp:570
          #5 0x43d67d in test_prep_statement_0 /home/linuxjedi/Programming/Git/mariadb-connector-cpp/test/test_common.cpp:1672
          #6 0x45cea2 in run_tests(int, char const**) /home/linuxjedi/Programming/Git/mariadb-connector-cpp/test/test_common.cpp:3202
          #7 0x45e0d3 in main /home/linuxjedi/Programming/Git/mariadb-connector-cpp/test/driver_test.cpp:89
          #8 0x7f72b1ea3041 in __libc_start_main ../csu/libc-start.c:308
      

      Attachments

        Activity

          People

            Unassigned Unassigned
            LinuxJedi Andrew Hutchings (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.