heap-buffer-overflow in BleScannerTest |
|||
Issue descriptionr480110 enabled running more tests and surprise surprise, they have issues: https://build.chromium.org/p/chromium.memory/builders/Linux%20Chromium%20OS%20ASan%20LSan%20Tests%20%281%29/builds/21809 ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000004674 at pc 0x0000004e9ba2 bp 0x7ffff7d9a1d0 sp 0x7ffff7d99980 READ of size 5 at 0x602000004674 thread T0 #0 0x4e9ba1 in __asan_memcpy (/b/s/w/ir/out/Release/chromeos_components_unittests+0x4e9ba1) #1 0x310e497 in chromeos::tether::BleScanner::HandleDeviceUpdated(device::BluetoothDevice*) chromeos/components/tether/ble_scanner.cc:231:3 #2 0x310e17c in chromeos::tether::BleScanner::DeviceAdded(device::BluetoothAdapter*, device::BluetoothDevice*) chromeos/components/tether/ble_scanner.cc:149:3 #3 0x5fb16c in chromeos::tether::BleScannerTest_TestDiscovery_LocalDeviceDataCannotBeFetched_Test::TestBody() chromeos/components/tether/ble_scanner_unittest.cc:370:17 #4 0x7f952c in HandleExceptionsInMethodIfSupported<testing::Test, void> third_party/googletest/src/googletest/src/gtest.cc:2455:12
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/04f2b90690644acc3c81bdd98ab7f379eddb10b7 commit 04f2b90690644acc3c81bdd98ab7f379eddb10b7 Author: khorimoto <khorimoto@chromium.org> Date: Sat Jun 17 00:13:31 2017 [CrOS Tether] Fix a buffer overflow issue caught by the ASAN bots. The issue is that memcpy() was used to copy (N+1) bytes from a source that was N bytes to a destination that was (N+1) bytes. The fix is only copying N bytes. BUG=672263, 734225 Review-Url: https://codereview.chromium.org/2943793002 Cr-Commit-Position: refs/heads/master@{#480235} [modify] https://crrev.com/04f2b90690644acc3c81bdd98ab7f379eddb10b7/chromeos/components/tether/ble_scanner.cc
,
Jun 17 2017
,
Jan 22 2018
|
|||
►
Sign in to add a comment |
|||
Comment 1 by khorimoto@chromium.org
, Jun 16 2017