New issue
Advanced search Search tips

Issue 734225 link

Starred by 1 user

Issue metadata

Status: Archived
Owner:
Closed: Jun 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

heap-buffer-overflow in BleScannerTest

Project Member Reported by thestig@chromium.org, Jun 16 2017

Issue description

r480110 enabled running more tests and surprise surprise, they have issues:

https://build.chromium.org/p/chromium.memory/builders/Linux%20Chromium%20OS%20ASan%20LSan%20Tests%20%281%29/builds/21809

ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000004674 at pc 0x0000004e9ba2 bp 0x7ffff7d9a1d0 sp 0x7ffff7d99980
READ of size 5 at 0x602000004674 thread T0
    #0 0x4e9ba1 in __asan_memcpy (/b/s/w/ir/out/Release/chromeos_components_unittests+0x4e9ba1)
    #1 0x310e497 in chromeos::tether::BleScanner::HandleDeviceUpdated(device::BluetoothDevice*) chromeos/components/tether/ble_scanner.cc:231:3
    #2 0x310e17c in chromeos::tether::BleScanner::DeviceAdded(device::BluetoothAdapter*, device::BluetoothDevice*) chromeos/components/tether/ble_scanner.cc:149:3
    #3 0x5fb16c in chromeos::tether::BleScannerTest_TestDiscovery_LocalDeviceDataCannotBeFetched_Test::TestBody() chromeos/components/tether/ble_scanner_unittest.cc:370:17
    #4 0x7f952c in HandleExceptionsInMethodIfSupported<testing::Test, void> third_party/googletest/src/googletest/src/gtest.cc:2455:12


 
Status: Started (was: Untriaged)
Project Member

Comment 2 by bugdroid1@chromium.org, Jun 17 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/04f2b90690644acc3c81bdd98ab7f379eddb10b7

commit 04f2b90690644acc3c81bdd98ab7f379eddb10b7
Author: khorimoto <khorimoto@chromium.org>
Date: Sat Jun 17 00:13:31 2017

[CrOS Tether] Fix a buffer overflow issue caught by the ASAN bots.

The issue is that memcpy() was used to copy (N+1) bytes from a source
that was N bytes to a destination that was (N+1) bytes. The fix is only
copying N bytes.

BUG=672263, 734225 

Review-Url: https://codereview.chromium.org/2943793002
Cr-Commit-Position: refs/heads/master@{#480235}

[modify] https://crrev.com/04f2b90690644acc3c81bdd98ab7f379eddb10b7/chromeos/components/tether/ble_scanner.cc

Status: Fixed (was: Started)

Comment 4 by dchan@chromium.org, Jan 22 2018

Status: Archived (was: Fixed)

Sign in to add a comment