thomas/open62541

Fix stack-buffer-overflow

```
24: ==26126==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x2b44ecb44890 at pc 0x0000005470bc bp 0x2b44ecb3ee00 sp 0x2b44ecb3edf8
24: WRITE of size 8 at 0x2b44ecb44890 thread T1
24:     #0 0x5470bb in mdnsd_out /home/travis/build/open62541/open62541/deps/mdnsd/libmdnsd/mdnsd.c:774:6
24:     #1 0x55112e in mdnsd_step /home/travis/build/open62541/open62541/deps/mdnsd/libmdnsd/mdnsd.c:1235:10
24:     #2 0x152959b in iterateMulticastDiscoveryServer /home/travis/build/open62541/open62541/src/server/ua_services_discovery_multicast.c:490:29
24:     #3 0x59d95a in UA_Server_run_iterate /home/travis/build/open62541/open62541/src/server/ua_server.c:441:13
24:     #4 0x52bd9d in serverloop_lds /home/travis/build/open62541/open62541/tests/server/check_discovery.c:35:9
24:     #5 0x2b44e8c77183 in start_thread /build/eglibc-ripdx6/eglibc-2.19/nptl/pthread_create.c:312
24:     #6 0x2b44e93a703c in clone /build/eglibc-ripdx6/eglibc-2.19/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:111
24:
24: Address 0x2b44ecb44890 is located in stack of thread T1 at offset 20848 in frame
24:     #0 0x5509ef in mdnsd_step /home/travis/build/open62541/open62541/deps/mdnsd/libmdnsd/mdnsd.c:1197
24:
24:   This frame has 7 object(s):
24:     [32, 10256) 'm' (line 1199)
24:     [10512, 10516) 'ssize' (line 1203)
24:     [10528, 20528) 'buf' (line 1204)
24:     [20784, 20800) 'from' (line 1205)
24:     [20816, 20832) 'to' (line 1228)
24:     [20848, 20852) 'ip' (line 1229) <== Memory access at offset 20848 partially overflows this variable
24:     [20864, 20866) 'port' (line 1230)
24: HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
24:       (longjmp and C++ exceptions *are* supported)
24: Thread T1 created by T0 here:
24:     #0 0x43462d in __interceptor_pthread_create (/home/travis/build/open62541/open62541/build/bin/tests/check_discovery+0x43462d)
24:     #1 0x52849a in setup_lds /home/travis/build/open62541/open62541/tests/server/check_discovery.c:59:5
24:     #2 0x1615a06 in srunner_run_unchecked_setup.isra.9 (/home/travis/build/open62541/open62541/build/bin/tests/check_discovery+0x1615a06)
24:     #3 0x2b44e92caf44 in __libc_start_main /build/eglibc-ripdx6/eglibc-2.19/csu/libc-start.c:287
```

See also https://travis-ci.org/open62541/open62541/jobs/474897811#L5828

Stefan Profanter 5 years ago

parent

96e136596c

commit

ae58c5f227

1 changed files with 1 additions and 1 deletions

Split View Show Diff Stats

						
							+ 1
							
							- 1
						
deps/mdnsd
							 
								View File
							
				@@ -1 +1 @@
			
				-Subproject commit 8e08a2cefd27e5061ee63df1546663d123fc7547
			
				+Subproject commit 9e953b8e4c54d50ba0e174f1e98cfca18f933126

Fix stack-buffer-overflow

+ 1 - 1 deps/mdnsd View File

+ 1 - 1
deps/mdnsd
View File