src: fix stack-buffer overflow for long exception lines (!2404) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/skomski/fix-overflow-AddExceptionLine into master Aug 16, 2015

Long exception lines result in a stack buffer overflow or assertion abort because the assumption that snprintf not counts discarded chars is wrong and (off) >= sizeof(arrow).

==6098==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe1a973220 at pc 0x000001a0b09a bp 0x7ffe1a972db0 sp 0x7ffe1a972da8
WRITE of size 1 at 0x7ffe1a973220 thread T0
    #0 0x1a0b099 in node::AppendExceptionLine(node::Environment*, v8::Local<v8::Value>, v8::Local<v8::Message>) /home/skomski/Code/io.js/out/../src/node.cc:1409:16
    #1 0x1a3e14a in node::ContextifyScript::New(v8::FunctionCallbackInfo<v8::Value> const&) /home/skomski/Code/io.js/out/../src/node_contextify.cc:492:9

Address 0x7ffe1a973220 is located in stack of thread T0 at offset 1120 in frame
    #0 0x1a0a9af in node::AppendExceptionLine(node::Environment*, v8::Local<v8::Value>, v8::Local<v8::Message>) /home/skomski/Code/io.js/out/../src/node.cc:1334

  This frame has 4 object(s):
    [32, 56) 'scope'
    [96, 1120) 'arrow' <== Memory access at offset 1120 overflows this variable
    [1248, 2288) 'filename'
    [2416, 3456) 'sourceline'

Admin message

Admin message

src: fix stack-buffer overflow for long exception lines

Merge request reports