Skip to content

Fix endless loop bug #979

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix endless loop bug #979

wants to merge 1 commit into from

Conversation

reuk
Copy link
Contributor

@reuk reuk commented May 31, 2017

Fixes #543

tautschnig
tautschnig requested changes May 31, 2017
View reviewed changes
src/util/irep_serialization.cpp Outdated
@@ -327,7 +327,7 @@ irep_idt irep_serializationt::read_gb_string(std::istream &in)
char c;
size_t length=0;

while((c = in.get()) != 0)
while(in.good() && (c = in.get()) != 0)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't an error be reported if such a string without 0-termination is encountered?

mgudemann
mgudemann approved these changes May 31, 2017
View reviewed changes
Copy link
Contributor

@mgudemann mgudemann left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tested, original problem is solved with this
error reporting would be nice, but this is from fuzzed binary GOTO, so it is very unlikely to appear in the wild

@tautschnig
Copy link
Collaborator

error reporting would be nice, but this is from fuzzed binary GOTO, so it is very unlikely to appear in the wild

This patch would move the status from denial-of-service (not great, but low risk of exposing private data) to possibly arbitrary crashes at a later stage that may include buffer overflows. Error detection on invalid input MUST happen as early as possible.

@mgudemann
Copy link
Contributor

@tautschnig I see your point, I agree, the error should be detected here and execution should not be continued in this situation.

tautschnig
tautschnig requested changes Jun 2, 2017
View reviewed changes
src/util/irep_serialization.cpp Outdated
{
if(!in.good())
{
throw irep_serialization_errort("gb string is not null-terminated");
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems Visual Studio doesn't like this. Please just throw the C string, no need for irep_serialization_errort at this point.

Copy link
Contributor Author

@reuk reuk Jun 2, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Better to fix the exception constructor than to throw a char star though surely?
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#e14-use-purpose-designed-user-defined-types-as-exceptions-not-built-in-types

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not until #911 is merged, or you change all other 1583 uses of throw without a user-defined type.

@reuk reuk force-pushed the endless-loop branch 2 times, most recently from d2b6aac to aee7578 Compare June 2, 2017 21:36
peterschrammel
peterschrammel requested changes Jun 25, 2017
View reviewed changes
src/util/irep_serialization.cpp Outdated
size_t length=0;

while((c = in.get()) != 0)
while(char c = in.get())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

spacing around =

src/util/irep_serialization.cpp Outdated
@@ -14,6 +14,10 @@ Date: May 2007
#include "irep_serialization.h"
#include "string_hash.h"

irep_serialization_errort::irep_serialization_errort(
const std::string &error)
: std::runtime_error(error) {}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

coding style for :

@tautschnig tautschnig changed the base branch from master to develop August 22, 2017 12:23
@reuk reuk force-pushed the endless-loop branch 4 times, most recently from ea3429d to d7afb39 Compare August 23, 2017 12:25
peterschrammel
peterschrammel reviewed Aug 23, 2017
View reviewed changes
src/util/irep_serialization.cpp Outdated
size_t length=0;

while((c=static_cast<char>(in.get()))!=0)
{
if(!in.good())
{
throw irep_serialization_errort("gb string is not null-terminated");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

'gb' is not very user friendly.

@reuk
Fix endless loop bug
fa39392 
Throw if input format is incorrect
@tautschnig tautschnig assigned peterschrammel and unassigned reuk Dec 1, 2017
@tautschnig
Copy link
Collaborator

@peterschrammel Could you please review whether you are happy with the current state?

@tautschnig
Copy link
Collaborator

@peterschrammel ping?

@reuk reuk closed this Apr 9, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peterschrammel peterschrammel peterschrammel requested changes

@tautschnig tautschnig tautschnig approved these changes

@mgudemann mgudemann mgudemann approved these changes

Assignees

@peterschrammel peterschrammel

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@reuk @tautschnig @mgudemann @peterschrammel