Project

General

Profile

Actions

Bug #6389

closed

pgsql: u16 overflow found by oss-fuzz w/ quadfuzz

Added by Juliana Fajardini Reichow about 1 year ago. Updated 10 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

On https://github.com/OISF/suricata/blob/master/rust/src/pgsql/pgsql.rs#L85:

self.data_row_cnt += 1;

Reported by @Philippe Antoine

| thread '<unnamed>' panicked at 'attempt to add with overflow', src/pgsql/pgsql.rs:85:9 |
| --- |
|  | note: run with \`RUST\_BACKTRACE=1\` environment variable to display a backtrace |
|  | fatal runtime error: failed to initiate panic, error 5 |
|  | AddressSanitizer:DEADLYSIGNAL |
|  | \================================================================= |
|  | \==690==ERROR: AddressSanitizer: ABRT on unknown address 0x0539000002b2 (pc 0x7ad11f04e00b bp 0x7ffd0c7e5848 sp 0x7ffd0c7e53d0 T0) |
|  | SCARINESS: 10 (signal) |
|  | #0 0x7ad11f04e00b in raise /build/glibc-SzIz7B/glibc-2.31/sysdeps/unix/sysv/linux/raise.c:51:1 |
|  | #1 0x7ad11f02d858 in abort /build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:79:7 |
|  | #2 0x31cd586 in std::sys::unix::abort\_internal::h3063ccb109bab462 /rustc/1459b3128e288a85fcc4dd1fee7ada2cdcf28794/library/std/src/sys/unix/mod.rs:350:14 |
|  | #3 0x31c20f1 in rust\_panic /rustc/1459b3128e288a85fcc4dd1fee7ada2cdcf28794/library/std/src/panicking.rs:746:5 |
|  | #4 0x31c1ee9 in std::panicking::rust\_panic\_with\_hook::h34c77a71befec972 /rustc/1459b3128e288a85fcc4dd1fee7ada2cdcf28794/library/std/src/panicking.rs:714:5 |
|  | #5 0x31c1be1 in std::panicking::begin\_panic\_handler::\_$u7b$$u7b$closure$u7d$$u7d$::hb5ae8193b4163d8b /rustc/1459b3128e288a85fcc4dd1fee7ada2cdcf28794/library/std/src/panicking.rs:581:13 |
|  | #6 0x31beff5 in std::sys\_common::backtrace::\_\_rust\_end\_short\_backtrace::h53bbfcb82ab0fc3b /rustc/1459b3128e288a85fcc4dd1fee7ada2cdcf28794/library/std/src/sys\_common/backtrace.rs:150:18 |
|  | #7 0x31c1931 in rust\_begin\_unwind /rustc/1459b3128e288a85fcc4dd1fee7ada2cdcf28794/library/std/src/panicking.rs:579:5 |
|  | #8 0x5c10c2 in core::panicking::panic\_fmt::h712e519910af2aa1 /rustc/1459b3128e288a85fcc4dd1fee7ada2cdcf28794/library/core/src/panicking.rs:64:14 |
|  | #9 0x5c115c in core::panicking::panic::h7c5f6c047dc85cd8 /rustc/1459b3128e288a85fcc4dd1fee7ada2cdcf28794/library/core/src/panicking.rs:114:5 |
|  | #10 0x1662455 in suricata::pgsql::pgsql::PgsqlTransaction::incr\_row\_cnt::h5ee19e256060baaa [suricata/rust/src/pgsql/pgsql.rs:85](https://github.com/OISF/suricata/blob/1a132f454a64f699118dafcdfccb0687317b435e/rust/src/pgsql/pgsql.rs#L85):9 |
|  | #11 0x1662455 in suricata::pgsql::pgsql::PgsqlState::parse\_response::h7b243344c9c5e025 [suricata/rust/src/pgsql/pgsql.rs:474](https://github.com/OISF/suricata/blob/1a132f454a64f699118dafcdfccb0687317b435e/rust/src/pgsql/pgsql.rs#L474):29 |
|  | #12 0x1664e91 in rs\_pgsql\_parse\_response [suricata/rust/src/pgsql/pgsql.rs:657](https://github.com/OISF/suricata/blob/1a132f454a64f699118dafcdfccb0687317b435e/rust/src/pgsql/pgsql.rs#L657):16 |
|  | #13 0x715e06 in AppLayerParserParse [suricata/src/app-layer-parser.c:1403](https://github.com/OISF/suricata/blob/1a132f454a64f699118dafcdfccb0687317b435e/src/app-layer-parser.c#L1403):30 |
|  | #14 0x70fe36 in LLVMFuzzerTestOneInput [suricata/src/tests/fuzz/fuzz\_applayerparserparse.c:204](https://github.com/OISF/suricata/blob/1a132f454a64f699118dafcdfccb0687317b435e/src/tests/fuzz/fuzz_applayerparserparse.c#L204):16 |


Files


Subtasks 1 (0 open1 closed)

Bug #6521: pgsql: u16 overflow found by oss-fuzz w/ quadfuzz (7.0.x backport)ClosedJuliana Fajardini ReichowActions
Actions #1

Updated by Juliana Fajardini Reichow about 1 year ago

  • Description updated (diff)
Actions #2

Updated by Philippe Antoine about 1 year ago

  • Private changed from No to Yes
Actions #5

Updated by Victor Julien about 1 year ago

  • Description updated (diff)
Actions #6

Updated by Victor Julien about 1 year ago

  • Target version changed from 7.0.2 to 7.0.3
Actions #7

Updated by Victor Julien about 1 year ago

  • Priority changed from Normal to High
  • Target version changed from 7.0.3 to 8.0.0-beta1
  • Label Needs backport to 7.0 added
Actions #8

Updated by OISF Ticketbot about 1 year ago

  • Subtask #6521 added
Actions #9

Updated by OISF Ticketbot about 1 year ago

  • Label deleted (Needs backport to 7.0)
Actions #10

Updated by Juliana Fajardini Reichow 11 months ago

  • Status changed from New to In Review

merge request shared on gitlab

Actions #11

Updated by Juliana Fajardini Reichow 11 months ago

  • Status changed from In Review to Resolved
Actions #12

Updated by Juliana Fajardini Reichow 11 months ago

  • Status changed from Resolved to In Progress
Actions #13

Updated by Juliana Fajardini Reichow 11 months ago

  • Status changed from In Progress to In Review
Actions #14

Updated by Juliana Fajardini Reichow 10 months ago

  • Status changed from In Review to Resolved
Actions #15

Updated by Victor Julien 10 months ago

  • Status changed from Resolved to Closed
  • Private changed from Yes to No
Actions

Also available in: Atom PDF