From: Mark Isaacson Date: Fri, 22 Jul 2016 17:47:38 +0000 (-0700) Subject: Fix ASAN exposed heap-use-after-free X-Git-Tag: 2016.07.26~9 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=066a868c73e9985f5c2ab3d5a7cc84159b6e3692;p=folly.git Fix ASAN exposed heap-use-after-free Summary: This code very obviously wrote past the end of the buffer when the length was 1. Furthermore, it was just downright broken for all values. The author obviously meant to type * instead of +. I took the time to verify that the algorithm is actually correct, while I was working on this. My proof is in the test plan. Reviewed By: yfeldblum, meyering Differential Revision: D3603255 fbshipit-source-id: 5f2a0011ff5401a70ba03993eab6e53e29d87c1c --- diff --git a/folly/detail/IPAddressSource.h b/folly/detail/IPAddressSource.h index e8a18110..b4ea3dfd 100644 --- a/folly/detail/IPAddressSource.h +++ b/folly/detail/IPAddressSource.h @@ -133,7 +133,7 @@ struct Bytes { for (std::size_t i = 0; i < len; i++) { const unsigned char c = src[i]; out[i * 2 + 0] = lut[c >> 4]; - out[i + 2 + 1] = lut[c & 15]; + out[i * 2 + 1] = lut[c & 15]; } return out; } diff --git a/folly/test/IPAddressTest.cpp b/folly/test/IPAddressTest.cpp index a8b5e752..5097eafa 100644 --- a/folly/test/IPAddressTest.cpp +++ b/folly/test/IPAddressTest.cpp @@ -421,6 +421,14 @@ TEST_P(IPAddressCtorBinaryTest, InvalidBinary) { IPAddressFormatException); } +TEST(IPAddressSource, ToHex) { + vector data = {{0xff, 0x20, 0x45}}; + EXPECT_EQ(detail::Bytes::toHex(data.data(), 0), ""); + EXPECT_EQ(detail::Bytes::toHex(data.data(), 1), "ff"); + EXPECT_EQ(detail::Bytes::toHex(data.data(), 2), "ff20"); + EXPECT_EQ(detail::Bytes::toHex(data.data(), 3), "ff2045"); +} + // Test toFullyQualified() TEST(IPAddress, ToFullyQualifiedFb) { IPAddress ip("2620:0:1cfe:face:b00c::3");