Fix ASAN exposed heap-use-after-free
authorMark Isaacson <markisaa@fb.com>
Fri, 22 Jul 2016 17:47:38 +0000 (10:47 -0700)
committerFacebook Github Bot 0 <facebook-github-bot-0-bot@fb.com>
Fri, 22 Jul 2016 17:53:27 +0000 (10:53 -0700)
Summary: This code very obviously wrote past the end of the buffer when the length was 1. Furthermore, it was just downright broken for all values. The author obviously meant to type * instead of +. I took the time to verify that the algorithm is actually correct, while I was working on this. My proof is in the test plan.

Reviewed By: yfeldblum, meyering

Differential Revision: D3603255

fbshipit-source-id: 5f2a0011ff5401a70ba03993eab6e53e29d87c1c

folly/detail/IPAddressSource.h
folly/test/IPAddressTest.cpp

index e8a1811..b4ea3df 100644 (file)
@@ -133,7 +133,7 @@ struct Bytes {
     for (std::size_t i = 0; i < len; i++) {
       const unsigned char c = src[i];
       out[i * 2 + 0] = lut[c >> 4];
-      out[i + 2 + 1] = lut[c & 15];
+      out[i * 2 + 1] = lut[c & 15];
     }
     return out;
   }
index a8b5e75..5097eaf 100644 (file)
@@ -421,6 +421,14 @@ TEST_P(IPAddressCtorBinaryTest, InvalidBinary) {
                IPAddressFormatException);
 }
 
+TEST(IPAddressSource, ToHex) {
+  vector<std::uint8_t> data = {{0xff, 0x20, 0x45}};
+  EXPECT_EQ(detail::Bytes::toHex(data.data(), 0), "");
+  EXPECT_EQ(detail::Bytes::toHex(data.data(), 1), "ff");
+  EXPECT_EQ(detail::Bytes::toHex(data.data(), 2), "ff20");
+  EXPECT_EQ(detail::Bytes::toHex(data.data(), 3), "ff2045");
+}
+
 // Test toFullyQualified()
 TEST(IPAddress, ToFullyQualifiedFb) {
   IPAddress ip("2620:0:1cfe:face:b00c::3");