From 066a868c73e9985f5c2ab3d5a7cc84159b6e3692 Mon Sep 17 00:00:00 2001 From: Mark Isaacson Date: Fri, 22 Jul 2016 10:47:38 -0700 Subject: [PATCH] Fix ASAN exposed heap-use-after-free Summary: This code very obviously wrote past the end of the buffer when the length was 1. Furthermore, it was just downright broken for all values. The author obviously meant to type * instead of +. I took the time to verify that the algorithm is actually correct, while I was working on this. My proof is in the test plan. Reviewed By: yfeldblum, meyering Differential Revision: D3603255 fbshipit-source-id: 5f2a0011ff5401a70ba03993eab6e53e29d87c1c --- folly/detail/IPAddressSource.h | 2 +- folly/test/IPAddressTest.cpp | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/folly/detail/IPAddressSource.h b/folly/detail/IPAddressSource.h index e8a18110..b4ea3dfd 100644 --- a/folly/detail/IPAddressSource.h +++ b/folly/detail/IPAddressSource.h @@ -133,7 +133,7 @@ struct Bytes { for (std::size_t i = 0; i < len; i++) { const unsigned char c = src[i]; out[i * 2 + 0] = lut[c >> 4]; - out[i + 2 + 1] = lut[c & 15]; + out[i * 2 + 1] = lut[c & 15]; } return out; } diff --git a/folly/test/IPAddressTest.cpp b/folly/test/IPAddressTest.cpp index a8b5e752..5097eafa 100644 --- a/folly/test/IPAddressTest.cpp +++ b/folly/test/IPAddressTest.cpp @@ -421,6 +421,14 @@ TEST_P(IPAddressCtorBinaryTest, InvalidBinary) { IPAddressFormatException); } +TEST(IPAddressSource, ToHex) { + vector data = {{0xff, 0x20, 0x45}}; + EXPECT_EQ(detail::Bytes::toHex(data.data(), 0), ""); + EXPECT_EQ(detail::Bytes::toHex(data.data(), 1), "ff"); + EXPECT_EQ(detail::Bytes::toHex(data.data(), 2), "ff20"); + EXPECT_EQ(detail::Bytes::toHex(data.data(), 3), "ff2045"); +} + // Test toFullyQualified() TEST(IPAddress, ToFullyQualifiedFb) { IPAddress ip("2620:0:1cfe:face:b00c::3"); -- 2.34.1