Status: New
Owner: [email protected]
Labels: Type-Defect Priority-Medium
New issue 684 by [email protected]: integer overflow
https://code.google.com/p/protobuf/issues/detail?id=684
What steps will reproduce the problem?
svn diff stringprintf_unittest.cc
Index: stringprintf_unittest.cc
===================================================================
--- stringprintf_unittest.cc (revision 608)
+++ stringprintf_unittest.cc (working copy)
@@ -147,6 +147,16 @@
delete[] buf;
}
+TEST(StringPrintfTest, HugeBuf) {
+ // Check that the a corner case buffer is handled correctly.
+ int n = std::numeric_limits<int>::max() ;
+ char* buf = (char *) malloc(n);
+ memset(buf, 0x41, n);
+ string value = StringPrintf("%s", buf);
+ EXPECT_EQ(value, "");
+ free(buf);
+}
+
} // anonymous namespace
} // namespace protobuf
} // namespace google
What is the expected output? What do you see instead?
make check
Relevant part of src/test-suite.log:
[ RUN ] StringPrintfTest.HugeBuf
unknown file: Failure
C++ exception with description "std::bad_alloc" thrown in the test body.
[ FAILED ] StringPrintfTest.HugeBuf (8632 ms)
What version of the product are you using? On what operating system?
2.6.0 on Ubuntu 14.04
Please provide any additional information below.
I believe this bug can lead to DoS attacks.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
You received this message because you are subscribed to the Google Groups "Protocol
Buffers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/protobuf.
For more options, visit https://groups.google.com/d/optout.
