View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001751aMuleMiscpublic2015-07-12 13:482015-10-20 16:15
Reportersirkay2006 
Assigned To 
PriorityhighSeverityminorReproducibilityalways
StatusclosedResolutionnot fixable 
Platformlinux amd_64 bitOSlinux debianOS Version8
Product VersionSVN 
Target Version2.3.2Fixed in Version 
Summary0001751: [memcheck] Invalid read detected in CalculateDigest (Kademlia.cpp:510)
DescriptionWhen running aMule on valgrind, the following IVR is detected.

==623==6205== Invalid read of size 4
==6205== at 0x4FEECD: KadGetKeywordHash(wxString const&, Kademlia::CUInt128*) (Kademlia.cpp:510)
==6205== by 0x4E8E54: CPublishKeyword::CPublishKeyword(wxString const&) (SharedFileList.cpp:70)
==6205== by 0x4E5317: CPublishKeywordList::AddKeyword(wxString const&, CKnownFile*) (SharedFileList.cpp:209)
==6205== by 0x4E5395: CPublishKeywordList::AddKeywords(CKnownFile*) (SharedFileList.cpp:222)
==6205== by 0x4E543D: CSharedFileList::AddFile(CKnownFile*) (SharedFileList.cpp:497)
==6205== by 0x4E625A: CSharedFileList::FindSharedFiles() (SharedFileList.cpp:334)
==6205== by 0x4E670B: CSharedFileList::Reload() (SharedFileList.cpp:550)
==6205== by 0x44662C: CamuleApp::OnInit() (amule.cpp:568)
==6205== by 0x520416: CamuleGuiApp::OnInit() (amule-gui.cpp:287)
==6205== by 0x64FA9FB: wxEntry(int&, wchar_t**) (in /home/ttt/_bin/bin/wxWidgets-2.8.12/lib/libwx_baseu-2.8.so.0.8.0)
==6205== by 0x42F741: main (amule-gui.cpp:93)
==6205== Address 0xebeb168 is 8 bytes inside a block of size 10 alloc'd
==6205== at 0x4C27B8F: malloc (vg_replace_malloc.c:296)
==6205== by 0x706A9D9: strdup (strdup.c:42)
==6205== by 0x4FEEA3: KadGetKeywordHash(wxString const&, Kademlia::CUInt128*) (Kademlia.cpp:507)
==6205== by 0x4E8E54: CPublishKeyword::CPublishKeyword(wxString const&) (SharedFileList.cpp:70)
==6205== by 0x4E5317: CPublishKeywordList::AddKeyword(wxString const&, CKnownFile*) (SharedFileList.cpp:209)
==6205== by 0x4E5395: CPublishKeywordList::AddKeywords(CKnownFile*) (SharedFileList.cpp:222)
==6205== by 0x4E543D: CSharedFileList::AddFile(CKnownFile*) (SharedFileList.cpp:497)
==6205== by 0x4E625A: CSharedFileList::FindSharedFiles() (SharedFileList.cpp:334)
==6205== by 0x4E670B: CSharedFileList::Reload() (SharedFileList.cpp:550)
==6205== by 0x44662C: CamuleApp::OnInit() (amule.cpp:568)
==6205== by 0x520416: CamuleGuiApp::OnInit() (amule-gui.cpp:287)
==6205== by 0x64FA9FB: wxEntry(int&, wchar_t**) (in /home/ttt/_bin/bin/wxWidgets-2.8.12/lib/libwx_baseu-2.8.so.0.8.0)
==6205== by 0x42F741: main (amule-gui.cpp:93)

It concerns:
506 // This should be safe - we assume rstrKeyword is ANSI anyway.
507 char* ansi_buffer = strdup(unicode2UTF8(rstrKeyword));
508
509 //printf("Kad keyword hash: UTF8 %s\n",ansi_buffer);
510 md4_hasher.CalculateDigest(Output,(const unsigned char*)ansi_buffer,strlen(ansi_buffer));

Cast in line 510 from char* to const unsigned char* (and the implicitly to byte*) seems fine.

I am wonderning if the strlen done in strdup and in line 510 are not safe for some strings in input.

Do you have an idea?
TagsNo tags attached.
Fixed in Revision
Operating Systemlinux amd_64
Attached Files

- Relationships

-  Notes
(0003666)
GonoszTopi (administrator)
2015-10-20 16:15

This is caused by a gcc optimization, the optimized and inlined strlen() function. We cannot do anything against it (except building without optimization), and it's harmless.

- Issue History
Date Modified Username Field Change
2015-07-12 13:48 sirkay2006 New Issue
2015-10-17 23:17 GonoszTopi Target Version => 2.3.2
2015-10-20 16:15 GonoszTopi Note Added: 0003666
2015-10-20 16:15 GonoszTopi Status new => closed
2015-10-20 16:15 GonoszTopi Resolution open => not fixable


Copyright © 2000 - 2024 MantisBT Team
Powered by Mantis Bugtracker