Skip to content

Commit

Permalink
flb_utils: fix out of bounds write on invalid utf-8 (fluent#875)
Browse files Browse the repository at this point in the history 
In flb_utils_write_str, written and *off could be set
to an incorrect large value on invalid UTF-8 input.

Later, this would lead to an out of bounds write when
nul-terminating the string:

    Invalid write of size 1
       at 0x44378B: flb_msgpack_to_json (in /build/bin/fluent-bit)
       by 0x443B78: flb_msgpack_raw_to_json_str (in /build/bin/fluent-bit)
       by 0x47576D: kafka_rest_format (in /build/bin/fluent-bit)
       by 0x4758E9: cb_kafka_flush (in /build/bin/fluent-bit)
       by 0x434A71: output_pre_cb_flush (in /build/bin/fluent-bit)
       by 0x50DF26: co_init (in /build/bin/fluent-bit)
     Address 0x4d9985e is on thread 1's stack

Input file (base64 encoded):

    MAowCjAwCjAwADAKMDAwMDAK/wowCjAwCoAK

Signed-off-by: Carl Henrik Lunde <[email protected]>
  • Loading branch information
@chlunde @edsiper
chlunde authored and edsiper committed Nov 2, 2018
1 parent d606e2f commit bc66694
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion src/flb_utils.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -535,7 +535,6 @@ int flb_utils_write_str(char *buf, int *off, size_t size,
return FLB_FALSE;
}

written = *off;
p = buf + *off;
for (i = 0; i < str_len; i++) {
if ((available - written) < 2) {
Expand Down

0 comments on commit bc66694

Please sign in to comment.