You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rocketmq.apache.org by GitBox <gi...@apache.org> on 2020/02/27 10:09:04 UTC
[GitHub] [rocketmq-client-cpp] WoodsCumming opened a new pull request #262: Fix the risk of heap-buffer-overflow when ‘OrderTopicConf’ is configured illegally.
WoodsCumming opened a new pull request #262: Fix the risk of heap-buffer-overflow when ‘OrderTopicConf’ is configured illegally.
URL: https://github.com/apache/rocketmq-client-cpp/pull/262
## What is the purpose of the change
Fix the risk of heap-buffer-overflow when ‘OrderTopicConf’ is configured illegally.
## Brief changelog
Fix the risk of heap-buffer-overflow when ‘OrderTopicConf’ is configured illegally.
## Verifying this change
Verified. Want a code review.
## The ASAN Report
==5743==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fabc6cfbed7 sp 0x7ffd6ff1c340 bp 0x000000000000 T0)
#0 0x7fabc6cfbed6 in ____strtoll_l_internal (/lib64/libc.so.6+0x3aed6)
#1 0x4d3103 in __interceptor_atoi (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/MQClientFactoryTest+0x4d3103)
#2 0x7fabc7d61999 in rocketmq::MQClientFactory::topicRouteData2TopicPublishInfo(std::string const&, rocketmq::TopicRouteData*) (/home/yizhe.wcm/PR/rocketmq-client-cpp/bin/librocketmq.so+0x4af999)
#3 0x7fabc7d614dd in rocketmq::MQClientFactory::updateTopicRouteInfoFromNameServer(std::string const&, rocketmq::SessionCredentials const&, bool) (/home/yizhe.wcm/PR/rocketmq-client-cpp/bin/librocketmq.so+0x4af4dd)
#4 0x7fabc7d6b116 in rocketmq::MQClientFactory::minOffset(rocketmq::MQMessageQueue const&, rocketmq::SessionCredentials const&) (/home/yizhe.wcm/PR/rocketmq-client-cpp/bin/librocketmq.so+0x4b9116)
#5 0x524700 in MQClientFactoryTest_minOffset_Test::TestBody() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/MQClientFactoryTest+0x524700)
#6 0x577731 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/MQClientFactoryTest+0x577731)
#7 0x571485 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/MQClientFactoryTest+0x571485)
#8 0x551eee in testing::Test::Run() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/MQClientFactoryTest+0x551eee)
#9 0x5527b5 in testing::TestInfo::Run() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/MQClientFactoryTest+0x5527b5)
#10 0x552e79 in testing::TestCase::Run() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/MQClientFactoryTest+0x552e79)
#11 0x55d67c in testing::internal::UnitTestImpl::RunAllTests() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/MQClientFactoryTest+0x55d67c)
#12 0x578b2f in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/MQClientFactoryTest+0x578b2f)
#13 0x572207 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/MQClientFactoryTest+0x572207)
#14 0x55c122 in testing::UnitTest::Run() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/MQClientFactoryTest+0x55c122)
#15 0x5270c3 in RUN_ALL_TESTS() (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/MQClientFactoryTest+0x5270c3)
#16 0x52539f in main (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/MQClientFactoryTest+0x52539f)
#17 0x7fabc6ce3444 in __libc_start_main (/lib64/libc.so.6+0x22444)
#18 0x4c0c48 (/home/yizhe.wcm/PR/rocketmq-client-cpp/test/bin/MQClientFactoryTest+0x4c0c48)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 ____strtoll_l_internal
==5743==ABORTING
Follow this checklist to help us incorporate your contribution quickly and easily. Notice, `it would be helpful if you could finish the following 5 checklist(the last one is not necessary)before request the community to review your PR`.
- [x] Make sure there is a [Github issue](https://github.com/apache/rocketmq/issues) filed for the change (usually before you start working on it). Trivial changes like typos do not require a Github issue. Your pull request should address just this issue, without pulling in other changes - one PR resolves one issue.
- [x] Format the pull request title like `[ISSUE #123] Fix UnknownException when host config not exist`. Each commit in the pull request should have a meaningful subject line and body.
- [x] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
- [x] Write necessary unit-test(over 80% coverage) to verify your logic correction, more mock a little better when a cross-module dependency exists.
- [ ] If this contribution is large, please file an [Apache Individual Contributor License Agreement](http://www.apache.org/licenses/#clas).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [rocketmq-client-cpp] codecov-io commented on issue #262: Fix the risk of heap-buffer-overflow when ‘OrderTopicConf’ is configured illegally.
Posted by GitBox <gi...@apache.org>.
codecov-io commented on issue #262: Fix the risk of heap-buffer-overflow when ‘OrderTopicConf’ is configured illegally.
URL: https://github.com/apache/rocketmq-client-cpp/pull/262#issuecomment-591903564
# [Codecov](https://codecov.io/gh/apache/rocketmq-client-cpp/pull/262?src=pr&el=h1) Report
> Merging [#262](https://codecov.io/gh/apache/rocketmq-client-cpp/pull/262?src=pr&el=desc) into [master](https://codecov.io/gh/apache/rocketmq-client-cpp/commit/12a73b1f0c750c9582c9f816dd0d11218728ddd8?src=pr&el=desc) will **not change** coverage.
> The diff coverage is `100%`.
[](https://codecov.io/gh/apache/rocketmq-client-cpp/pull/262?src=pr&el=tree)
```diff
@@ Coverage Diff @@
## master #262 +/- ##
=======================================
Coverage 58.28% 58.28%
=======================================
Files 182 182
Lines 11805 11805
=======================================
Hits 6880 6880
Misses 4925 4925
```
| [Impacted Files](https://codecov.io/gh/apache/rocketmq-client-cpp/pull/262?src=pr&el=tree) | Coverage Δ | |
|---|---|---|
| [src/MQClientFactory.cpp](https://codecov.io/gh/apache/rocketmq-client-cpp/pull/262/diff?src=pr&el=tree#diff-c3JjL01RQ2xpZW50RmFjdG9yeS5jcHA=) | `20.78% <100%> (ø)` | :arrow_up: |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/rocketmq-client-cpp/pull/262?src=pr&el=continue).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/rocketmq-client-cpp/pull/262?src=pr&el=footer). Last update [12a73b1...b361510](https://codecov.io/gh/apache/rocketmq-client-cpp/pull/262?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [rocketmq-client-cpp] ShannonDing merged pull request #262: fix(memory): fix the risk of heap-buffer-overflow when ‘OrderTopicConf’ is configured illegally.
Posted by GitBox <gi...@apache.org>.
ShannonDing merged pull request #262: fix(memory): fix the risk of heap-buffer-overflow when ‘OrderTopicConf’ is configured illegally.
URL: https://github.com/apache/rocketmq-client-cpp/pull/262
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services