Actions
Bug #6389
closedpgsql: u16 overflow found by oss-fuzz w/ quadfuzz
Affected Versions:
Effort:
Difficulty:
Label:
Description
On https://github.com/OISF/suricata/blob/master/rust/src/pgsql/pgsql.rs#L85:
self.data_row_cnt += 1;
Reported by @Philippe Antoine
| thread '<unnamed>' panicked at 'attempt to add with overflow', src/pgsql/pgsql.rs:85:9 | | --- | | | note: run with \`RUST\_BACKTRACE=1\` environment variable to display a backtrace | | | fatal runtime error: failed to initiate panic, error 5 | | | AddressSanitizer:DEADLYSIGNAL | | | \================================================================= | | | \==690==ERROR: AddressSanitizer: ABRT on unknown address 0x0539000002b2 (pc 0x7ad11f04e00b bp 0x7ffd0c7e5848 sp 0x7ffd0c7e53d0 T0) | | | SCARINESS: 10 (signal) | | | #0 0x7ad11f04e00b in raise /build/glibc-SzIz7B/glibc-2.31/sysdeps/unix/sysv/linux/raise.c:51:1 | | | #1 0x7ad11f02d858 in abort /build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:79:7 | | | #2 0x31cd586 in std::sys::unix::abort\_internal::h3063ccb109bab462 /rustc/1459b3128e288a85fcc4dd1fee7ada2cdcf28794/library/std/src/sys/unix/mod.rs:350:14 | | | #3 0x31c20f1 in rust\_panic /rustc/1459b3128e288a85fcc4dd1fee7ada2cdcf28794/library/std/src/panicking.rs:746:5 | | | #4 0x31c1ee9 in std::panicking::rust\_panic\_with\_hook::h34c77a71befec972 /rustc/1459b3128e288a85fcc4dd1fee7ada2cdcf28794/library/std/src/panicking.rs:714:5 | | | #5 0x31c1be1 in std::panicking::begin\_panic\_handler::\_$u7b$$u7b$closure$u7d$$u7d$::hb5ae8193b4163d8b /rustc/1459b3128e288a85fcc4dd1fee7ada2cdcf28794/library/std/src/panicking.rs:581:13 | | | #6 0x31beff5 in std::sys\_common::backtrace::\_\_rust\_end\_short\_backtrace::h53bbfcb82ab0fc3b /rustc/1459b3128e288a85fcc4dd1fee7ada2cdcf28794/library/std/src/sys\_common/backtrace.rs:150:18 | | | #7 0x31c1931 in rust\_begin\_unwind /rustc/1459b3128e288a85fcc4dd1fee7ada2cdcf28794/library/std/src/panicking.rs:579:5 | | | #8 0x5c10c2 in core::panicking::panic\_fmt::h712e519910af2aa1 /rustc/1459b3128e288a85fcc4dd1fee7ada2cdcf28794/library/core/src/panicking.rs:64:14 | | | #9 0x5c115c in core::panicking::panic::h7c5f6c047dc85cd8 /rustc/1459b3128e288a85fcc4dd1fee7ada2cdcf28794/library/core/src/panicking.rs:114:5 | | | #10 0x1662455 in suricata::pgsql::pgsql::PgsqlTransaction::incr\_row\_cnt::h5ee19e256060baaa [suricata/rust/src/pgsql/pgsql.rs:85](https://github.com/OISF/suricata/blob/1a132f454a64f699118dafcdfccb0687317b435e/rust/src/pgsql/pgsql.rs#L85):9 | | | #11 0x1662455 in suricata::pgsql::pgsql::PgsqlState::parse\_response::h7b243344c9c5e025 [suricata/rust/src/pgsql/pgsql.rs:474](https://github.com/OISF/suricata/blob/1a132f454a64f699118dafcdfccb0687317b435e/rust/src/pgsql/pgsql.rs#L474):29 | | | #12 0x1664e91 in rs\_pgsql\_parse\_response [suricata/rust/src/pgsql/pgsql.rs:657](https://github.com/OISF/suricata/blob/1a132f454a64f699118dafcdfccb0687317b435e/rust/src/pgsql/pgsql.rs#L657):16 | | | #13 0x715e06 in AppLayerParserParse [suricata/src/app-layer-parser.c:1403](https://github.com/OISF/suricata/blob/1a132f454a64f699118dafcdfccb0687317b435e/src/app-layer-parser.c#L1403):30 | | | #14 0x70fe36 in LLVMFuzzerTestOneInput [suricata/src/tests/fuzz/fuzz\_applayerparserparse.c:204](https://github.com/OISF/suricata/blob/1a132f454a64f699118dafcdfccb0687317b435e/src/tests/fuzz/fuzz_applayerparserparse.c#L204):16 |
Files
Actions