-
Notifications
You must be signed in to change notification settings - Fork 372
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ACE has a out-of-bounds array vulnerability, causing core dump. #1840
Comments
Please extend one of the unit tests in the ACE/tests directory as reproducer, when you have that, please open a pull request with the test extension and another one for the proposed fix |
I cannot reproduce this bug stably. It only occurs when fuzzing is used. I think it's an obvious out-of-bounds array |
It seems like this could be tested without fuzzing. The ACE_Active_Map_Manager_Key input parameter can have any value for slot_index, including an invalid one. Using a tool like Address Sanitizer would show invalid memory access. |
OK,I'll try to write a UT test the ACE_Active_Map_Manager_Key |
Version
ACE+TAO 6.5.14
Host machine and operating system
Linux 4.4.0-131-generic x86_64
Compiler name and version (including patch level)
gcc version 5.4.0 20160609
The problem effects:
Program coredump
Description
Coredump occurs occasionally in the CORBA service. There are two stacks.
the first one:
the second one:
Sample fix/ workaround
Vulnerable Function:
Modifying the Index Judgment Condition Statement like these
The text was updated successfully, but these errors were encountered: