MsgPack.jl icon indicating copy to clipboard operation
MsgPack.jl copied to clipboard

Published 20 hours ago verified publisher icon JuliaIO

Unsafe string unpacking causes segmentation fault

Open ikirill opened this issue 1 year ago • 0 comments

MsgPack v1.2.0

julia> using MsgPack

julia> unpack(UInt8[0xdb, 0x05, 'a', 'b', 'c', 'd', 'e'])

[754821] signal (11.2): Segmentation fault
in expression starting at REPL[2]:1
__memcpy_sse2_unaligned_erms at /lib64/libc.so.6 (unknown line)
ijl_pchar_to_string at /cache/build/default-amdci5-2/julialang/julia-release-1-dot-9/src/array.c:523
unsafe_string at ./strings/string.jl:81 [inlined]
from_msgpack at /home/kirill/.julia/packages/MsgPack/AnkMB/src/types.jl:437 [inlined]
_unpack_string at /home/kirill/.julia/packages/MsgPack/AnkMB/src/unpack.jl:353
unpack_format at /home/kirill/.julia/packages/MsgPack/AnkMB/src/unpack.jl:341 [inlined]
#_unpack_any#10 at /home/kirill/.julia/packages/MsgPack/AnkMB/src/unpack.jl:83
_unpack_any at /home/kirill/.julia/packages/MsgPack/AnkMB/src/unpack.jl:49
unknown function (ip: 0x7f8ce8165f8a)
_jl_invoke at /cache/build/default-amdci5-2/julialang/julia-release-1-dot-9/src/gf.c:2758 [inlined]
ijl_apply_generic at /cache/build/default-amdci5-2/julialang/julia-release-1-dot-9/src/gf.c:2940
#unpack_type#9 at /home/kirill/.julia/packages/MsgPack/AnkMB/src/unpack.jl:47
unknown function (ip: 0x7f8ce8163060)
unpack_type at /home/kirill/.julia/packages/MsgPack/AnkMB/src/unpack.jl:47 [inlined]
#unpack#7 at /home/kirill/.julia/packages/MsgPack/AnkMB/src/unpack.jl:32 [inlined]
unpack at /home/kirill/.julia/packages/MsgPack/AnkMB/src/unpack.jl:32 [inlined]
#unpack#6 at /home/kirill/.julia/packages/MsgPack/AnkMB/src/unpack.jl:8 [inlined]
unpack at /home/kirill/.julia/packages/MsgPack/AnkMB/src/unpack.jl:8 [inlined]
#unpack#5 at /home/kirill/.julia/packages/MsgPack/AnkMB/src/unpack.jl:1 [inlined]
unpack at /home/kirill/.julia/packages/MsgPack/AnkMB/src/unpack.jl:1
unknown function (ip: 0x7f8ce8162fc2)
_jl_invoke at /cache/build/default-amdci5-2/julialang/julia-release-1-dot-9/src/gf.c:2758 [inlined]
ijl_apply_generic at /cache/build/default-amdci5-2/julialang/julia-release-1-dot-9/src/gf.c:2940
jl_apply at /cache/build/default-amdci5-2/julialang/julia-release-1-dot-9/src/julia.h:1879 [inlined]
do_call at /cache/build/default-amdci5-2/julialang/julia-release-1-dot-9/src/interpreter.c:126
eval_value at /cache/build/default-amdci5-2/julialang/julia-release-1-dot-9/src/interpreter.c:226
eval_stmt_value at /cache/build/default-amdci5-2/julialang/julia-release-1-dot-9/src/interpreter.c:177 [inlined]
eval_body at /cache/build/default-amdci5-2/julialang/julia-release-1-dot-9/src/interpreter.c:624

julia> versioninfo()
Julia Version 1.9.2
Commit e4ee485e909 (2023-07-05 09:39 UTC)
Platform Info:
  OS: Linux (x86_64-linux-gnu)
  CPU: 16 × AMD Ryzen 7 3700X 8-Core Processor
  WORD_SIZE: 64
  LIBM: libopenlibm
  LLVM: libLLVM-14.0.6 (ORCJIT, znver2)
  Threads: 16 on 16 virtual cores
Environment:
  JULIA_NUM_THREADS = auto

ikirill avatar Sep 03 '23 12:09 ikirill