Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-3138

assertion / crash in policy / json parsing - Failed to convert string to double

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Higher
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.15.0
    • Component/s: None
    • Labels:
      None

      Description

      Found by fuzzing (afl).

      Backtrace:

      #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
      #1  0x00007ffff76a8801 in __GI_abort () at abort.c:79
      #2  0x00007ffff769839a in __assert_fail_base (
          fmt=0x7ffff781f7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
          assertion=assertion@entry=0x7ffff7b86f60 "!*end && \"Failed to convert string to double\"",
          file=file@entry=0x7ffff7b86dc0 "string_lib.c", line=line@entry=639,
          function=function@entry=0x7ffff7b871c8 <__PRETTY_FUNCTION__.17513> "StringToDouble")
          at assert.c:92
      #3  0x00007ffff7698412 in __GI___assert_fail (
          assertion=0x7ffff7b86f60 "!*end && \"Failed to convert string to double\"",
          file=0x7ffff7b86dc0 "string_lib.c", line=639,
          function=0x7ffff7b871c8 <__PRETTY_FUNCTION__.17513> "StringToDouble") at assert.c:101
      #4  0x00007ffff7b3288e in StringToDouble (str=0x5555557b42c0 "1.2.3") at string_lib.c:639
      #5  0x00007ffff7b1ecc5 in JsonPrimitiveGetAsReal (primitive=0x5555557b42e0) at json.c:753
      #6  0x00007ffff7b1d3be in JsonPrimitiveCopy (primitive=0x5555557b42e0) at json.c:223
      #7  0x00007ffff7b1d45c in JsonCopy (element=0x5555557b42e0) at json.c:241
      #8  0x00007ffff7b1d0c8 in JsonArrayCopy (array=0x5555557b4020) at json.c:158
      #9  0x00007ffff7b1d2b1 in JsonContainerCopy (container=0x5555557b4020) at json.c:193
      #10 0x00007ffff7b1d44e in JsonCopy (element=0x5555557b4020) at json.c:239
      #11 0x00007ffff7b02318 in RvalNewRewriter (item=0x5555557b4020, type=RVAL_TYPE_CONTAINER, map=0x0)
          at rlist.c:449
      #12 0x00007ffff7b023a9 in RvalNew (item=0x5555557b4020, type=RVAL_TYPE_CONTAINER) at rlist.c:461
      #13 0x00007ffff7b02412 in RvalCopy (rval=...) at rlist.c:471
      #14 0x00007ffff7aab44b in yyparse () at cf3parse.y:687
      #15 0x00007ffff7afb7d3 in ParserParseFile (agent_type=AGENT_TYPE_COMMON,
          path=0x55555575a350 "crash.cf", warnings=268435455, warnings_error=0) at parser.c:130
      #16 0x00007ffff7ae9060 in Cf3ParseFile (config=0x55555575a260, input_path=0x55555575a350 "crash.cf")
          at loading.c:136
      #17 0x00007ffff7ae9968 in LoadPolicyFile (ctx=0x55555575a390, config=0x55555575a260,
          policy_file=0x55555575a350 "crash.cf", policy_files_hashes=0x5555557ac130,
          parsed_files_checksums=0x5555557ad070, failed_files=0x5555557ad1d0) at loading.c:343
      #18 0x00007ffff7aea0eb in LoadPolicy (ctx=0x55555575a390, config=0x55555575a260) at loading.c:503
      #19 0x0000555555555e55 in main (argc=3, argv=0x7fffffffe2d8) at cf-promises.c:139
      

      Simplified policy:

      bundle agent main
      {
        vars:
            "d1" data => '[1.2.3]';
      }
      

        Attachments

          Release management

            Activity

              People

              Assignee:
              olehermanse Ole Herman Schumacher Elgesem
              Reporter:
              olehermanse Ole Herman Schumacher Elgesem
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: