Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-3138

assertion / crash in policy / json parsing - Failed to convert string to double

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Higher
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.15.0
    • Component/s: None
    • Labels:
      None

      Description

      Found by fuzzing (afl).

      Backtrace:

      #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff76a8801 in __GI_abort () at abort.c:79
#2  0x00007ffff769839a in __assert_fail_base (
    fmt=0x7ffff781f7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
    assertion=assertion@entry=0x7ffff7b86f60 "!*end && \"Failed to convert string to double\"",
    file=file@entry=0x7ffff7b86dc0 "string_lib.c", line=line@entry=639,
    function=function@entry=0x7ffff7b871c8 <__PRETTY_FUNCTION__.17513> "StringToDouble")
    at assert.c:92
#3  0x00007ffff7698412 in __GI___assert_fail (
    assertion=0x7ffff7b86f60 "!*end && \"Failed to convert string to double\"",
    file=0x7ffff7b86dc0 "string_lib.c", line=639,
    function=0x7ffff7b871c8 <__PRETTY_FUNCTION__.17513> "StringToDouble") at assert.c:101
#4  0x00007ffff7b3288e in StringToDouble (str=0x5555557b42c0 "1.2.3") at string_lib.c:639
#5  0x00007ffff7b1ecc5 in JsonPrimitiveGetAsReal (primitive=0x5555557b42e0) at json.c:753
#6  0x00007ffff7b1d3be in JsonPrimitiveCopy (primitive=0x5555557b42e0) at json.c:223
#7  0x00007ffff7b1d45c in JsonCopy (element=0x5555557b42e0) at json.c:241
#8  0x00007ffff7b1d0c8 in JsonArrayCopy (array=0x5555557b4020) at json.c:158
#9  0x00007ffff7b1d2b1 in JsonContainerCopy (container=0x5555557b4020) at json.c:193
#10 0x00007ffff7b1d44e in JsonCopy (element=0x5555557b4020) at json.c:239
#11 0x00007ffff7b02318 in RvalNewRewriter (item=0x5555557b4020, type=RVAL_TYPE_CONTAINER, map=0x0)
    at rlist.c:449
#12 0x00007ffff7b023a9 in RvalNew (item=0x5555557b4020, type=RVAL_TYPE_CONTAINER) at rlist.c:461
#13 0x00007ffff7b02412 in RvalCopy (rval=...) at rlist.c:471
#14 0x00007ffff7aab44b in yyparse () at cf3parse.y:687
#15 0x00007ffff7afb7d3 in ParserParseFile (agent_type=AGENT_TYPE_COMMON,
    path=0x55555575a350 "crash.cf", warnings=268435455, warnings_error=0) at parser.c:130
#16 0x00007ffff7ae9060 in Cf3ParseFile (config=0x55555575a260, input_path=0x55555575a350 "crash.cf")
    at loading.c:136
#17 0x00007ffff7ae9968 in LoadPolicyFile (ctx=0x55555575a390, config=0x55555575a260,
    policy_file=0x55555575a350 "crash.cf", policy_files_hashes=0x5555557ac130,
    parsed_files_checksums=0x5555557ad070, failed_files=0x5555557ad1d0) at loading.c:343
#18 0x00007ffff7aea0eb in LoadPolicy (ctx=0x55555575a390, config=0x55555575a260) at loading.c:503
#19 0x0000555555555e55 in main (argc=3, argv=0x7fffffffe2d8) at cf-promises.c:139

      Simplified policy:

      bundle agent main
{
  vars:
      "d1" data => '[1.2.3]';
}

        Attachments

          Release management

            Activity

              People

              Assignee:
              olehermanse Ole Herman Schumacher Elgesem
              Reporter:
              olehermanse Ole Herman Schumacher Elgesem
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: