Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-3380

Fix BSON_ASSERT triggered by invalid JavaScript/JSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.22.0, 1.22.0-beta0
    • Affects Version/s: None
    • Component/s: libbson
    • None

      Bad JavaScript/JSON input to libbson causes assertion failure. This was identified during fuzz testing. Fuzzer output follows:

      /home/admin/mongo-c-driver.git/src/libbson/src/bson/bson.c:1005 bson_append_code_with_scope(): precondition failed: javascript
      ==2261== ERROR: libFuzzer: deadly signal
          #0 0x4fbfe7 in __sanitizer_print_stack_trace (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x4fbfe7)   
          #1 0x44aceb in fuzzer::PrintStackTrace() (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x44aceb)
          #2 0x42e91b in fuzzer::Fuzzer::CrashCallback() (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x42e91b) 
          #3 0x42e8df in fuzzer::Fuzzer::StaticCrashSignalCallback() (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x42e8df)
          #4 0x7f18d839872f  (/lib/x86_64-linux-gnu/libpthread.so.0+0x1272f)
          #5 0x7f18d804e7ba in gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x377ba)
          #6 0x7f18d8039534 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x22534)
          #7 0x7f18d840b7f1 in bson_append_code_with_scope /home/admin/mongo-c-driver.git/src/libbson/src/bson/bson.c
          #8 0x7f18d8438600 in _bson_json_read_append_code /home/admin/mongo-c-driver.git/src/libbson/src/bson/bson-json.c:1422:8
          #9 0x7f18d8438600 in _bson_json_read_end_map /home/admin/mongo-c-driver.git/src/libbson/src/bson/bson-json.c:1592
          #10 0x7f18d8438600 in _pop_callback /home/admin/mongo-c-driver.git/src/libbson/src/bson/bson-json.c:1936
          #11 0x7f18d84567aa in jsonsl_feed /home/admin/mongo-c-driver.git/src/libbson/src/jsonsl/jsonsl.c:692:17
          #12 0x7f18d8431e83 in bson_json_reader_read /home/admin/mongo-c-driver.git/src/libbson/src/bson/bson-json.c:2069:10
          #13 0x522633 in LLVMFuzzerTestOneInput /home/admin/mongo-c-driver.git/src/libbson/examples/json-to-bson.c:53:16
          #14 0x42feaa in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x42feaa)
          #15 0x42f445 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x42f445)
          #16 0x43118e in fuzzer::Fuzzer::MutateAndTestOne() (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x43118e)
          #17 0x431e65 in fuzzer::Fuzzer::Loop(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, fuzzer::fuzzer_allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x431e65)
          #18 0x427e90 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x427e90)
          #19 0x44b4a2 in main (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x44b4a2)
          #20 0x7f18d803b09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
          #21 0x4219a9 in _start (/home/admin/mongo-c-driver.git/cmake-build/src/libbson/json-to-bson+0x4219a9)   
      

            Assignee:
            colby.pike@mongodb.com Colby Pike
            Reporter:
            roberto.sanchez@mongodb.com Roberto Sanchez
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: