I need help fixing an fsanitize=address error on this code. If I compile my .c program with the flags "fsanitize=address -g" I get the following error:
==93042==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x000107903a7c at pc 0x0001052aa780 bp 0x00016b2af490 sp 0x00016b2aec48
READ of size 1 at 0x000107903a7c thread T0
#0 0x1052aa77c in wrap_strchr 0x18c (libclang_rt.asan_osx_dynamic.dylib:arm64e 0x1677c)
#1 0x104b50b70 in processData front.c:50
#2 0x104b509d0 in main front.c:27
#3 0x104eb5088 in start 0x204 (dyld:arm64e 0x5088)
The function I'm having problems with is called "processData". It gets a "char * data" which contains an entire CSV file (which has been copied as a string to it), and divides the csv file in lines. Each line is then sent to a "loadData" function. The "processData()" function starts by declaring two pointers: "string", which points to the character string passed as an argument, and "line", which initially points to the '\n' character (new line) in the "data" string. Then, function enters a loop that runs while there are lines left in the "data" string. Inside the loop, the function calculates the size of the current line by subtracting the value of "string" from the value of "line". Then, it creates a "aux" variable to store the current line and copies the line into the "aux" variable using "strncpy()". Next, the function adds a null character at the end of the "aux" string to indicate the end of the string. Then, it sends the line to the "loadLine()" function passed as an argument for processing. Finally, it updates the "string" pointer to point to the beginning of the next line in the "data" string. Once all lines in the "data" string have been processed, the "processData()" function ends and returns control to the caller.
This is what the processData function looks like (I have highlighted line 50):
void processData(sensorADT s, char * data, loadLine loadData) {
// Pointer to the "data" string
char * string = data;
// Pointer to the '\n' character (new line) in the "data" string
char * line;
// Loop that runs while there are lines left in the "data" string
// THE FOLLOWING LINE IS LINE 50:
while (string != NULL && (line = strchr(string,'\n')) != NULL) {
// Calculates the size of the current line
int len = line - string;
// Creates a "aux" variable to store the current line
char aux[len 1];
// Copies the current line in the "aux" variable
strncpy(aux, string, len);
// Adds a null character at the end of the line to indicate the end of the string
aux[len] = 0;
// Sends the line to the "loadLine()" function for processing
loadData(s, aux);
// Updates the "string" pointer to point to the beginning of the next line
string = line 1;
}
}
If I try compiling and running the code without the sanitizer on, it works as intended.
Thanks!
I tried compiling my program with the sanitize flag on, and I get that error. If I compile it without the sanitizer flag, it runs flawlessly and gives me the expected results.
CodePudding user response:
According to your error message, the culprit is wrap_strchr()
, which is reading after the allocated space of the string.
Since strchr()
should stop at the final '\0'
of the string and return NULL
, my guess is that your data
is not null-terminated at all.
By the way, that also means that strlen()
will trigger the same error.
There is no easy way out of this error inside the function. Either you add a size_t len
parameter or ensure that the string is null-terminated in the caller.