mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-27 01:51:59 +00:00
Fix heap-buffer-overflow in highlighting multi-line comments
Not closed multi-line comment returns the whole query, so it should not be processed further with the lexer. ASan report: :) /*================================================================= ==14889==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60400006ebc0 at pc 0x00000a8148ea bp 0x7fffffff8610 sp 0x7fffffff7dd8 WRITE of size 16 at 0x60400006ebc0 thread T0 0 0xa8148e9 in __asan_memcpy (/src/ch/tmp/upstream/clickhouse-asan+0xa8148e9) 1 0xaa8a3a4 in DB::Client::highlight(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::vector<replxx::Replxx::Color, std::__1::allocator<replxx::Replxx::Color> >&) obj-x86_64-linux-gnu/../programs/client/Client.cpp:464:52 2 0x25f7b6d8 in std::__1::__function::__policy_func<void (std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::vector<replxx::Replxx::Color, std::__1::allocator<replxx::Replxx::Color> >&)>::operator()(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::vector<replxx::Replxx::Color, std::__1::allocator<replxx::Replxx::Color> >&) const obj-x86_64-linux-gnu/../contrib/libcxx/include/functional:2221:16 3 0x25f7b6d8 in std::__1::function<void (std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::vector<replxx::Replxx::Color, std::__1::allocator<replxx::Replxx::Color> >&)>::operator()(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::vector<replxx::Replxx::Color, std::__1::allocator<replxx::Replxx::Color> >&) const obj-x86_64-linux-gnu/../contrib/libcxx/include/functional:2560:12 4 0x25f7b6d8 in replxx::Replxx::ReplxxImpl::render(replxx::Replxx::ReplxxImpl::HINT_ACTION) obj-x86_64-linux-gnu/../contrib/replxx/src/replxx_impl.cxx:546:3 5 0x25f74059 in replxx::Replxx::ReplxxImpl::refresh_line(replxx::Replxx::ReplxxImpl::HINT_ACTION) obj-x86_64-linux-gnu/../contrib/replxx/src/replxx_impl.cxx:729:2 6 0x25f6bc8f in replxx::Replxx::ReplxxImpl::insert_character(char32_t) obj-x86_64-linux-gnu/../contrib/replxx/src/replxx_impl.cxx:1197:3 7 0x25f79347 in replxx::Replxx::ReplxxImpl::action(unsigned long long, replxx::Replxx::ACTION_RESULT (replxx::Replxx::ReplxxImpl::* const&)(char32_t), char32_t) obj-x86_64-linux-gnu/../contrib/replxx/src/replxx_impl.cxx:1130:29 8 0x25f79347 in replxx::Replxx::ReplxxImpl::get_input_line() obj-x86_64-linux-gnu/../contrib/replxx/src/replxx_impl.cxx:1123:11 9 0x25f7844c in replxx::Replxx::ReplxxImpl::input(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) obj-x86_64-linux-gnu/../contrib/replxx/src/replxx_impl.cxx:455:8 10 0x25af5693 in ReplxxLineReader::readOneLine(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) obj-x86_64-linux-gnu/../base/common/ReplxxLineReader.cpp:108:29 11 0x25aed149 in LineReader::readLine(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) obj-x86_64-linux-gnu/../base/common/LineReader.cpp:81:26 12 0xaa80ba2 in DB::Client::mainImpl() obj-x86_64-linux-gnu/../programs/client/Client.cpp:654:33 13 0xaa756f5 in DB::Client::main(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) obj-x86_64-linux-gnu/../programs/client/Client.cpp:280:20 14 0x25c0c8b5 in Poco::Util::Application::run() obj-x86_64-linux-gnu/../contrib/poco/Util/src/Application.cpp:334:8 15 0xaa4d050 in mainEntryClickHouseClient(int, char**) obj-x86_64-linux-gnu/../programs/client/Client.cpp:2724:23 16 0xa848c3a in main obj-x86_64-linux-gnu/../programs/main.cpp:368:12 17 0x7ffff7dcab24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24) 18 0xa79b36d in _start (/src/ch/tmp/upstream/clickhouse-asan+0xa79b36d) 0x60400006ebc0 is located 0 bytes to the right of 48-byte region [0x60400006eb90,0x60400006ebc0) allocated by thread T0 here: 0 0xa84509d in operator new(unsigned long) (/src/ch/tmp/upstream/clickhouse-asan+0xa84509d) 1 0x25f7af76 in void* std::__1::__libcpp_operator_new<unsigned long>(unsigned long) obj-x86_64-linux-gnu/../contrib/libcxx/include/new:235:10 2 0x25f7af76 in std::__1::__libcpp_allocate(unsigned long, unsigned long) obj-x86_64-linux-gnu/../contrib/libcxx/include/new:261:10 3 0x25f7af76 in std::__1::allocator<replxx::Replxx::Color>::allocate(unsigned long) obj-x86_64-linux-gnu/../contrib/libcxx/include/memory:840:38 4 0x25f7af76 in std::__1::allocator_traits<std::__1::allocator<replxx::Replxx::Color> >::allocate(std::__1::allocator<replxx::Replxx::Color>&, unsigned long) obj-x86_64-linux-gnu/../contrib/libcxx/include/__memory/allocator_traits.h:468:21 5 0x25f7af76 in std::__1::vector<replxx::Replxx::Color, std::__1::allocator<replxx::Replxx::Color> >::__vallocate(unsigned long) obj-x86_64-linux-gnu/../contrib/libcxx/include/vector:993:37 6 0x25f7af76 in std::__1::vector<replxx::Replxx::Color, std::__1::allocator<replxx::Replxx::Color> >::vector(unsigned long, replxx::Replxx::Color const&) obj-x86_64-linux-gnu/../contrib/libcxx/include/vector:1155:9 7 0x25f7af76 in replxx::Replxx::ReplxxImpl::render(replxx::Replxx::ReplxxImpl::HINT_ACTION) obj-x86_64-linux-gnu/../contrib/replxx/src/replxx_impl.cxx:543:19 8 0x25f74059 in replxx::Replxx::ReplxxImpl::refresh_line(replxx::Replxx::ReplxxImpl::HINT_ACTION) obj-x86_64-linux-gnu/../contrib/replxx/src/replxx_impl.cxx:729:2 9 0x25f6bc8f in replxx::Replxx::ReplxxImpl::insert_character(char32_t) obj-x86_64-linux-gnu/../contrib/replxx/src/replxx_impl.cxx:1197:3 10 0x25f79347 in replxx::Replxx::ReplxxImpl::action(unsigned long long, replxx::Replxx::ACTION_RESULT (replxx::Replxx::ReplxxImpl::* const&)(char32_t), char32_t) obj-x86_64-linux-gnu/../contrib/replxx/src/replxx_impl.cxx:1130:29 11 0x25f79347 in replxx::Replxx::ReplxxImpl::get_input_line() obj-x86_64-linux-gnu/../contrib/replxx/src/replxx_impl.cxx:1123:11 12 0x25f7844c in replxx::Replxx::ReplxxImpl::input(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) obj-x86_64-linux-gnu/../contrib/replxx/src/replxx_impl.cxx:455:8 13 0x25af5693 in ReplxxLineReader::readOneLine(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) obj-x86_64-linux-gnu/../base/common/ReplxxLineReader.cpp:108:29 14 0x25aed149 in LineReader::readLine(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) obj-x86_64-linux-gnu/../base/common/LineReader.cpp:81:26 15 0xaa80ba2 in DB::Client::mainImpl() obj-x86_64-linux-gnu/../programs/client/Client.cpp:654:33 16 0xaa756f5 in DB::Client::main(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) obj-x86_64-linux-gnu/../programs/client/Client.cpp:280:20 17 0x25c0c8b5 in Poco::Util::Application::run() obj-x86_64-linux-gnu/../contrib/poco/Util/src/Application.cpp:334:8 18 0xaa4d050 in mainEntryClickHouseClient(int, char**) obj-x86_64-linux-gnu/../programs/client/Client.cpp:2724:23 19 0xa848c3a in main obj-x86_64-linux-gnu/../programs/main.cpp:368:12 20 0x7ffff7dcab24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24) SUMMARY: AddressSanitizer: heap-buffer-overflow (/src/ch/tmp/upstream/clickhouse-asan+0xa8148e9) in __asan_memcpy v2: fix lexer instead of client quirk
This commit is contained in:
parent
af2135ef9d
commit
9c35e49878
@ -275,7 +275,8 @@ Token Lexer::nextTokenImpl()
|
||||
else
|
||||
++pos;
|
||||
}
|
||||
return Token(TokenType::ErrorMultilineCommentIsNotClosed, token_begin, end);
|
||||
pos = end;
|
||||
return Token(TokenType::ErrorMultilineCommentIsNotClosed, token_begin, pos);
|
||||
}
|
||||
}
|
||||
return Token(TokenType::Slash, token_begin, pos);
|
||||
|
@ -0,0 +1,25 @@
|
||||
#!/usr/bin/expect -f
|
||||
|
||||
log_user 0
|
||||
set timeout 5
|
||||
match_max 100000
|
||||
# A default timeout action is to do nothing, change it to fail
|
||||
expect_after {
|
||||
timeout {
|
||||
exit 2
|
||||
}
|
||||
}
|
||||
|
||||
set basedir [file dirname $argv0]
|
||||
spawn bash -c "source $basedir/../shell_config.sh ; \$CLICKHOUSE_CLIENT_BINARY \$CLICKHOUSE_CLIENT_OPT"
|
||||
expect ":) "
|
||||
|
||||
# regression for heap-buffer-overflow issue (under ASAN)
|
||||
send -- "/**"
|
||||
expect "/**"
|
||||
# just in case few more bytes
|
||||
send -- "foobar"
|
||||
expect "/**foobar"
|
||||
|
||||
send -- "\3\4"
|
||||
expect eof
|
@ -212,3 +212,4 @@
|
||||
01017_uniqCombined_memory_usage
|
||||
01747_join_view_filter_dictionary
|
||||
01748_dictionary_table_dot
|
||||
01755_client_highlight_multi_line_comment_regression
|
||||
|
@ -95,7 +95,8 @@
|
||||
"01370_client_autocomplete_word_break_characters",
|
||||
"01676_clickhouse_client_autocomplete",
|
||||
"01193_metadata_loading",
|
||||
"01455_time_zones"
|
||||
"01455_time_zones",
|
||||
"01755_client_highlight_multi_line_comment_regression"
|
||||
],
|
||||
"release-build": [
|
||||
],
|
||||
|
Loading…
Reference in New Issue
Block a user