You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While running an app that includes Firebase Performance with the Address Sanitizer on, a heap-buffer-overflow was reported in FPREncodePerfSessions() (FPRNanoPbUtils.m:224).
FPREncodePerfSessions() is allocating an array of size 0 and then set a value for the first element of this array.
I believe that line 226: perfSessions[perfSessionIndex].session_verbosity_count = 1;
should be moved up to line 221, just before : perfSessions[perfSessionIndex].session_verbosity = calloc(perfSessions[perfSessionIndex].session_verbosity_count, sizeof(firebase_perf_v1_SessionVerbosity));
What follows is a full copy of the console log:
2021-10-21 23:02:49.681735+0200 Runner[384:9452]
2021-10-21 23:02:49.681785+0200 Runner[384:9452] Thread T1 created by T0 here:
2021-10-21 23:02:49.681846+0200 Runner[384:9452] <empty stack>
2021-10-21 23:02:49.682064+0200 Runner[384:9452]
2021-10-21 23:02:49.682203+0200 Runner[384:9452] SUMMARY: AddressSanitizer: heap-buffer-overflow (/private/var/containers/Bundle/Application/A73A6C74-6EC4-4778-9796-85F93E8084F1/Runner.app/Frameworks/FirebasePerformance.framework/FirebasePerformance:arm64+0x45eb8) in __FPREncodePerfSessions_block_invoke+0x77c
2021-10-21 23:02:49.682353+0200 Runner[384:9452] Shadow bytes around the buggy address:
2021-10-21 23:02:49.682551+0200 Runner[384:9452] 0x000139362f00: fa fa fa fa fa fa 00 03 fa fa 00 01 fa fa 00 00
2021-10-21 23:02:49.682695+0200 Runner[384:9452] 0x000139362f10: fa fa 00 06 fa fa 00 04 fa fa 00 fa fa fa 00 00
2021-10-21 23:02:49.682908+0200 Runner[384:9452] 0x000139362f20: fa fa 00 00 fa fa fa fa fa fa 07 fa fa fa fa fa
2021-10-21 23:02:49.683024+0200 Runner[384:9452] 0x000139362f30: fa fa 00 00 fa fa 05 fa fa fa fa fa fa fa 05 fa
2021-10-21 23:02:49.683179+0200 Runner[384:9452] 0x000139362f40: fa fa fa fa fa fa 05 fa fa fa fa fa fa fa fa fa
2021-10-21 23:02:49.683343+0200 Runner[384:9452] =>0x000139362f50: fa fa[01]fa fa fa fa fa fa fa 00 00 fa fa fa fa
2021-10-21 23:02:49.683449+0200 Runner[384:9452] 0x000139362f60: fa fa 00 00 fa fa 00 00 fa fa 05 fa fa fa fa fa
2021-10-21 23:02:49.683545+0200 Runner[384:9452] 0x000139362f70: fa fa fd fa fa fa 00 fa fa fa 00 00 fa fa fd fd
2021-10-21 23:02:49.683637+0200 Runner[384:9452] 0x000139362f80: fa fa 04 fa fa fa 00 00 fa fa fd fd fa fa 00 00
2021-10-21 23:02:49.683731+0200 Runner[384:9452] 0x000139362f90: fa fa 00 04 fa fa fd fd fa fa 00 00 fa fa 00 00
2021-10-21 23:02:49.684046+0200 Runner[384:9452] 0x000139362fa0: fa fa 00 06 fa fa 00 fa fa fa 00 00 fa fa fd fd
2021-10-21 23:02:49.684177+0200 Runner[384:9452] Shadow byte legend (one shadow byte represents 8 application bytes):
2021-10-21 23:02:49.684367+0200 Runner[384:9452] Addressable: 00
2021-10-21 23:02:49.684467+0200 Runner[384:9452] Partially addressable: 01 02 03 04 05 06 07
2021-10-21 23:02:49.684664+0200 Runner[384:9452] Heap left redzone: fa
2021-10-21 23:02:49.684779+0200 Runner[384:9452] Freed heap region: fd
2021-10-21 23:02:49.684954+0200 Runner[384:9452] Stack left redzone: f1
2021-10-21 23:02:49.685186+0200 Runner[384:9452] Stack mid redzone: f2
2021-10-21 23:02:49.685262+0200 Runner[384:9452] Stack right redzone: f3
2021-10-21 23:02:49.685424+0200 Runner[384:9452] Stack after return: f5
2021-10-21 23:02:49.685527+0200 Runner[384:9452] Stack use after scope: f8
2021-10-21 23:02:49.685636+0200 Runner[384:9452] Global redzone: f9
2021-10-21 23:02:49.685773+0200 Runner[384:9452] Global init order: f6
2021-10-21 23:02:49.686026+0200 Runner[384:9452] Poisoned by user: f7
2021-10-21 23:02:49.686118+0200 Runner[384:9452] Container overflow: fc
2021-10-21 23:02:49.686242+0200 Runner[384:9452] Array cookie: ac
2021-10-21 23:02:49.686355+0200 Runner[384:9452] Intra object redzone: bb
2021-10-21 23:02:49.686447+0200 Runner[384:9452] ASan internal: fe
2021-10-21 23:02:49.686771+0200 Runner[384:9452] Left alloca redzone: ca
2021-10-21 23:02:49.687040+0200 Runner[384:9452] Right alloca redzone: cb
2021-10-21 23:02:49.687124+0200 Runner[384:9452] Shadow gap: cc
==384==ABORTING
Warning: hit breakpoint while running function, skipping commands and conditions to prevent recursion.
AddressSanitizer report breakpoint hit. Use 'thread info -s' to get extended information about the report.
(lldb) thread info -s
thread #2: tid = 0x24ec, 0x0000000100c10b10 libclang_rt.asan_ios_dynamic.dylib`__asan::AsanDie(), queue = 'com.google.perf.FPREventsQueue', stop reason = Heap buffer overflow
{
"access_size": 4,
"access_type": 1,
"address": 6082886288,
"description": "heap-buffer-overflow",
"instrumentation_class": "AddressSanitizer",
"pc": 4371455676,
"stop_type": "fatal_error"
}
(lldb)
The text was updated successfully, but these errors were encountered:
[REQUIRED] Step 1: Describe your environment
CocoaPods
[REQUIRED] Step 2: Describe the problem
Steps to reproduce:
While running an app that includes Firebase Performance with the Address Sanitizer on, a heap-buffer-overflow was reported in FPREncodePerfSessions() (FPRNanoPbUtils.m:224).
FPREncodePerfSessions() is allocating an array of size 0 and then set a value for the first element of this array.
I believe that line 226:
perfSessions[perfSessionIndex].session_verbosity_count = 1;
should be moved up to line 221, just before :
perfSessions[perfSessionIndex].session_verbosity = calloc(perfSessions[perfSessionIndex].session_verbosity_count, sizeof(firebase_perf_v1_SessionVerbosity));
What follows is a full copy of the console log:
The text was updated successfully, but these errors were encountered: