From 44d39f335e4853d506d24b5dfebd595af2623716 Mon Sep 17 00:00:00 2001 From: Alex Kremer Date: Wed, 9 Jul 2025 21:17:25 +0100 Subject: [PATCH] fix: ASAN heap-buffer-overflow issue in DBHelpers (#2310) --- src/app/WebHandlers.cpp | 2 +- src/data/DBHelpers.hpp | 54 ++------------------------ src/web/impl/HttpBase.hpp | 2 +- tests/unit/util/BlockingCacheTests.cpp | 2 +- 4 files changed, 7 insertions(+), 53 deletions(-) diff --git a/src/app/WebHandlers.cpp b/src/app/WebHandlers.cpp index 97cddb7a..b141b668 100644 --- a/src/app/WebHandlers.cpp +++ b/src/app/WebHandlers.cpp @@ -97,7 +97,7 @@ HealthCheckHandler::operator()( boost::asio::yield_context ) { - static auto constexpr kHEALTH_CHECK_HTML = R"html( + static constexpr auto kHEALTH_CHECK_HTML = R"html( Test page for Clio diff --git a/src/data/DBHelpers.hpp b/src/data/DBHelpers.hpp index 76b5aced..589e7906 100644 --- a/src/data/DBHelpers.hpp +++ b/src/data/DBHelpers.hpp @@ -198,39 +198,6 @@ struct MPTHolderData { ripple::AccountID holder; }; -/** - * @brief Check whether the supplied object is an offer. - * - * @param object The object to check - * @return true if the object is an offer; false otherwise - */ -template -inline bool -isOffer(T const& object) -{ - static constexpr short kOFFER_OFFSET = 0x006f; - static constexpr short kSHIFT = 8; - - short offerBytes = (object[1] << kSHIFT) | object[2]; - return offerBytes == kOFFER_OFFSET; -} - -/** - * @brief Check whether the supplied hex represents an offer object. - * - * @param object The object to check - * @return true if the object is an offer; false otherwise - */ -template -inline bool -isOfferHex(T const& object) -{ - auto blob = ripple::strUnHex(4, object.begin(), object.begin() + 4); - if (blob) - return isOffer(*blob); - return false; -} - /** * @brief Check whether the supplied object is a dir node. * @@ -241,6 +208,10 @@ template inline bool isDirNode(T const& object) { + static constexpr auto kMIN_SIZE_REQUIRED = 3; + if (std::size(object) < kMIN_SIZE_REQUIRED) + return false; + static constexpr short kDIR_NODE_SPACE_KEY = 0x0064; short const spaceKey = (object.data()[1] << 8) | object.data()[2]; return spaceKey == kDIR_NODE_SPACE_KEY; @@ -264,23 +235,6 @@ isBookDir(T const& key, R const& object) return !sle[~ripple::sfOwner].has_value(); } -/** - * @brief Get the book out of an offer object. - * - * @param offer The offer to get the book for - * @return Book as ripple::uint256 - */ -template -inline ripple::uint256 -getBook(T const& offer) -{ - ripple::SerialIter it{offer.data(), offer.size()}; - ripple::SLE const sle{it, {}}; - ripple::uint256 book = sle.getFieldH256(ripple::sfBookDirectory); - - return book; -} - /** * @brief Get the book base. * diff --git a/src/web/impl/HttpBase.hpp b/src/web/impl/HttpBase.hpp index 5f3fa26c..7debb8cf 100644 --- a/src/web/impl/HttpBase.hpp +++ b/src/web/impl/HttpBase.hpp @@ -62,7 +62,7 @@ namespace web::impl { -static auto constexpr kHEALTH_CHECK_HTML = R"html( +static constexpr auto kHEALTH_CHECK_HTML = R"html( Test page for Clio diff --git a/tests/unit/util/BlockingCacheTests.cpp b/tests/unit/util/BlockingCacheTests.cpp index f261d404..8ddd6b23 100644 --- a/tests/unit/util/BlockingCacheTests.cpp +++ b/tests/unit/util/BlockingCacheTests.cpp @@ -222,7 +222,7 @@ TEST_F(BlockingCacheTest, InvalidateWhenStateIsHasValue) EXPECT_EQ(cache->state(), Cache::State::NoValue); } -TEST_F(BlockingCacheTest, UpdateFromTwoCoroutinesHappensOnlyOnes) +TEST_F(BlockingCacheTest, UpdateFromTwoCoroutinesHappensOnlyOnce) { auto waitingCoroutine = [&](boost::asio::yield_context yield) { auto result = cache->update(yield, mockUpdater.AsStdFunction(), mockVerifier.AsStdFunction());