fix: asan stack-use-after-scope in soci::use with rvalues (#4676)

Address a stack-use-after-scope issue when using rvalues with `soci::use`. Replace rvalues with lvalues to ensure the scope extends beyond the end of the expression. The issue arises from `soci` taking a reference to the rvalue without copying its value or extending its lifetime. `soci` references rvalues in `soci::use_container` and then the address in `soci_use_type`. For types like `int`, memory access post-lifetime is unlikely to cause issues. However, for `std::string`, the backing heap memory can be freed and potentially reused, leading to a potential segmentation fault. This was detected on x86_64 using clang-15 with asan. asan confirms resolution of the issue. Fix #4675
2025-11-13 23:55:50 +00:00 · 2023-10-04 06:21:36 +02:00
parent e27d24ba00
commit 3dea78d34b
2 changed files with 11 additions and 8 deletions
--- a/src/ripple/app/rdb/impl/UnitaryShard.cpp
+++ b/src/ripple/app/rdb/impl/UnitaryShard.cpp
@@ -175,6 +175,11 @@ updateLedgerDBs(

        auto const sParentHash{to_string(ledger->info().parentHash)};
        auto const sDrops{to_string(ledger->info().drops)};
+        auto const closingTime{
+            ledger->info().closeTime.time_since_epoch().count()};
+        auto const prevClosingTime{
+            ledger->info().parentCloseTime.time_since_epoch().count()};
+        auto const closeTimeRes{ledger->info().closeTimeResolution.count()};
        auto const sAccountHash{to_string(ledger->info().accountHash)};
        auto const sTxHash{to_string(ledger->info().txHash)};

@@ -190,11 +195,8 @@ updateLedgerDBs(
                   ":closingTime, :prevClosingTime, :closeTimeRes,"
                   ":closeFlags, :accountSetHash, :transSetHash);",
            soci::use(sHash), soci::use(ledgerSeq), soci::use(sParentHash),
-            soci::use(sDrops),
-            soci::use(ledger->info().closeTime.time_since_epoch().count()),
-            soci::use(
-                ledger->info().parentCloseTime.time_since_epoch().count()),
-            soci::use(ledger->info().closeTimeResolution.count()),
+            soci::use(sDrops), soci::use(closingTime),
+            soci::use(prevClosingTime), soci::use(closeTimeRes),
            soci::use(ledger->info().closeFlags), soci::use(sAccountHash),
            soci::use(sTxHash);

--- a/src/ripple/app/rdb/impl/Wallet.cpp
+++ b/src/ripple/app/rdb/impl/Wallet.cpp
@@ -205,19 +205,20 @@ insertPeerReservation(
    PublicKey const& nodeId,
    std::string const& description)
 {
+    auto const sNodeId = toBase58(TokenType::NodePublic, nodeId);
    session << "INSERT INTO PeerReservations (PublicKey, Description) "
               "VALUES (:nodeId, :desc) "
               "ON CONFLICT (PublicKey) DO UPDATE SET "
               "Description=excluded.Description",
-        soci::use(toBase58(TokenType::NodePublic, nodeId)),
-        soci::use(description);
+        soci::use(sNodeId), soci::use(description);
 }

 void
 deletePeerReservation(soci::session& session, PublicKey const& nodeId)
 {
+    auto const sNodeId = toBase58(TokenType::NodePublic, nodeId);
    session << "DELETE FROM PeerReservations WHERE PublicKey = :nodeId",
-        soci::use(toBase58(TokenType::NodePublic, nodeId));
+        soci::use(sNodeId);
 }

 bool