-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Out of bounds access kills daemon #4003
Comments
There is no bug here. The thing that was crashing the daemon here is the fact that you used CRLF line endings rather than just LF. To demonstrate, the command here is the same as yours just with all the
|
HTTP specifies that CRLF line endings should be used. In any case, the daemon must not crash for any input, so there is a bug here. |
Is there any chance for this to be assigned to me since I'm nearing in on the cause of the bug and I don't want to clash with anyone's work? |
Awesome, sure! :) |
@Quantomicus I've linked the bug in my original report: It's assumed that |
The issue goes deeper than that. The issue is with parsing HTTP API requests involving multipart files. Since you only provide a boundary as the content, the parser gets confused and passes the broken data as a directory which leads to the code looking for children in the 'directory' down the callstack. |
Getting similar error:
|
1. Use printf to reliably expand escape sequences by default. 2. grep needs to exit after the first match as we're using HTTP/1.1 (the remote side will not close the connection after sending the response). License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>
1. Use printf to reliably expand escape sequences by default. 2. grep needs to exit after the first match as we're using HTTP/1.1 (the remote side will not close the connection after sending the response). License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>
1. Use printf to reliably expand escape sequences by default. 2. grep needs to exit after the first match as we're using HTTP/1.1 (the remote side will not close the connection after sending the response). License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>
1. Use printf to reliably expand escape sequences by default. 2. grep needs to exit after the first match as we're using HTTP/1.1 (the remote side will not close the connection after sending the response). License: MIT Signed-off-by: Steven Allen <steven@stebalien.com>
Version information:
The latest version of the release branch, currently 0.4.8. I've digged a bit into the code and it seems this is still the case on master.
Type:
Bug
Severity:
application panic, but probably not that critical
Description:
I've tried to write an api client for ipfs, while doing that I noticed my client is crashing the ipfs daemon. I was able to fix this issue and my client is now working correctly, but I spent some more time to reproduce the issue with a one-liner to verify the issue without compiling my application:
This causes an out-of-bounds access on an empty list:
https://github.com/ipfs/go-ipfs/blob/b04cd7a68d55861850357c33a7c8fdaa4762f5ef/core/coreunix/add.go#L204
I hope this helps to resolve the underlying issue. :)
The text was updated successfully, but these errors were encountered: