Created attachment 8624803 [details] asan log This happens in the sqlite3 code that is bundled with NSS. It is likely no big deal if we don't ship that code. On the other hand I don't know if this is also present in productions code. Steps to reproduce: 1) build nss test suite with address sanitizer 2) run test suite, dbupgrade.sh specifically I'm marking as security just in case.
Summary: global-buffer-overflow on address in certutil running dbupgrade tests → global-buffer-overflow in certutil running dbupgrade tests
Thanks Tyson. Do you know if this issue has already been fixed in the more recent sqlite code? If it is, then we can update the copy of sqlite that's part of NSS. I believe Firefox has its own copy of sqlite, and at the time Firefox builds NSS, the NSS copy of sqlite will be ignored.
Hey Kai, It looks like this issue was fixed in 3.7.16 (18.104.22.168 is bundled). This version is still pretty old, it is from April 2013. 22.214.171.124 is the latest release. I found some information here: https://github.com/ViennaRSS/vienna-rss/issues/179
Tyson: This is a SQLite bug fixed in SQLite 3.7.16 as you noted: 2013-03-18 (3.7.16) ... * Change to use strncmp() or the equivalent instead of memcmp() when comparing non-zero-terminated strings. To work around this bug, add strict_memcmp=0 to the ASAN_OPTIONS environment variable before running AddressSanitizer. See https://code.google.com/p/address-sanitizer/wiki/Flags.
I'd be happy to close this issue as is. If there are plans to update the bundled version of sqlite I can wait.
Let's not close it, but I believe we can open up the bug. The shipped version of sqlite in NSS is there as a convenience. Most NSS users use an external sqlite (linux distributions ship a system sqlite which NSS uses there, firefox provides their own sqlite. I suspect chrome does as well). As such, I think keeping this bug private is counter productive. We should open this up and make turn it into a request to upgrade sqlite to something newer. bob
Mass cc to get some NSS eyes on these bugs.
We're using SQLite 3.10.2 now for a while (since 3.23) and I can't reproduce this anymore. Let's close it.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.