Subject: [Boost-bugs] [Boost C++ Libraries] #11082: Hitting "Security check failure or stack buffer overrun" when using read_json to read a JSON string into a property tree
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2015-03-06 20:08:59
#11082: Hitting "Security check failure or stack buffer overrun" when using
read_json to read a JSON string into a property tree
------------------------------+---------------------------
Reporter: muskad202@… | Owner: cornedbee
Type: Bugs | Status: new
Milestone: To Be Determined | Component: property_tree
Version: Boost 1.57.0 | Severity: Problem
Keywords: |
------------------------------+---------------------------
The JSON string is fine - (a) I verified it in the debugger (b) the string
is generated using write_json at another point in the program.
Call Stack:
===========
# Child-SP RetAddr Call Site
00 00000081`6dade0d0 00007ff8`3d14ddc1 msvcr120!abort+0x34
[f:\dd\vctools\crt\crtw32\misc\abort.c @ 88]
01 00000081`6dade100 00007ff6`0af25e9c msvcr120!_purecall+0x29
[f:\dd\vctools\crt\crtw32\misc\purevirt.c @ 59]
02 00000081`6dade130 00007ff6`0af3028d
dmserver!std::_For_each<std::reverse_iterator<std::_Vector_iterator<std::_Vector_val<std::_Simple_types<boost::spirit::classic::impl::grammar_helper_base<boost::spirit::classic::grammar<boost::property_tree::json_parser::json_grammar<boost::property_tree::basic_ptree<std::basic_string<char,std::char_traits<char>,std::allocator<char>
>,std::basic_string<char,std::char_traits<char>,std::allocator<char>
>,std::less<std::basic_string<char,std::char_traits<char>,std::allocator<char>
> > >
>,boost::spirit::classic::parser_context<boost::spirit::classic::nil_t> >
> * __ptr64> > >
>,std::binder2nd<std::mem_fun1_t<int,boost::spirit::classic::impl::grammar_helper_base<boost::spirit::classic::grammar<boost::property_tree::json_parser::json_grammar<boost::property_tree::basic_ptree<std::basic_string<char,std::char_traits<char>,std::allocator<char>
>,std::basic_string<char,std::char_traits<char>,std::allocator<char>
>,std::less<std::basic_string<char,std::char_traits<char>,std::allocator<char>
> > >
>,boost::spirit::classic::parser_context<boost::spirit::classic::nil_t> >
>,boost::spirit::classic::grammar<boost::property_tree::json_parser::json_grammar<boost::property_tree::basic_ptree<std::basic_string<char,std::char_traits<char>,std::allocator<char>
>,std::basic_string<char,std::char_traits<char>,std::allocator<char>
>,std::less<std::basic_string<char,std::char_traits<char>,std::allocator<char>
> > >
>,boost::spirit::classic::parser_context<boost::spirit::classic::nil_t> >
* __ptr64> > >+0xdc
[x:\temp\nugetcache\.visualcpp.corext.d0psuy2jyr5xy1syeqwt_g\include\algorithm
@ 24]
03 00000081`6dade1a0 00007ff6`0af465f7
dmserver!boost::spirit::classic::impl::grammar_destruct<boost::spirit::classic::grammar<boost::property_tree::json_parser::json_grammar<boost::property_tree::basic_ptree<std::basic_string<char,std::char_traits<char>,std::allocator<char>
>,std::basic_string<char,std::char_traits<char>,std::allocator<char>
>,std::less<std::basic_string<char,std::char_traits<char>,std::allocator<char>
> > >
>,boost::spirit::classic::parser_context<boost::spirit::classic::nil_t> >
>+0x11d
[x:\bt\426719\private\packages\boost.library\v1.57.0\include\boost\spirit\home\classic\core\non_terminal\impl\grammar.ipp
@ 295]
04 00000081`6dade290 00007ff6`0af37f73
dmserver!boost::property_tree::json_parser::json_grammar<boost::property_tree::basic_ptree<std::basic_string<char,std::char_traits<char>,std::allocator<char>
>,std::basic_string<char,std::char_traits<char>,std::allocator<char>
>,std::less<std::basic_string<char,std::char_traits<char>,std::allocator<char>
> > >
>::~json_grammar<boost::property_tree::basic_ptree<std::basic_string<char,std::char_traits<char>,std::allocator<char>
>,std::basic_string<char,std::char_traits<char>,std::allocator<char>
>,std::less<std::basic_string<char,std::char_traits<char>,std::allocator<char>
> > > >+0x37
05 00000081`6dade2d0 00007ff6`0af3793e
dmserver!boost::property_tree::json_parser::read_json_internal<boost::property_tree::basic_ptree<std::basic_string<char,std::char_traits<char>,std::allocator<char>
>,std::basic_string<char,std::char_traits<char>,std::allocator<char>
>,std::less<std::basic_string<char,std::char_traits<char>,std::allocator<char>
> > > >+0x603
[x:\bt\426719\private\packages\boost.library\v1.57.0\include\boost\property_tree\detail\json_parser_read.hpp
@ 328]
06 00000081`6dade7a0 00007ff6`0afd2a27
dmserver!boost::property_tree::json_parser::read_json<boost::property_tree::basic_ptree<std::basic_string<char,std::char_traits<char>,std::allocator<char>
>,std::basic_string<char,std::char_traits<char>,std::allocator<char>
>,std::less<std::basic_string<char,std::char_traits<char>,std::allocator<char>
> > > >+0x6e
[x:\bt\426719\private\packages\boost.library\v1.57.0\include\boost\property_tree\json_parser.hpp
@ 45]
07 00000081`6dade810 00007ff6`0b01b49e
dmserver!UpdateEnvironmentWithMachineRegistryFromClusterDMCmd::ExecuteReplicatedRequest+0xd7
[x:\bt\426719\private\services\devicemanager\dm\lib\src\dmcommand.cpp @
17344]
08 00000081`6dadf4f0 00007ff6`0b032151
dmserver!CommandExecutor::ProcessSingleEnvironment+0x80e
[x:\bt\426719\private\services\devicemanager\dm\lib\src\commandexecutor.cpp
@ 381]
09 00000081`6dadf7f0 00007ff6`0b032352 dmserver!ThreadPool::Run+0x221
[x:\bt\426719\private\common\apcommon\src\threadpool.cpp @ 63]
0a 00000081`6dadf8e0 00007ff8`3d104f7f
dmserver!ThreadPool::ThreadStartMethod+0x32
[x:\bt\426719\private\common\apcommon\src\threadpool.cpp @ 35]
0b 00000081`6dadf920 00007ff8`3d105126 msvcr120!_callthreadstartex+0x17
[f:\dd\vctools\crt\crtw32\startup\threadex.c @ 376]
0c 00000081`6dadf950 00007ff8`443a16ad msvcr120!_threadstartex+0x102
[f:\dd\vctools\crt\crtw32\startup\threadex.c @ 354]
0d 00000081`6dadf980 00007ff8`451aeb64 kernel32!BaseThreadInitThunk+0xd
[d:\blue_gdr\base\win32\client\thread.c @ 72]
0e 00000081`6dadf9b0 00000000`00000000 ntdll!RtlUserThreadStart+0x34
[d:\9142\minkernel\ntdll\rtlstrt.c @ 1026]
=======
I then tried appending 4096 spaces at the end of the string and then
called read_json. At that point, it then failed with "Access Violation" in
WinDbg (I unfortunately didn't save the stack trace then).
I have the full memory dump corresponding to the stack trace I've shown
above. I unfortunately can't attach it (the process contains HBI data).
But, I'm open to doing a remote session if a developer wants to peek into
it.
-- Ticket URL: <https://svn.boost.org/trac/boost/ticket/11082> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:18 UTC