fix: asan stack-use-after-scope in soci::use with rvalues (#4676)

Address a stack-use-after-scope issue when using rvalues with `soci::use`. Replace rvalues with lvalues to ensure the scope extends beyond the end of the expression. The issue arises from `soci` taking a reference to the rvalue without copying its value or extending its lifetime. `soci` references rvalues in `soci::use_container` and then the address in `soci_use_type`. For types like `int`, memory access post-lifetime is unlikely to cause issues. However, for `std::string`, the backing heap memory can be freed and potentially reused, leading to a potential segmentation fault. This was detected on x86_64 using clang-15 with asan. asan confirms resolution of the issue. Fix #4675
XRPLF · Oct 4, 2023 · 3dea78d · 3dea78d
1 parent e27d24b
commit 3dea78d
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/src/ripple/app/rdb/impl/UnitaryShard.cpp b/src/ripple/app/rdb/impl/UnitaryShard.cpp
@@ -175,6 +175,11 @@ updateLedgerDBs(
 
         auto const sParentHash{to_string(ledger->info().parentHash)};
         auto const sDrops{to_string(ledger->info().drops)};
+        auto const closingTime{
+            ledger->info().closeTime.time_since_epoch().count()};
+        auto const prevClosingTime{
+            ledger->info().parentCloseTime.time_since_epoch().count()};
+        auto const closeTimeRes{ledger->info().closeTimeResolution.count()};
         auto const sAccountHash{to_string(ledger->info().accountHash)};
         auto const sTxHash{to_string(ledger->info().txHash)};
 
@@ -190,11 +195,8 @@ updateLedgerDBs(
                    ":closingTime, :prevClosingTime, :closeTimeRes,"
                    ":closeFlags, :accountSetHash, :transSetHash);",
             soci::use(sHash), soci::use(ledgerSeq), soci::use(sParentHash),
-            soci::use(sDrops),
-            soci::use(ledger->info().closeTime.time_since_epoch().count()),
-            soci::use(
-                ledger->info().parentCloseTime.time_since_epoch().count()),
-            soci::use(ledger->info().closeTimeResolution.count()),
+            soci::use(sDrops), soci::use(closingTime),
+            soci::use(prevClosingTime), soci::use(closeTimeRes),
             soci::use(ledger->info().closeFlags), soci::use(sAccountHash),
             soci::use(sTxHash);
 

diff --git a/src/ripple/app/rdb/impl/Wallet.cpp b/src/ripple/app/rdb/impl/Wallet.cpp
@@ -205,19 +205,20 @@ insertPeerReservation(
     PublicKey const& nodeId,
     std::string const& description)
 {
+    auto const sNodeId = toBase58(TokenType::NodePublic, nodeId);
     session << "INSERT INTO PeerReservations (PublicKey, Description) "
                "VALUES (:nodeId, :desc) "
                "ON CONFLICT (PublicKey) DO UPDATE SET "
                "Description=excluded.Description",
-        soci::use(toBase58(TokenType::NodePublic, nodeId)),
-        soci::use(description);
+        soci::use(sNodeId), soci::use(description);
 }
 
 void
 deletePeerReservation(soci::session& session, PublicKey const& nodeId)
 {
+    auto const sNodeId = toBase58(TokenType::NodePublic, nodeId);
     session << "DELETE FROM PeerReservations WHERE PublicKey = :nodeId",
-        soci::use(toBase58(TokenType::NodePublic, nodeId));
+        soci::use(sNodeId);
 }
 
 bool