Skip to content

[Backport 2.34-maintenance] parseString(): Fix out-of-bounds read#15854

Merged
internal-nix-ci[bot] merged 1 commit into
2.34-maintenancefrom
backport-15835-to-2.34-maintenance
May 14, 2026
Merged

[Backport 2.34-maintenance] parseString(): Fix out-of-bounds read#15854
internal-nix-ci[bot] merged 1 commit into
2.34-maintenancefrom
backport-15835-to-2.34-maintenance

Conversation

@internal-nix-ci
Copy link
Copy Markdown

@internal-nix-ci internal-nix-ci Bot commented May 14, 2026

Automatic backport to 2.34-maintenance, triggered by a label in #15835.

@edolstra @github-actions
parseString(): Fix out-of-bounds read
2556134 
If the string isn't terminated, parseString() returns a string of size
std::string::npos, which then causes an out-of-bounds read later.

Fixes:

==47978== Invalid read of size 1
==47978==    at 0x4BEF70A: nix::expect(nix::(anonymous namespace)::StringViewStream&, char) (../src/libstore/derivations.cc:232)
==47978==    by 0x4BEE3CA: parseDerivationOutput (../src/libstore/derivations.cc:383)
==47978==    by 0x4BEE3CA: nix::parseDerivation(nix::StoreDirConfig const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&, std::basic_string_view<char, std::char_traits<char> >, nix::ExperimentalFeatureSettings const&) (???:492)
==47978==    by 0x3F3803: nix::DerivationTest_UnterminatedString_Test::TestBody() (../src/libstore-tests/derivation/external-formats.cc:27)
==47978==    by 0x52AD3DD: void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (in /nix/store/qyg0071v3bf8vgcnccd6zi0gvc5abs3f-gtest-1.17.0/lib/libgtest.so.1.17.0)
==47978==    by 0x5298E3D: testing::Test::Run() (in /nix/store/qyg0071v3bf8vgcnccd6zi0gvc5abs3f-gtest-1.17.0/lib/libgtest.so.1.17.0)
==47978==    by 0x5298FCC: testing::TestInfo::Run() (in /nix/store/qyg0071v3bf8vgcnccd6zi0gvc5abs3f-gtest-1.17.0/lib/libgtest.so.1.17.0)
==47978==    by 0x529920E: testing::TestSuite::Run() (in /nix/store/qyg0071v3bf8vgcnccd6zi0gvc5abs3f-gtest-1.17.0/lib/libgtest.so.1.17.0)
==47978==    by 0x52A3996: testing::internal::UnitTestImpl::RunAllTests() (in /nix/store/qyg0071v3bf8vgcnccd6zi0gvc5abs3f-gtest-1.17.0/lib/libgtest.so.1.17.0)
==47978==    by 0x52A3F74: testing::UnitTest::Run() (in /nix/store/qyg0071v3bf8vgcnccd6zi0gvc5abs3f-gtest-1.17.0/lib/libgtest.so.1.17.0)
==47978==    by 0x49DD52: RUN_ALL_TESTS (gtest.h:2334)
==47978==    by 0x49DD52: main (???:16)

(cherry picked from commit 2529588)
@internal-nix-ci internal-nix-ci Bot enabled auto-merge May 14, 2026 00:25
@internal-nix-ci internal-nix-ci Bot mentioned this pull request May 14, 2026
Merged
@internal-nix-ci internal-nix-ci Bot merged commit 3e50519 into 2.34-maintenance May 14, 2026
15 checks passed
@internal-nix-ci internal-nix-ci Bot deleted the backport-15835-to-2.34-maintenance branch May 14, 2026 01:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ericson2314 Ericson2314 Awaiting requested review from Ericson2314 Ericson2314 is a code owner

@edolstra edolstra Awaiting requested review from edolstra edolstra is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@edolstra