Fix: JsonLogFileReader may cause a crash due to buffer overflow during reading. (alibaba#2246)

Takuka0311 · web-flow · commit 64a06e04d7e2 · 2025-06-10T09:46:05.000+08:00
* fix and add ut

* polish

* polish
diff --git a/core/file_server/reader/JsonLogFileReader.cpp b/core/file_server/reader/JsonLogFileReader.cpp
@@ -35,7 +35,7 @@ int32_t JsonLogFileReader::RemoveLastIncompleteLog(char* buffer,
                 break;
             }
             // else impossible to be a valid json line, advance and skip
-            char* pos = strchr(buffer + beginIdx, '\n');
+            char* pos = static_cast<char*>(memchr(buffer + beginIdx, '\n', size - beginIdx));
             if (pos == NULL) {
                 break;
             }
@@ -45,6 +45,9 @@ int32_t JsonLogFileReader::RemoveLastIncompleteLog(char* buffer,
         beginIdx = endIdx + 1;
         buffer[endIdx] = '\0';
     } while (beginIdx < size);
+    if (beginIdx > size) {
+        beginIdx = size;
+    }
     readBytes = beginIdx;
 
     if (allowRollback) {
diff --git a/core/unittest/reader/JsonLogFileReaderUnittest.cpp b/core/unittest/reader/JsonLogFileReaderUnittest.cpp
@@ -517,6 +517,30 @@ void RemoveLastIncompleteLogUnittest::TestRemoveLastIncompleteLogNotValidJson()
         APSARA_TEST_EQUAL_FATAL(std::string(testLog.data(), matchSize), expectMatch);
         APSARA_TEST_EQUAL_FATAL(0, rollbackLineFeedCount);
     }
+    { // test invalid \n at the end of buffer
+        std::string firstLog = R"({
+            "key": {
+                "nested_key": "second value"
+            }
+        })";
+        std::string notjson = "not a json at all.\nnot a json at all.";
+        std::string testLog = firstLog + '\n' + notjson;
+        int32_t logSize = testLog.size();
+        testLog += "\nnot a json at all.";
+        std::replace(notjson.begin(), notjson.end(), '\n', '\0');
+        size_t pos = notjson.rfind("not a json at all.");
+        if (pos != std::string::npos) {
+            notjson = notjson.substr(0, pos);
+        }
+        std::string expectMatch = firstLog + '\0' + notjson;
+        ;
+        int32_t rollbackLineFeedCount = 0;
+        size_t matchSize = mLogFileReader->RemoveLastIncompleteLog(
+            const_cast<char*>(testLog.data()), logSize, rollbackLineFeedCount);
+        APSARA_TEST_EQUAL_FATAL(expectMatch.size(), matchSize);
+        APSARA_TEST_EQUAL_FATAL(std::string(testLog.data(), matchSize), expectMatch);
+        APSARA_TEST_EQUAL_FATAL(1, rollbackLineFeedCount);
+    }
 }
 
 void RemoveLastIncompleteLogUnittest::TestRemoveLastIncompleteLogNotValidJsonNoRollback() {
