Merge pull request #219 from maxmind/greg/eng-4239

Add crafted bad-data MMDB files for libmaxminddb

Author: horgh

README.md

@@ -3,9 +3,30 @@ subnets (IPv4 or IPv6).
 
 This repository contains the spec for that format as well as test databases.
 
+# Generating Test Data
+
+The `write-test-data` command generates the MMDB test files under `test-data/`
+and `bad-data/`.
+
+When run from anywhere inside this repository, it auto-detects the repo root
+and uses default paths:
+
+```bash
+go run ./cmd/write-test-data
+```
+
+You can override any path with flags:
+
+```bash
+go run ./cmd/write-test-data \
+  -source ./source-data \
+  -target /tmp/test-out \
+  -bad-data /tmp/bad-out
+```
+
 # Copyright and License
 
-This software is Copyright (c) 2013 - 2025 by MaxMind, Inc.
+This software is Copyright (c) 2013 - 2026 by MaxMind, Inc.
 
 This is free software, licensed under the [Apache License, Version
 2.0](LICENSE-APACHE) or the [MIT License](LICENSE-MIT), at your option.

bad-data/README.md

@@ -1,7 +1,14 @@
-These are corrupt databases that have been know to cause problems such as
+These are corrupt databases that have been known to cause problems such as
 segfaults or unhandled errors on one or more MaxMind DB reader
 implementations. Implementations _should_ return an appropriate error
 or raise an exception on these databases.
 
+Databases are organized into subdirectories named after the reader
+implementation that exposed the issue (e.g., `libmaxminddb/`).
+
+Note: `libmaxminddb/libmaxminddb-uint64-max-epoch.mmdb` contains a valid
+database structure with `build_epoch` set to `UINT64_MAX`. It may not produce
+a reader error but can cause overflow in time type conversions.
+
 If you find a corrupt test-sized database that crashes a MMDB reader library,
 please feel free to add it here by creating a pull request.

bad-data/libmaxminddb/libmaxminddb-corrupt-search-tree.mmdb

@@ -2,16 +2,37 @@
 package main
 
 import (
+	"bufio"
 	"flag"
 	"fmt"
 	"os"
+	"path/filepath"
+	"strings"
 
 	"github.com/maxmind/MaxMind-DB/pkg/writer"
 )
 
+const moduleName = "github.com/maxmind/MaxMind-DB"
+
 func main() {
-	source := flag.String("source", "", "Source data directory")
-	target := flag.String("target", "", "Destination directory for the generated mmdb files")
+	var defaultSource, defaultTarget, defaultBadData string
+	if root, err := findRepoRoot(); err == nil {
+		defaultSource = filepath.Join(root, "source-data")
+		defaultTarget = filepath.Join(root, "test-data")
+		defaultBadData = filepath.Join(root, "bad-data", "libmaxminddb")
+	}
+
+	source := flag.String("source", defaultSource, "Source data directory")
+	target := flag.String(
+		"target",
+		defaultTarget,
+		"Destination directory for the generated mmdb files",
+	)
+	badData := flag.String(
+		"bad-data",
+		defaultBadData,
+		"Destination directory for generated bad mmdb files",
+	)
 
 	flag.Parse()
 
@@ -65,4 +86,54 @@ func main() {
 		fmt.Printf("writing GeoIP2 test databases: %+v\n", err)
 		os.Exit(1)
 	}
+
+	if *badData != "" {
+		if err := w.WriteBadDataDBs(*badData); err != nil {
+			fmt.Printf("writing bad data test databases: %+v\n", err)
+			os.Exit(1)
+		}
+	}
+}
+
+// findRepoRoot walks up from the current working directory looking for a
+// go.mod that belongs to this module. It returns the directory containing
+// that go.mod, or an error if none is found.
+func findRepoRoot() (string, error) {
+	dir, err := os.Getwd()
+	if err != nil {
+		return "", fmt.Errorf("getting working directory: %w", err)
+	}
+
+	for {
+		if hasModuleFile(dir) {
+			return dir, nil
+		}
+		parent := filepath.Dir(dir)
+		if parent == dir {
+			return "", fmt.Errorf(
+				"could not find go.mod for %s in any parent directory",
+				moduleName,
+			)
+		}
+		dir = parent
+	}
+}
+
+// hasModuleFile reports whether dir contains a go.mod whose first "module"
+// directive matches moduleName.
+func hasModuleFile(dir string) bool {
+	f, err := os.Open(filepath.Clean(filepath.Join(dir, "go.mod")))
+	if err != nil {
+		return false
+	}
+	defer f.Close()
+
+	scanner := bufio.NewScanner(f)
+	for scanner.Scan() {
+		line := strings.TrimSpace(scanner.Text())
+		if after, ok := strings.CutPrefix(line, "module "); ok {
+			return strings.TrimSpace(after) == moduleName
+		}
+	}
+	return false
 }

bad-data/libmaxminddb/libmaxminddb-deep-array-nesting.mmdb

@@ -0,0 +1,159 @@
+package writer
+
+import (
+	"fmt"
+	"net/netip"
+	"os"
+	"path/filepath"
+
+	"github.com/maxmind/mmdbwriter"
+	"github.com/maxmind/mmdbwriter/mmdbtype"
+	"go4.org/netipx"
+)
+
+// WriteBadDataDBs writes intentionally corrupt or extreme MMDB databases
+// for testing error handling in reader implementations.
+func (w *Writer) WriteBadDataDBs(target string) error {
+	//nolint:gosec // not security sensitive.
+	if err := os.MkdirAll(target, os.ModePerm); err != nil {
+		return fmt.Errorf("creating bad-data directory: %w", err)
+	}
+
+	// Raw binary databases — can't use mmdbwriter because the data is
+	// intentionally invalid or uses values mmdbwriter can't represent.
+	for _, db := range []struct {
+		name string
+		data []byte
+	}{
+		{"libmaxminddb-oversized-array.mmdb", buildOversizedArrayDB()},
+		{"libmaxminddb-oversized-map.mmdb", buildOversizedMapDB()},
+		{"libmaxminddb-uint64-max-epoch.mmdb", buildUint64MaxEpochDB()},
+		{"libmaxminddb-corrupt-search-tree.mmdb", buildCorruptSearchTreeDB()},
+	} {
+		if err := writeRawDB(target, db.name, db.data); err != nil {
+			return fmt.Errorf("writing %s: %w", db.name, err)
+		}
+	}
+
+	// Deep nesting uses mmdbwriter — structurally valid, just 600 levels deep.
+	if err := writeDeepNestingDB(target); err != nil {
+		return fmt.Errorf("writing deep nesting database: %w", err)
+	}
+
+	if err := writeDeepArrayNestingDB(target); err != nil {
+		return fmt.Errorf("writing deep array nesting database: %w", err)
+	}
+
+	return nil
+}
+
+func writeRawDB(dir, name string, data []byte) error {
+	path := filepath.Join(dir, name)
+	if err := os.WriteFile(path, data, 0o644); err != nil {
+		return fmt.Errorf("writing file: %w", err)
+	}
+	return nil
+}
+
+// writeDeepArrayNestingDB creates an MMDB with 600 levels of nested arrays.
+// This exceeds libmaxminddb's MAXIMUM_DATA_STRUCTURE_DEPTH (512) and
+// should trigger MMDB_INVALID_DATA_ERROR during data extraction.
+func writeDeepArrayNestingDB(dir string) (retErr error) {
+	dbWriter, err := mmdbwriter.New(
+		mmdbwriter.Options{
+			DatabaseType: "Test",
+			BuildEpoch:   1_000_000_000,
+			IPVersion:    4,
+			RecordSize:   24,
+		},
+	)
+	if err != nil {
+		return fmt.Errorf("creating mmdbwriter: %w", err)
+	}
+
+	// Build 600-level nested arrays: [[[... "x" ...]]]
+	const depth = 600
+	var value mmdbtype.DataType = mmdbtype.String("x")
+	for range depth {
+		value = mmdbtype.Slice{value}
+	}
+
+	for _, cidr := range []string{"0.0.0.0/1", "128.0.0.0/1"} {
+		prefix, err := netip.ParsePrefix(cidr)
+		if err != nil {
+			return fmt.Errorf("parsing prefix %s: %w", cidr, err)
+		}
+		if err := dbWriter.Insert(netipx.PrefixIPNet(prefix), value); err != nil {
+			return fmt.Errorf("inserting %s: %w", cidr, err)
+		}
+	}
+
+	path := filepath.Join(dir, "libmaxminddb-deep-array-nesting.mmdb")
+	outputFile, err := os.Create(filepath.Clean(path))
+	if err != nil {
+		return fmt.Errorf("creating file: %w", err)
+	}
+	defer func() {
+		if err := outputFile.Close(); err != nil && retErr == nil {
+			retErr = fmt.Errorf("closing file: %w", err)
+		}
+	}()
+
+	if _, err := dbWriter.WriteTo(outputFile); err != nil {
+		return fmt.Errorf("writing file: %w", err)
+	}
+
+	return nil
+}
+
+// writeDeepNestingDB creates an MMDB with 600 levels of nested maps.
+// This exceeds libmaxminddb's MAXIMUM_DATA_STRUCTURE_DEPTH (512) and
+// should trigger MMDB_INVALID_DATA_ERROR during data extraction.
+func writeDeepNestingDB(dir string) (retErr error) {
+	dbWriter, err := mmdbwriter.New(
+		mmdbwriter.Options{
+			DatabaseType: "Test",
+			BuildEpoch:   1_000_000_000,
+			IPVersion:    4,
+			RecordSize:   24,
+		},
+	)
+	if err != nil {
+		return fmt.Errorf("creating mmdbwriter: %w", err)
+	}
+
+	// Build 600-level nested structure: {"a": {"a": ... "x" ...}}
+	const depth = 600
+	var value mmdbtype.DataType = mmdbtype.String("x")
+	for range depth {
+		value = mmdbtype.Map{"a": value}
+	}
+
+	// Insert for 0.0.0.0/1 and 128.0.0.0/1 to cover all IPv4 addresses.
+	for _, cidr := range []string{"0.0.0.0/1", "128.0.0.0/1"} {
+		prefix, err := netip.ParsePrefix(cidr)
+		if err != nil {
+			return fmt.Errorf("parsing prefix %s: %w", cidr, err)
+		}
+		if err := dbWriter.Insert(netipx.PrefixIPNet(prefix), value); err != nil {
+			return fmt.Errorf("inserting %s: %w", cidr, err)
+		}
+	}
+
+	path := filepath.Join(dir, "libmaxminddb-deep-nesting.mmdb")
+	outputFile, err := os.Create(filepath.Clean(path))
+	if err != nil {
+		return fmt.Errorf("creating file: %w", err)
+	}
+	defer func() {
+		if err := outputFile.Close(); err != nil && retErr == nil {
+			retErr = fmt.Errorf("closing file: %w", err)
+		}
+	}()
+
+	if _, err := dbWriter.WriteTo(outputFile); err != nil {
+		return fmt.Errorf("writing file: %w", err)
+	}
+
+	return nil
+}