qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jiri Daněk (JIRA) <j...@apache.org>
Subject [jira] [Created] (DISPATCH-849) heap-use-after-free ../src/alloc_pool.c:338 in qd_alloc_finalize
Date Wed, 04 Oct 2017 21:15:00 GMT
Jiri Daněk created DISPATCH-849:
-----------------------------------

             Summary: heap-use-after-free ../src/alloc_pool.c:338 in qd_alloc_finalize
                 Key: DISPATCH-849
                 URL: https://issues.apache.org/jira/browse/DISPATCH-849
             Project: Qpid Dispatch
          Issue Type: Bug
          Components: Tests
    Affects Versions: 1.1.0
         Environment: Git tip of Proton and Dtspatch, commit hashes follow

{noformat}
commit aece4ad2f4e4eb2d141020c59c393a30a79f53a9 (upstream/master)
Author: Andrew Stitcher <astitcher@apache.org>

    PROTON-1609: Fix C++ example flags
{noformat}
{noformat}
commit 18c5f8d6293de4227c8c17ef08675cb4eaef689c (HEAD -> master, upstream/master)
Author: Ganesh Murthy <gmurthy@redhat.com>

    NO-JIRA - Removed accidental printf inclusion
{noformat}
            Reporter: Jiri Daněk
            Priority: Minor


Compile Proton and Dispatch with sanitizers, same way as in DISPATCH-848. Then run test #13
by executing

{noformat}
LD_PRELOAD=/nix/store/zahs1kwq4742f6l6h7yy4mdj44zzc1kd-gcc-7-20170409-lib/lib/libasan.so ASAN_OPTIONS=symbolize=1,color=always
LSAN_OPTIONS=suppressions=`pwd`/../../qpid-proton/LSan.supp PYTHONPATH=`pwd`/../../qpid-proton/install_asan/lib64/proton/bindings/python
LD_LIBRARY_PATH=`pwd`/../../qpid-proton/install_asan/lib64 ctest -VV -R system_tests_link_routes
{noformat}

In the output, the following can be seen

{noformat}
[...]
13: Process 29106 error: exit code 1, expected 0
13: qdrouterd -c C.conf -I /home/jdanek/Work/repos/qpid-dispatch/python
13: /home/jdanek/Work/repos/qpid-dispatch/build_asan/tests/system_test.dir/system_tests_link_routes/LinkRouteTest/setUpClass/C-3.cmd
13: >>>>
13: ../src/message.c:925:38: runtime error: load of value 190, which is not a valid value
for type '_Bool'
13: =================================================================
13: ==29106==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000034340 at pc
0x7f4a7391c5be bp 0x7ffe069d5fd0 sp 0x7ffe069d5fc8
13: WRITE of size 8 at 0x611000034340 thread T0
13:     #0 0x7f4a7391c5bd in qd_alloc_finalize ../src/alloc_pool.c:338
13:     #1 0x7f4a7385543e in qd_dispatch_free ../src/dispatch.c:308
13:     #2 0x4021bf in main_process ../router/src/main.c:115
13:     #3 0x401d83 in main ../router/src/main.c:318
13:     #4 0x7f4a7134655f in __libc_start_main (/nix/store/zpg78y1mf0di6127q6r51kgx2q8cxsvv-glibc-2.25-49/lib/libc.so.6+0x2055f)
13:     #5 0x402029 in _start (/home/jdanek/Work/repos/qpid-dispatch/build_asan/router/qdrouterd+0x402029)
13: 
13: 0x611000034340 is located 0 bytes inside of 192-byte region [0x611000034340,0x611000034400)
13: freed by thread T0 here:
13:     #0 0x7f4a73dd0cf8 in free (/nix/store/zahs1kwq4742f6l6h7yy4mdj44zzc1kd-gcc-7-20170409-lib/lib/libasan.so+0xd8cf8)
13:     #1 0x7f4a7391b4d2 in qd_alloc_finalize ../src/alloc_pool.c:339
13:     #2 0x7f4a7385543e in qd_dispatch_free ../src/dispatch.c:308
13:     #3 0x4021bf in main_process ../router/src/main.c:115
13:     #4 0x401d83 in main ../router/src/main.c:318
13:     #5 0x7f4a7134655f in __libc_start_main (/nix/store/zpg78y1mf0di6127q6r51kgx2q8cxsvv-glibc-2.25-49/lib/libc.so.6+0x2055f)
13: 
13: previously allocated by thread T4 here:
13:     #0 0x7f4a73dd1b88 in __interceptor_posix_memalign (/nix/store/zahs1kwq4742f6l6h7yy4mdj44zzc1kd-gcc-7-20170409-lib/lib/libasan.so+0xd9b88)
13:     #1 0x7f4a739148ea in qd_alloc ../src/alloc_pool.c:182
13:     #2 0x7f4a7386d001 in qd_message ../src/message.c:835
13:     #3 0x7f4a738926f3 in qd_python_send ../src/python_embedded.c:605
13:     #4 0x7f4a726f43d6 in PyEval_EvalFrameEx (/nix/store/1snk2wkpv97an87pk1842fgskl1vqhkr-python-2.7.14/lib/libpython2.7.so.1.0+0xe53d6)
13: 
13: Thread T4 created by T0 here:
13:     #0 0x7f4a73d2e7c0 in __interceptor_pthread_create (/nix/store/zahs1kwq4742f6l6h7yy4mdj44zzc1kd-gcc-7-20170409-lib/lib/libasan.so+0x367c0)
13:     #1 0x7f4a7388f2a9 in sys_thread ../src/posix/threading.c:158
13:     #2 0x7f4a7390aa01 in qd_server_run ../src/server.c:1157
13:     #3 0x4021a8 in main_process ../router/src/main.c:111
13:     #4 0x401d83 in main ../router/src/main.c:318
13:     #5 0x7f4a7134655f in __libc_start_main (/nix/store/zpg78y1mf0di6127q6r51kgx2q8cxsvv-glibc-2.25-49/lib/libc.so.6+0x2055f)
13: 
13: SUMMARY: AddressSanitizer: heap-use-after-free ../src/alloc_pool.c:338 in qd_alloc_finalize
13: Shadow bytes around the buggy address:
13:   0x0c227fffe810: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
13:   0x0c227fffe820: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
13:   0x0c227fffe830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
13:   0x0c227fffe840: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
13:   0x0c227fffe850: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
13: =>0x0c227fffe860: fa fa fa fa fa fa fa fa[fd]fd fd fd fd fd fd fd
13:   0x0c227fffe870: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
13:   0x0c227fffe880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
13:   0x0c227fffe890: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
13:   0x0c227fffe8a0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
13:   0x0c227fffe8b0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
13: Shadow byte legend (one shadow byte represents 8 application bytes):
13:   Addressable:           00
13:   Partially addressable: 01 02 03 04 05 06 07 
13:   Heap left redzone:       fa
13:   Freed heap region:       fd
13:   Stack left redzone:      f1
13:   Stack mid redzone:       f2
13:   Stack right redzone:     f3
13:   Stack after return:      f5
13:   Stack use after scope:   f8
13:   Global redzone:          f9
13:   Global init order:       f6
13:   Poisoned by user:        f7
13:   Container overflow:      fc
13:   Array cookie:            ac
13:   Intra object redzone:    bb
13:   ASan internal:           fe
13:   Left alloca redzone:     ca
13:   Right alloca redzone:    cb
13: ==29106==ABORTING
[...]
{noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message