[jira] [Resolved] (DISPATCH-2158) AddressSanitizer: use-after-poison in qdr_core_delete_link_route during system_tests_edge_router

Thu, 03 Jun 2021 06:46:09 -0700 


     [ 
https://issues.apache.org/jira/browse/DISPATCH-2158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ganesh Murthy resolved DISPATCH-2158.
-------------------------------------
    Fix Version/s: 1.17.0
       Resolution: Fixed

>  AddressSanitizer: use-after-poison in qdr_core_delete_link_route during 
> system_tests_edge_router
> -------------------------------------------------------------------------------------------------
>
>                 Key: DISPATCH-2158
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-2158
>             Project: Qpid Dispatch
>          Issue Type: Bug
>    Affects Versions: 1.17.0
>            Reporter: Jiri Daněk
>            Priority: Major
>              Labels: asan, memory-bug
>             Fix For: 1.17.0
>
>
> https://travis-ci.com/github/apache/qpid-dispatch/jobs/508201388#L7343
> {noformat}
> 55: ==15370==ERROR: AddressSanitizer: use-after-poison on address 
> 0x6160001042e8 at pc 0x7f63a25b1959 bp 0x7ffc39441730 sp 0x7ffc39441720
> 55: READ of size 4 at 0x6160001042e8 thread T0
> 55:     #0 0x7f63a25b1958 in qdr_core_delete_link_route 
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:565
> 55:     #1 0x7f63a25ac33c in qdr_core_free 
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:286
> 55:     #2 0x7f63a26236ae in qd_router_free 
> /home/travis/build/apache/qpid-dispatch/src/router_node.c:2160
> 55:     #3 0x7f63a24b07b8 in qd_dispatch_free 
> /home/travis/build/apache/qpid-dispatch/src/dispatch.c:375
> 55:     #4 0x401de2 in main_process 
> /home/travis/build/apache/qpid-dispatch/router/src/main.c:119
> 55:     #5 0x403927 in main 
> /home/travis/build/apache/qpid-dispatch/router/src/main.c:369
> 55:     #6 0x7f63a0e1082f in __libc_start_main 
> (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
> 55:     #7 0x401ad8 in _start 
> (/home/travis/build/apache/qpid-dispatch/build/router/qdrouterd+0x401ad8)
> 55: 
> 55: 0x6160001042e8 is located 360 bytes inside of 576-byte region 
> [0x616000104180,0x6160001043c0)
> 55: allocated by thread T1 here:
> 55:     #0 0x7f63a2d53076 in __interceptor_posix_memalign 
> (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99076)
> 55:     #1 0x7f63a247d369 in qd_alloc 
> /home/travis/build/apache/qpid-dispatch/src/alloc_pool.c:396
> 55:     #2 0x7f63a25a583f in new_qdr_address_t 
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:31
> 55:     #3 0x7f63a25af82b in qdr_address_CT 
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:461
> 55:     #4 0x7f63a25c9b28 in qdr_subscribe_CT 
> /home/travis/build/apache/qpid-dispatch/src/router_core/route_tables.c:643
> 55:     #5 0x7f63a25c0ff1 in router_core_thread 
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core_thread.c:239
> 55:     #6 0x7f63a25112b4 in _thread_init 
> /home/travis/build/apache/qpid-dispatch/src/posix/threading.c:172
> 55:     #7 0x7f63a1ece6b9 in start_thread 
> (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
> 55: 
> 55: Thread T1 created by T0 here:
> 55:     #0 0x7f63a2cf0253 in pthread_create 
> (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
> 55:     #1 0x7f63a25113b8 in sys_thread 
> /home/travis/build/apache/qpid-dispatch/src/posix/threading.c:181
> 55:     #2 0x7f63a25a6e27 in qdr_core 
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:124
> 55:     #3 0x7f63a2623281 in qd_router_setup_late 
> /home/travis/build/apache/qpid-dispatch/src/router_node.c:2123
> 55:     #4 0x7f639aa58e3f in ffi_call_unix64 
> (/usr/lib/x86_64-linux-gnu/libffi.so.6+0x5e3f)
> 55:     #5 0x7ffc394411cf  (<unknown module>)
> 55: 
> 55: SUMMARY: AddressSanitizer: use-after-poison 
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:565 
> qdr_core_delete_link_route
> 55: Shadow bytes around the buggy address:
> 55:   0x0c2c80018800: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
> 55:   0x0c2c80018810: f7 f7 f7 f7 f7 f7 00 00 fa fa fa fa fa fa fa fa
> 55:   0x0c2c80018820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 55:   0x0c2c80018830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 55:   0x0c2c80018840: 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
> 55: =>0x0c2c80018850: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7[f7]f7 f7
> 55:   0x0c2c80018860: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
> 55:   0x0c2c80018870: f7 f7 f7 f7 f7 f7 00 00 fa fa fa fa fa fa fa fa
> 55:   0x0c2c80018880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 55:   0x0c2c80018890: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 55:   0x0c2c800188a0: 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
> 55: Shadow byte legend (one shadow byte represents 8 application bytes):
> 55:   Addressable:           00
> 55:   Partially addressable: 01 02 03 04 05 06 07 
> 55:   Heap left redzone:       fa
> 55:   Heap right redzone:      fb
> 55:   Freed heap region:       fd
> 55:   Stack left redzone:      f1
> 55:   Stack mid redzone:       f2
> 55:   Stack right redzone:     f3
> 55:   Stack partial redzone:   f4
> 55:   Stack after return:      f5
> 55:   Stack use after scope:   f8
> 55:   Global redzone:          f9
> 55:   Global init order:       f6
> 55:   Poisoned by user:        f7
> 55:   Container overflow:      fc
> 55:   Array cookie:            ac
> 55:   Intra object redzone:    bb
> 55:   ASan internal:           fe
> 55: ==15370==ABORTING
> 55: <<<<
> 55: 
> 55: ----------------------------------------------------------------------
> 55: Ran 89 tests in 628.294s
> 55: 
> 55: FAILED (errors=3)
> 55/72 Test #55: system_tests_edge_router ..........................***Failed  
> 628.47 sec
> {noformat}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to