[
https://issues.apache.org/jira/browse/DISPATCH-2206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17442312#comment-17442312
]
ASF GitHub Bot commented on DISPATCH-2206:
------------------------------------------
ganeshmurthy closed pull request #1432:
URL: https://github.com/apache/qpid-dispatch/pull/1432
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
> ASAN use-after-free of qdr_link_t by I/O thread
> -----------------------------------------------
>
> Key: DISPATCH-2206
> URL: https://issues.apache.org/jira/browse/DISPATCH-2206
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Router Node
> Affects Versions: 1.16.1
> Reporter: Ken Giusti
> Priority: Major
> Labels: asan
> Fix For: 1.19.0
>
>
> [https://github.com/apache/qpid-dispatch/blob/main/src/router_core/connections.c#L1344]
>
> {{27: ==3859==ERROR: AddressSanitizer: use-after-poison on address
> 0x61700017e030 at pc 0x56212343cdac bp 0x7f9d33c40c90 sp 0x7f9d33c40c80 }}
> {{ }}{{}}
> 27: READ of size 8 at 0x61700017e030 thread T2
> {{}}{{}}{{}}{{}}{{}}{{}}{{}}{{}}{{}}{{}}{{}}{{}}{{ }}{{}}
> 27: #0 0x56212343cdab in qdr_link_get_context
> ../src/router_core/connections.c:498
> {{}}{{ }}{{}}
> 27: #1 0x56212352ec25 in CORE_link_second_attach ../src/router_node.c:1729
> {{}}{{ }}{{}}
> 27: #2 0x5621234388df in qdr_connection_process
> ../src/router_core/connections.c:355
> {{}}{{ }}{{}}
> 27: #3 0x56212338eccf in writable_handler ../src/container.c:396
> {{}}{{ }}{{}}
> 27: #4 0x56212338eccf in qd_container_handle_event ../src/container.c:748
> {{}}{{ }}{{}}
> 27: #5 0x562123547289 in handle ../src/server.c:1108
> {{}}{{ }}{{}}
> 27: #6 0x562123554c9f in thread_run ../src/server.c:1133
> {{}}{{ }}{{}}
> 27: #7 0x7f9d3ba6c608 in start_thread
> (/lib/x86_64-linux-gnu/libpthread.so.0+0x9608)
> {{}}{{ }}{{}}
> 27: #8 0x7f9d3ac33292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
> {{}}{{ }}{{}}
> 27:
> {{}}{{ }}{{}}
> 27: 0x61700017e030 is located 176 bytes inside of 704-byte region
> [0x61700017df80,0x61700017e240)
> {{}}{{ }}{{}}
> 27: allocated by thread T2 here:
> {{}}{{ }}{{}}
> 27: #0 0x7f9d3bfd9aa5 in posix_memalign
> (/lib/x86_64-linux-gnu/libasan.so.5+0x10eaa5)
> {{}}{{ }}{{}}
> 27: #1 0x5621233247b0 in qd_alloc ../src/alloc_pool.c:396
> {{}}{{ }}{{}}
> 27: #2 0x56212343d4c9 in qdr_link_first_attach
> ../src/router_core/connections.c:592
> {{}}{{ }}{{}}
> 27: #3 0x56212352dde9 in AMQP_outgoing_link_handler
> ../src/router_node.c:1018
> {{}}{{ }}{{}}
> 27: #4 0x562123547289 in handle ../src/server.c:1108
> {{}}{{ }}{{}}
> 27: #5 0x562123554c9f in thread_run ../src/server.c:1133
> {{}}{{ }}{{}}
> 27: #6 0x7f9d3ba6c608 in start_thread
> (/lib/x86_64-linux-gnu/libpthread.so.0+0x9608)
> {{}}{{ }}{{}}
> 27:
> {{}}{{ }}{{}}
> 27: Thread T2 created by T0 here:
> {{}}{{ }}{{}}
> 27: #0 0x7f9d3bf05805 in pthread_create
> (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
> {{}}{{ }}{{}}
> 27: #1 0x562123403bcf in sys_thread ../src/posix/threading.c:181
> {{}}{{ }}{{}}
> 27: #2 0x56212355541e in qd_server_run ../src/server.c:1522
> {{}}{{ }}{{}}
> 27: #3 0x56212359f46c in main_process ../router/src/main.c:115
> {{}}{{ }}{{}}
> 27: #4 0x56212329bc50 in main ../router/src/main.c:369
> {{}}{{ }}{{}}
> 27: #5 0x7f9d3ab380b2 in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
> {{}}{{ }}{{}}
> 27:
> {{}}{{ }}{{}}
> 27: SUMMARY: AddressSanitizer: use-after-poison
> ../src/router_core/connections.c:498 in qdr_link_get_context
> {{}}{{ }}{{}}
> 27: Shadow bytes around the buggy address:
> {{}}{{ }}{{}}
> 27: 0x0c2e80027bb0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
> {{}}{{ }}{{}}
> 27: 0x0c2e80027bc0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
> {{}}{{ }}{{}}
> 27: 0x0c2e80027bd0: f7 f7 f7 f7 f7 f7 f7 00 fa fa fa fa fa fa fa fa
> {{}}{{ }}{{}}
> 27: 0x0c2e80027be0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> {{}}{{ }}{{}}
> 27: 0x0c2e80027bf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> {{}}{{ }}{{}}
> 27: =>0x0c2e80027c00: 00 00 f7 f7 f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7
> {{}}{{ }}{{}}
> 27: 0x0c2e80027c10: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
> {{}}{{ }}{{}}
> 27: 0x0c2e80027c20: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
> {{}}{{ }}{{}}
> 27: 0x0c2e80027c30: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
> {{}}{{ }}{{}}
> 27: 0x0c2e80027c40: f7 f7 f7 f7 f7 f7 f7 00 fa fa fa fa fa fa fa fa
> {{}}{{ }}{{}}
> 27: 0x0c2e80027c50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> {{}}{{ }}{{}}
> 27: Shadow byte legend (one shadow byte represents 8 application bytes):
> {{}}{{ }}{{}}
> 27: Addressable: 00
> {{}}{{ }}{{}}
> 27: Partially addressable: 01 02 03 04 05 06 07
> {{}}{{ }}{{}}
> 27: Heap left redzone: fa
> {{}}{{ }}{{}}
> 27: Freed heap region: fd
> {{}}{{ }}{{}}
> 27: Stack left redzone: f1
> {{}}{{ }}{{}}
> 27: Stack mid redzone: f2
> {{}}{{ }}{{}}
> 27: Stack right redzone: f3
> {{}}{{ }}{{}}
> 27: Stack after return: f5
> {{}}{{ }}{{}}
> 27: Stack use after scope: f8
> {{}}{{ }}{{}}
> 27: Global redzone: f9
> {{}}{{ }}{{}}
> 27: Global init order: f6
> {{}}{{ }}{{}}
> 27: Poisoned by user: f7
> {{}}{{ }}{{}}
> 27: Container overflow: fc
> {{}}{{ }}{{}}
> 27: Array cookie: ac
> {{}}{{ }}{{}}
> 27: Intra object redzone: bb
> {{}}{{ }}{{}}
> 27: ASan internal: fe
> {{}}{{ }}{{}}
> 27: Left alloca redzone: ca
> {{}}{{ }}{{}}
> 27: Right alloca redzone: cb
> {{}}{{ }}{{}}
> 27: Shadow gap: cc
> {{}}{{ }}{{}}
> 27: ==3859==ABORTING
> {{}}{{ }}{{27: }}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
