[jira] [Created] (DISPATCH-2158) AddressSanitizer: use-after-poison in qdr_core_delete_link_route during system_tests_edge_router

Wed, 26 May 2021 23:43:09 -0700 

Jiri Daněk created DISPATCH-2158:
------------------------------------

             Summary:  AddressSanitizer: use-after-poison in 
qdr_core_delete_link_route during system_tests_edge_router
                 Key: DISPATCH-2158
                 URL: https://issues.apache.org/jira/browse/DISPATCH-2158
             Project: Qpid Dispatch
          Issue Type: Bug
    Affects Versions: 1.17.0
            Reporter: Jiri Daněk


https://travis-ci.com/github/apache/qpid-dispatch/jobs/508201388#L7343

{noformat}
55: ==15370==ERROR: AddressSanitizer: use-after-poison on address 
0x6160001042e8 at pc 0x7f63a25b1959 bp 0x7ffc39441730 sp 0x7ffc39441720
55: READ of size 4 at 0x6160001042e8 thread T0
55:     #0 0x7f63a25b1958 in qdr_core_delete_link_route 
/home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:565
55:     #1 0x7f63a25ac33c in qdr_core_free 
/home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:286
55:     #2 0x7f63a26236ae in qd_router_free 
/home/travis/build/apache/qpid-dispatch/src/router_node.c:2160
55:     #3 0x7f63a24b07b8 in qd_dispatch_free 
/home/travis/build/apache/qpid-dispatch/src/dispatch.c:375
55:     #4 0x401de2 in main_process 
/home/travis/build/apache/qpid-dispatch/router/src/main.c:119
55:     #5 0x403927 in main 
/home/travis/build/apache/qpid-dispatch/router/src/main.c:369
55:     #6 0x7f63a0e1082f in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
55:     #7 0x401ad8 in _start 
(/home/travis/build/apache/qpid-dispatch/build/router/qdrouterd+0x401ad8)
55: 
55: 0x6160001042e8 is located 360 bytes inside of 576-byte region 
[0x616000104180,0x6160001043c0)
55: allocated by thread T1 here:
55:     #0 0x7f63a2d53076 in __interceptor_posix_memalign 
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99076)
55:     #1 0x7f63a247d369 in qd_alloc 
/home/travis/build/apache/qpid-dispatch/src/alloc_pool.c:396
55:     #2 0x7f63a25a583f in new_qdr_address_t 
/home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:31
55:     #3 0x7f63a25af82b in qdr_address_CT 
/home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:461
55:     #4 0x7f63a25c9b28 in qdr_subscribe_CT 
/home/travis/build/apache/qpid-dispatch/src/router_core/route_tables.c:643
55:     #5 0x7f63a25c0ff1 in router_core_thread 
/home/travis/build/apache/qpid-dispatch/src/router_core/router_core_thread.c:239
55:     #6 0x7f63a25112b4 in _thread_init 
/home/travis/build/apache/qpid-dispatch/src/posix/threading.c:172
55:     #7 0x7f63a1ece6b9 in start_thread 
(/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
55: 
55: Thread T1 created by T0 here:
55:     #0 0x7f63a2cf0253 in pthread_create 
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
55:     #1 0x7f63a25113b8 in sys_thread 
/home/travis/build/apache/qpid-dispatch/src/posix/threading.c:181
55:     #2 0x7f63a25a6e27 in qdr_core 
/home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:124
55:     #3 0x7f63a2623281 in qd_router_setup_late 
/home/travis/build/apache/qpid-dispatch/src/router_node.c:2123
55:     #4 0x7f639aa58e3f in ffi_call_unix64 
(/usr/lib/x86_64-linux-gnu/libffi.so.6+0x5e3f)
55:     #5 0x7ffc394411cf  (<unknown module>)
55: 
55: SUMMARY: AddressSanitizer: use-after-poison 
/home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:565 
qdr_core_delete_link_route
55: Shadow bytes around the buggy address:
55:   0x0c2c80018800: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
55:   0x0c2c80018810: f7 f7 f7 f7 f7 f7 00 00 fa fa fa fa fa fa fa fa
55:   0x0c2c80018820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
55:   0x0c2c80018830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
55:   0x0c2c80018840: 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
55: =>0x0c2c80018850: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7[f7]f7 f7
55:   0x0c2c80018860: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
55:   0x0c2c80018870: f7 f7 f7 f7 f7 f7 00 00 fa fa fa fa fa fa fa fa
55:   0x0c2c80018880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
55:   0x0c2c80018890: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
55:   0x0c2c800188a0: 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
55: Shadow byte legend (one shadow byte represents 8 application bytes):
55:   Addressable:           00
55:   Partially addressable: 01 02 03 04 05 06 07 
55:   Heap left redzone:       fa
55:   Heap right redzone:      fb
55:   Freed heap region:       fd
55:   Stack left redzone:      f1
55:   Stack mid redzone:       f2
55:   Stack right redzone:     f3
55:   Stack partial redzone:   f4
55:   Stack after return:      f5
55:   Stack use after scope:   f8
55:   Global redzone:          f9
55:   Global init order:       f6
55:   Poisoned by user:        f7
55:   Container overflow:      fc
55:   Array cookie:            ac
55:   Intra object redzone:    bb
55:   ASan internal:           fe
55: ==15370==ABORTING
55: <<<<
55: 
55: ----------------------------------------------------------------------
55: Ran 89 tests in 628.294s
55: 
55: FAILED (errors=3)
55/72 Test #55: system_tests_edge_router ..........................***Failed  
628.47 sec
{noformat}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to