[jira] [Commented] (DISPATCH-2168) [http2] qdr_address_t use after free in system_tests_http2

Fri, 09 Jul 2021 05:03:04 -0700 


    [ 
https://issues.apache.org/jira/browse/DISPATCH-2168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17378029#comment-17378029
 ] 

Jiri Daněk commented on DISPATCH-2168:
--------------------------------------

https://github.com/jiridanek/qpid-dispatch/runs/3028646014?check_suite_focus=true#step:9:5353

> [http2] qdr_address_t use after free in system_tests_http2
> ----------------------------------------------------------
>
>                 Key: DISPATCH-2168
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-2168
>             Project: Qpid Dispatch
>          Issue Type: Test
>          Components: Protocol Adaptors
>    Affects Versions: 1.16.0
>            Reporter: Ganesh Murthy
>            Assignee: Ganesh Murthy
>            Priority: Major
>
> {noformat}
>       9: 
> ======================================================================
>       69: ERROR: test_zzz_http_connector_delete 
> (system_tests_http2.Http2TestOneInteriorRouter)
>       69: 
> ----------------------------------------------------------------------
>       69: Traceback (most recent call last):
>       69:   File 
> "/home/travis/build/apache/qpid-dispatch/tests/system_test.py", line 1196, in 
> __call__
>       69:     p.teardown()
>       69:   File 
> "/home/travis/build/apache/qpid-dispatch/tests/system_test.py", line 311, in 
> teardown
>       69:     error("exit code %s, expected %s" % (status, self.expect))
>       69:   File 
> "/home/travis/build/apache/qpid-dispatch/tests/system_test.py", line 299, in 
> error
>       69:     raise RuntimeError("Process %s error: %s\n%s\n%s\n>>>>\n%s<<<<" 
> % (
>       69: RuntimeError: Process 18299 error: exit code 1, expected 0
>       69: qdmanage QUERY --type=org.apache.qpid.dispatch.httpConnector --bus 
> amqp://0.0.0.0:28091 --indent=-1 --timeout 300.0
>       69: 
> /home/travis/build/apache/qpid-dispatch/build/tests/system_test.dir/system_tests_http2/Http2TestOneInteriorRouter/test_zzz_http_connector_delete/qdmanage-124.cmd
>       69: >>>>
>       69: <<<<
>       69: 
>       69: During handling of the above exception, another exception occurred:
>       69: 
>       69: Traceback (most recent call last):
>       69:   File 
> "/home/travis/build/apache/qpid-dispatch/tests/system_test.py", line 924, in 
> wrap
>       69:     return f(*args, **kwargs)
>       69:   File 
> "/home/travis/build/apache/qpid-dispatch/tests/system_tests_http2.py", line 
> 450, in test_zzz_http_connector_delete
>       69:     
> self.check_connector_delete(client_addr=self.router_qdra.http_addresses[0],
>       69:   File 
> "/home/travis/build/apache/qpid-dispatch/tests/system_tests_http2.py", line 
> 247, in check_connector_delete
>       69:     http_connectors  = 
> qd_manager.query('org.apache.qpid.dispatch.httpConnector')
>       69:   File 
> "/home/travis/build/apache/qpid-dispatch/tests/system_test.py", line 1228, in 
> query
>       69:     return json.loads(self('QUERY --type=%s' % long_type))
>       69:   File 
> "/home/travis/build/apache/qpid-dispatch/tests/system_test.py", line 1198, in 
> __call__
>       69:     raise Exception("%s\n%s" % (e, out))
>       69: Exception: Process 18299 error: exit code 1, expected 0
>       69: qdmanage QUERY --type=org.apache.qpid.dispatch.httpConnector --bus 
> amqp://0.0.0.0:28091 --indent=-1 --timeout 300.0
>       69: 
> /home/travis/build/apache/qpid-dispatch/build/tests/system_test.dir/system_tests_http2/Http2TestOneInteriorRouter/test_zzz_http_connector_delete/qdmanage-124.cmd
>       69: >>>>
>       69: <<<<
>       69: ConnectionException: Connection amqp://0.0.0.0:28091 disconnected: 
> Condition('proton.pythonio', 'Connection refused to all addresses')
>       69: 
>       69: 
>       69: 
> ======================================================================
>       69: ERROR: tearDownClass (system_tests_http2.Http2TestOneInteriorRouter)
>       69: 
> ----------------------------------------------------------------------
>       69: Traceback (most recent call last):
>       69:   File 
> "/home/travis/build/apache/qpid-dispatch/tests/system_test.py", line 865, in 
> tearDownClass
>       69:     cls.tester.teardown()
>       69:   File 
> "/home/travis/build/apache/qpid-dispatch/tests/system_test.py", line 808, in 
> teardown
>       69:     raise RuntimeError("Errors during teardown: \n\n%s" % 
> "\n\n".join([str(e) for e in errors]))
>       69: RuntimeError: Errors during teardown: 
>       69: 
>       69: Process 18274 error: exit code 1, expected -1
>       69: qdrouterd -c http2-test-router.conf -I 
> /home/travis/build/apache/qpid-dispatch/python
>       69: 
> /home/travis/build/apache/qpid-dispatch/build/tests/system_test.dir/system_tests_http2/Http2TestOneInteriorRouter/setUpClass/http2-test-router-47.cmd
>       69: >>>>
>       69: =================================================================
>       69: ==18274==ERROR: AddressSanitizer: use-after-poison on address 
> 0x6160000db4e8 at pc 0x7fabfdcc70c1 bp 0x7fabf75151d0 sp 0x7fabf75151c8
>       69: READ of size 4 at 0x6160000db4e8 thread T1
>       69:     #0 0x7fabfdcc70c0 in qdr_link_inbound_detach_CT 
> /home/travis/build/apache/qpid-dispatch/src/router_core/connections.c:2046:24
>       69:     #1 0x7fabfdd5761f in router_core_thread 
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core_thread.c:239:13
>       69:     #2 0x7fabfd833608 in start_thread 
> (/lib/x86_64-linux-gnu/libpthread.so.0+0x9608)
>       69:     #3 0x7fabfd05e292 in clone 
> (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
>       69: 
>       69: 0x6160000db4e8 is located 360 bytes inside of 576-byte region 
> [0x6160000db380,0x6160000db5c0)
>       69: allocated by thread T1 here:
>       69:     #0 0x498177 in posix_memalign 
> (/home/travis/build/apache/qpid-dispatch/build/router/qdrouterd+0x498177)
>       69:     #1 0x7fabfdbc9b7e in qd_alloc 
> /home/travis/build/apache/qpid-dispatch/src/alloc_pool.c:396:13
>       69:     #2 0x7fabfdd491d8 in new_qdr_address_t 
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:31:1
>       69:     #3 0x7fabfdd491d8 in qdr_address_CT 
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:469:27
>       69:     #4 0x7fabfdd61133 in qdr_subscribe_CT 
> /home/travis/build/apache/qpid-dispatch/src/router_core/route_tables.c:643:20
>       69:     #5 0x7fabfdd5761f in router_core_thread 
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core_thread.c:239:13
>       69:     #6 0x7fabfd833608 in start_thread 
> (/lib/x86_64-linux-gnu/libpthread.so.0+0x9608)
>       69: 
>       69: Thread T1 created by T0 here:
>       69:     #0 0x481a1c in pthread_create 
> (/home/travis/build/apache/qpid-dispatch/build/router/qdrouterd+0x481a1c)
>       69:     #1 0x7fabfdc817d9 in sys_thread 
> /home/travis/build/apache/qpid-dispatch/src/posix/threading.c:181:5
>       69:     #2 0x7fabfdd36520 in qdr_core 
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:124:20
>       69:     #3 0x7fabfddc5858 in qd_router_setup_late 
> /home/travis/build/apache/qpid-dispatch/src/router_node.c:2124:31
>       69:     #4 0x7fabf9308ff4  (/lib/x86_64-linux-gnu/libffi.so.7+0x6ff4)
>       69: LLVMSymbolizer: error reading file: No such file or directory
>       69:     #5 0x7fffd86b144f  ([stack]+0x1f44f)
>       69: 
>       69: SUMMARY: AddressSanitizer: use-after-poison 
> /home/travis/build/apache/qpid-dispatch/src/router_core/connections.c:2046:24 
> in qdr_link_inbound_detach_CT
>       69: Shadow bytes around the buggy address:
>       69:   0x0c2c80013640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>       69:   0x0c2c80013650: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
>       69:   0x0c2c80013660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>       69:   0x0c2c80013670: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>       69:   0x0c2c80013680: 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
>       69: =>0x0c2c80013690: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7[f7]f7 f7
>       69:   0x0c2c800136a0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
>       69:   0x0c2c800136b0: f7 f7 f7 f7 f7 f7 00 00 fa fa fa fa fa fa fa fa
>       69:   0x0c2c800136c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>       69:   0x0c2c800136d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>       69:   0x0c2c800136e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>       69: Shadow byte legend (one shadow byte represents 8 application bytes):
>       69:   Addressable:           00
>       69:   Partially addressable: 01 02 03 04 05 06 07 
>       69:   Heap left redzone:       fa
>       69:   Freed heap region:       fd
>       69:   Stack left redzone:      f1
>       69:   Stack mid redzone:       f2
>       69:   Stack right redzone:     f3
>       69:   Stack after return:      f5
>       69:   Stack use after scope:   f8
>       69:   Global redzone:          f9
>       69:   Global init order:       f6
>       69:   Poisoned by user:        f7
>       69:   Container overflow:      fc
>       69:   Array cookie:            ac
>       69:   Intra object redzone:    bb
>       69:   ASan internal:           fe
>       69:   Left alloca redzone:     ca
>       69:   Right alloca redzone:    cb
>       69:   Shadow gap:              cc
>       69: ==18274==ABORTING
>       69: <<<< {noformat}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to