[jira] [Created] (THRIFT-4946) Memory corruption in SecurityTest

Mon, 02 Sep 2019 00:59:34 -0700 

Mario Emmenlauer created THRIFT-4946:
----------------------------------------

             Summary: Memory corruption in SecurityTest
                 Key: THRIFT-4946
                 URL: https://issues.apache.org/jira/browse/THRIFT-4946
             Project: Thrift
          Issue Type: Bug
    Affects Versions: 0.12.0
         Environment:  * thrift latest master
 * Operating Systems and Compilers:
    * VS2017 x64
    * VS2019 x64
    * macOS 10.13
    * Ubuntu 18.04 x86_64
 * OpenSSL 1.1.1c (current latest official)
            Reporter: Mario Emmenlauer


We observe a memory corruption in SecurityTest. The issue is not fully 
reproducible: it appears on average in 1 out of 10 executions. However it is 
not dependent on the environment because can reproduce the problem on Windows 
VS2017 x64, VS2019 x64, macOS 10.13, and Ubuntu 18.04 x86_64.

On Linux the issue is often reported as:
{code}
[...]
TEST: Server = TLSv1_2, Client = TLSv1_1
CLI 7f1be2eaa700 Exception: SSL_connect: tlsv1 alert protocol version 
(SSL_error_code = 1)
Thrift: Mon Sep  2 07:51:32 2019 SSL_shutdown: shutdown while in init 
(SSL_error_code = 1)
SRV 7f1be38bd700 Exception: SSL_accept: error code: 0 (SSL_error_code = 5) 
error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
Thrift: Mon Sep  2 07:51:32 2019 SSL_shutdown: shutdown while in init 
(SSL_error_code = 1)
double free or corruption (out)
unknown location(0): fatal error: in "SecurityTest/ssl_security_matrix": 
signal: SIGABRT (application abort requested)
/builds/thrift/lib/cpp/test/SecurityTest.cpp(173): last checkpoint
{code}

But other forms also appear, for example:
{code}
[...]
Thrift: Mon Sep  2 07:50:53 2019 SSL_shutdown: shutdown while in init 
(SSL_error_code = 1)
TEST: Server = TLSv1_2, Client = TLSv1_2
corrupted size vs. prev_size
{code}

We tried to isolate a call stack for the problem but have failed so far. The 
boost message log does not always point to the same protocol combination. We 
executed the test in `valgrind` but it does never crash there.

This could indicate a multi-threading issue with the creation of server and 
client in the test?



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

Reply via email to