ASAN reported a heap use after free problem.
```
==32688==ERROR: AddressSanitizer: heap-use-after-free on address 0x61d002f26b22
at pc 0x000000664d4d bp 0x2b15ec9b1e90 sp 0x2b15ec9b1e88
READ of size 2 at 0x61d002f26b22 thread T49 ([ET_NET 47])
#0 0x664d4c in http_hdr_status_get(HTTPHdrImpl*)
../../../../trafficserver/proxy/hdrs/HTTP.h:1191
#1 0x664db1 in HTTPHdr::status_get()
/var/builds/workspace/303642-v3-component/BUILD_CONTAINER/rhel6-gcc5_5/label/DOCKER-HIGH/app_root/_build/asan_build/../../trafficserver/proxy/hdrs/HTTP.h:1203
#2 0x8a8808 in HttpTransact::client_result_stat(HttpTransact::State*, long,
long) ../../../../trafficserver/proxy/http/HttpTransact.cc:8512
#3 0x81cf1d in HttpSM::update_stats()
../../../../trafficserver/proxy/http/HttpSM.cc:7196
#4 0x81ba7f in HttpSM::kill_this()
../../../../trafficserver/proxy/http/HttpSM.cc:7088
#5 0x7f4fde in HttpSM::main_handler(int, void*)
../../../../trafficserver/proxy/http/HttpSM.cc:2833
#6 0xc089db in Continuation::handleEvent(int, void*)
../../../../trafficserver/iocore/eventsystem/Continuation.cc:33
#7 0xbbb8cc in read_signal_and_update
../../../../trafficserver/iocore/net/UnixNetVConnection.cc:144
#8 0xbc3cbe in UnixNetVConnection::mainEvent(int, Event*)
../../../../trafficserver/iocore/net/UnixNetVConnection.cc:1267
#9 0xc089db in Continuation::handleEvent(int, void*)
../../../../trafficserver/iocore/eventsystem/Continuation.cc:33
#10 0xbacd13 in InactivityCop::check_inactivity(int, Event*)
../../../../trafficserver/iocore/net/UnixNet.cc:76
#11 0xc089db in Continuation::handleEvent(int, void*)
../../../../trafficserver/iocore/eventsystem/Continuation.cc:33
#12 0xc0d156 in EThread::process_event(Event*, int)
../../../../trafficserver/iocore/eventsystem/UnixEThread.cc:132
#13 0xc0dd89 in EThread::execute_regular()
../../../../trafficserver/iocore/eventsystem/UnixEThread.cc:245
#14 0xc0e6a2 in EThread::execute()
../../../../trafficserver/iocore/eventsystem/UnixEThread.cc:326
#15 0xc0b706 in spawn_thread_internal
../../../../trafficserver/iocore/eventsystem/Thread.cc:85
#16 0x2b15dcc1faa0 in start_thread (/lib64/libpthread.so.0+0x7aa0)
#17 0x2b15dd338bcc in __clone (/lib64/libc.so.6+0xe8bcc)
0x61d002f26b22 is located 162 bytes inside of 2048-byte region
[0x61d002f26a80,0x61d002f27280)
freed by thread T45 ([ET_NET 43]) here:
#0 0x5f6eba in __interceptor_free (/home/y/bin64/traffic_server+0x5f6eba)
#1 0x2b15da5b5d62 in ats_memalign_free
../../../../trafficserver/lib/ts/ink_memory.cc:136
#2 0x2b15da5d1381 in
jearena::JemallocNodumpAllocator::deallocate(_InkFreeList*, void*)
../../../../trafficserver/lib/ts/JeAllocator.cc:139
#3 0x2b15da5b7952 in malloc_free
../../../../trafficserver/lib/ts/ink_queue.cc:329
#4 0x2b15da5b7685 in ink_freelist_free
../../../../trafficserver/lib/ts/ink_queue.cc:283
#5 0x62d2ed in Allocator::free_void(void*)
/var/builds/workspace/303642-v3-component/BUILD_CONTAINER/rhel6-gcc5_5/label/DOCKER-HIGH/app_root/_build/asan_build/../../trafficserver/lib/ts/Allocator.h:76
#6 0x9c8408 in thread_free
/var/builds/workspace/303642-v3-component/BUILD_CONTAINER/rhel6-gcc5_5/label/DOCKER-HIGH/app_root/_build/asan_build/../../trafficserver/iocore/eventsystem/I_ProxyAllocator.h:87
#7 0x9c8d30 in HdrHeap::destroy()
../../../../trafficserver/proxy/hdrs/HdrHeap.cc:184
#8 0x695081 in TSMBufferDestroy ../../../trafficserver/proxy/InkAPI.cc:1992
#9 0x2aab751bf2fd in atscppapi::HeadersState::reset(tsapi_mbuffer*,
tsapi_mloc*)
/var/builds/workspace/181902-v3-PR-1151/BUILD_CONTAINER/rhel6/label/DOCKER-LOW/app_root/atlas-ats-common/src/utils/atlasatscppapi/src/Headers.cc:487
#10 0x2aab751bf2fd in atscppapi::HeadersState::~HeadersState()
/var/builds/workspace/181902-v3-PR-1151/BUILD_CONTAINER/rhel6/label/DOCKER-LOW/app_root/atlas-ats-common/src/utils/atlasatscppapi/src/Headers.cc:493
#11 0x2aab751bf2fd in atscppapi::Headers::~Headers()
/var/builds/workspace/181902-v3-PR-1151/BUILD_CONTAINER/rhel6/label/DOCKER-LOW/app_root/atlas-ats-common/src/utils/atlasatscppapi/src/Headers.cc:515
previously allocated by thread T45 ([ET_NET 43]) here:
#0 0x5f715a in __interceptor_malloc (/home/y/bin64/traffic_server+0x5f715a)
#1 0x2b15da5b5a24 in ats_malloc
../../../../trafficserver/lib/ts/ink_memory.cc:59
#2 0x2b15da5b5bc0 in ats_memalign
../../../../trafficserver/lib/ts/ink_memory.cc:94
#3 0x2b15da5d12fe in
jearena::JemallocNodumpAllocator::allocate(_InkFreeList*)
../../../../trafficserver/lib/ts/JeAllocator.cc:118
#4 0x2b15da5b75d0 in malloc_new
../../../../trafficserver/lib/ts/ink_queue.cc:268
#5 0x2b15da5b7001 in ink_freelist_new
../../../../trafficserver/lib/ts/ink_queue.cc:191
#6 0x662b55 in Allocator::alloc_void()
/var/builds/workspace/303642-v3-component/BUILD_CONTAINER/rhel6-gcc5_5/label/DOCKER-HIGH/app_root/_build/asan_build/../../trafficserver/lib/ts/Allocator.h:65
#7 0xc09f26 in thread_alloc(Allocator&, ProxyAllocator&)
../../../../trafficserver/iocore/eventsystem/ProxyAllocator.cc:38
#8 0x9c874b in new_HdrHeap(int)
../../../../trafficserver/proxy/hdrs/HdrHeap.cc:120
#9 0x694f92 in TSMBufferCreate ../../../trafficserver/proxy/InkAPI.cc:1972
#10 0x2aab751bf1ca in atscppapi::Headers::Headers()
/var/builds/workspace/181902-v3-PR-1151/BUILD_CONTAINER/rhel6/label/DOCKER-LOW/app_root/atlas-ats-common/src/utils/atlasatscppapi/src/Headers.cc:478
```
[ Full content available at: https://github.com/apache/trafficserver/pull/4230 ]
This message was relayed via gitbox.apache.org for [email protected]
