[jira] [Updated] (DRILL-7047) Drill C++ Client crash due to Dangling stack ptr to sasl_callback_t

Tue, 26 Feb 2019 17:39:00 -0800 


     [ 
https://issues.apache.org/jira/browse/DRILL-7047?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sorabh Hamirwasia updated DRILL-7047:
-------------------------------------
    Labels: ready-to-commit  (was: )

> Drill C++ Client crash due to Dangling stack ptr to sasl_callback_t 
> --------------------------------------------------------------------
>
>                 Key: DRILL-7047
>                 URL: https://issues.apache.org/jira/browse/DRILL-7047
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: Client - C++
>    Affects Versions: 1.14.0
>            Reporter: Rob Wu
>            Assignee: Debraj Ray
>            Priority: Major
>              Labels: ready-to-commit
>             Fix For: 1.16.0
>
>
> The sasl_client_new does not copy its callback argument array, resulting in a 
> pointer to transient stack memory. 
>  
> [~debraj92] will be supplying a patch to resolve this issue. This patch moves 
> the callbacks array into the member variable m_callbacks which has the same 
> lifetime as the sasl impl instance and thus will remain valid until the end 
> of life.
>  
> Trace:
> {code:java}
> #0 0x00000080 in ?? ()
> #1 0xb38c04bc in _sasl_canon_user ()
> from libdrillClient.so
> #2 0xb38c0611 in _sasl_canon_user_lookup ()
> from libdrillClient.so
> #3 0xb2c0824e in gssapi_client_mech_step () from /usr/lib/sasl2/libgssapiv2.so
> #4 0xb38ad244 in sasl_client_step ()
> from libdrillClient.so
> #5 0xb37fddde in Drill::SaslAuthenticatorImpl::step(exec::shared::SaslMessage 
> const&, exec::shared::SaslMessage&) const ()
> from libdrillClient.so
> #6 0xb37bdf16 in 
> Drill::DrillClientImpl::processSaslChallenge(Drill::AllocatedBuffer*, 
> Drill::rpc::InBoundRpcMessage const&) ()
> from libdrillClient.so
> #7 0xb37bfa17 in Drill::DrillClientImpl::handleRead(unsigned char*, 
> boost_sb::system::error_code const&, unsigned int) ()
> from libdrillClient.so
> #8 0xb37c0955 in 
> boost_sb::detail::function::void_function_obj_invoker2<boost_sb::_bi::bind_t<void,
>  boost_sb::_mfi::mf3<void, Drill::DrillClientImpl, unsigned char*, 
> boost_sb::system::error_code const&, unsigned int>, 
> boost_sb::_bi::list4<boost_sb::_bi::value<Drill::DrillClientImpl*>, 
> boost_sb::_bi::value<unsigned char*>, boost_sb::arg<1> (*)(), 
> boost_sb::arg<2> (*)()> >, void, boost_sb::system::error_code const&, 
> unsigned int>::invoke(boost_sb::detail::function::function_buffer&, 
> boost_sb::system::error_code const&, unsigned int) ()
> from libdrillClient.so
> #9 0xb378f17d in boost_sb::function2<void, boost_sb::system::error_code 
> const&, unsigned int>::operator()(boost_sb::system::error_code const&, 
> unsigned int) const
> () from libdrillClient.so
> #10 0xb3799bc8 in boost_sb::asio::detail::read_op<Drill::Socket, 
> boost_sb::asio::mutable_buffers_1, boost_sb::asio::mutable_buffer const*, 
> boost_sb::asio::detail::transfer_all_t, boost_sb::function<void 
> (boost_sb::system::error_code const&, unsigned int)> 
> >::operator()(boost_sb::system::error_code const&, unsigned int, int) ()
> from libdrillClient.so
> #11 0xb379a1c3 in 
> boost_sb::asio::detail::reactive_socket_recv_op<boost_sb::asio::mutable_buffers_1,
>  boost_sb::asio::detail::read_op<Drill::Socket, 
> boost_sb::asio::mutable_buffers_1, boost_sb::asio::mutable_buffer const*, 
> boost_sb::asio::detail::transfer_all_t, boost_sb::function<void 
> (boost_sb::system::error_code const&, unsigned int)> > >::do_complete(void*, 
> boost_sb::asio::detail::scheduler_operation*, boost_sb::system::error_code 
> const&, unsigned int) ()
> from libdrillClient.so
> #12 0xb3788fb8 in 
> boost_sb::asio::detail::epoll_reactor::descriptor_state::do_complete(void*, 
> boost_sb::asio::detail::scheduler_operation*, boost_sb::system::error_code 
> const&, unsigned int) ()
> from libdrillClient.so
> #13 0xb3791948 in boost_sb::asio::io_context::run() ()
> from libdrillClient.so
> #14 0xb37c0e67 in 
> boost_sb::detail::thread_data<boost_sb::_bi::bind_t<unsigned int, 
> boost_sb::_mfi::mf0<unsigned int, boost_sb::asio::io_context>, 
> boost_sb::_bi::list1<boost_sb::_bi::value<boost_sb::asio::io_context*> > > 
> >::run() ()
> from libdrillClient.so
> #15 0xb3825f5a in thread_proxy ()
> from libdrillClient.so
> #16 0xb6730b3c in start_thread () from /lib/libpthread.so.0
> #17 0xb64db44e in clone () from /lib/libc.so.6
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to