[ https://issues.apache.org/jira/browse/TS-4558?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-4558: ------------------------------ Backport to Version: 7.0.0 > ASAN buffer overflow in traffic_manager -h > ------------------------------------------ > > Key: TS-4558 > URL: https://issues.apache.org/jira/browse/TS-4558 > Project: Traffic Server > Issue Type: Bug > Components: Manager > Reporter: Leif Hedstrom > Assignee: Steven Feltner > Labels: ASAN > Fix For: 7.1.0 > > Time Spent: 1h 50m > Remaining Estimate: 0h > > {code} > [root@qa1 ats]# ./bin/traffic_manager -h > Usage: traffic_manager [--SWITCH [ARG]] > switch__________________type__default___description > --proxyOff on > ================================================================= > ==14425==ERROR: AddressSanitizer: global-buffer-overflow on address > 0x00000089fd40 at pc 0x7fd0aef80b5e bp 0x7ffe0d210590 sp 0x7ffe0d210588 > READ of size 4 at 0x00000089fd40 thread T0 > #0 0x7fd0aef80b5d in usage(ArgumentDescription const*, unsigned int, char > const*) /usr/local/src/trafficserver/lib/ts/ink_args.cc:323 > #1 0x7fd0aef7f5c7 in process_arg > /usr/local/src/trafficserver/lib/ts/ink_args.cc:122 > #2 0x7fd0aef80135 in process_args_ex(AppVersionInfo const*, > ArgumentDescription const*, unsigned int, char const**) > /usr/local/src/trafficserver/lib/ts/ink_args.cc:237 > #3 0x7fd0aef80bba in process_args(AppVersionInfo const*, > ArgumentDescription const*, unsigned int, char const**, char const*) > /usr/local/src/trafficserver/lib/ts/ink_args.cc:166 > #4 0x4305a4 in main > /usr/local/src/trafficserver/cmd/traffic_manager/traffic_manager.cc:481 > #5 0x7fd0abbfdb14 in __libc_start_main (/lib64/libc.so.6+0x21b14) > #6 0x4343e4 (/opt/ats/bin/traffic_manager+0x4343e4) > 0x00000089fd41 is located 0 bytes to the right of global variable 'proxy_off' > defined in 'traffic_manager.cc:86:13' (0x89fd40) of size 1 > 'proxy_off' is ascii string '' > SUMMARY: AddressSanitizer: global-buffer-overflow > /usr/local/src/trafficserver/lib/ts/ink_args.cc:323 usage(ArgumentDescription > const*, unsigned int, char const*) > Shadow bytes around the buggy address: > 0x00008010bf50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x00008010bf60: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 > 0x00008010bf70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x00008010bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x00008010bf90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > =>0x00008010bfa0: 00 00 00 00 f9 f9 f9 f9[01]f9 f9 f9 f9 f9 f9 f9 > 0x00008010bfb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x00008010bfc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x00008010bfd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x00008010bfe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x00008010bff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > Shadow byte legend (one shadow byte represents 8 application bytes): > Addressable: 00 > Partially addressable: 01 02 03 04 05 06 07 > Heap left redzone: fa > Heap right redzone: fb > Freed heap region: fd > Stack left redzone: f1 > Stack mid redzone: f2 > Stack right redzone: f3 > Stack partial redzone: f4 > Stack after return: f5 > Stack use after scope: f8 > Global redzone: f9 > Global init order: f6 > Poisoned by user: f7 > Container overflow: fc > Array cookie: ac > Intra object redzone: bb > ASan internal: fe > ==14425==ABORTING > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)