[ 
https://issues.apache.org/jira/browse/TS-4558?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bryan Call updated TS-4558:
---------------------------
    Fix Version/s:     (was: 7.1.0)
                   7.0.0

> ASAN buffer overflow in traffic_manager -h
> ------------------------------------------
>
>                 Key: TS-4558
>                 URL: https://issues.apache.org/jira/browse/TS-4558
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Manager
>            Reporter: Leif Hedstrom
>            Assignee: Steven Feltner
>              Labels: ASAN
>             Fix For: 7.0.0
>
>          Time Spent: 1h 50m
>  Remaining Estimate: 0h
>
> {code}
> [root@qa1 ats]# ./bin/traffic_manager  -h
> Usage: traffic_manager [--SWITCH [ARG]]
>   switch__________________type__default___description
>       --proxyOff          on   
> =================================================================
> ==14425==ERROR: AddressSanitizer: global-buffer-overflow on address 
> 0x00000089fd40 at pc 0x7fd0aef80b5e bp 0x7ffe0d210590 sp 0x7ffe0d210588
> READ of size 4 at 0x00000089fd40 thread T0
>     #0 0x7fd0aef80b5d in usage(ArgumentDescription const*, unsigned int, char 
> const*) /usr/local/src/trafficserver/lib/ts/ink_args.cc:323
>     #1 0x7fd0aef7f5c7 in process_arg 
> /usr/local/src/trafficserver/lib/ts/ink_args.cc:122
>     #2 0x7fd0aef80135 in process_args_ex(AppVersionInfo const*, 
> ArgumentDescription const*, unsigned int, char const**) 
> /usr/local/src/trafficserver/lib/ts/ink_args.cc:237
>     #3 0x7fd0aef80bba in process_args(AppVersionInfo const*, 
> ArgumentDescription const*, unsigned int, char const**, char const*) 
> /usr/local/src/trafficserver/lib/ts/ink_args.cc:166
>     #4 0x4305a4 in main 
> /usr/local/src/trafficserver/cmd/traffic_manager/traffic_manager.cc:481
>     #5 0x7fd0abbfdb14 in __libc_start_main (/lib64/libc.so.6+0x21b14)
>     #6 0x4343e4  (/opt/ats/bin/traffic_manager+0x4343e4)
> 0x00000089fd41 is located 0 bytes to the right of global variable 'proxy_off' 
> defined in 'traffic_manager.cc:86:13' (0x89fd40) of size 1
>   'proxy_off' is ascii string ''
> SUMMARY: AddressSanitizer: global-buffer-overflow 
> /usr/local/src/trafficserver/lib/ts/ink_args.cc:323 usage(ArgumentDescription 
> const*, unsigned int, char const*)
> Shadow bytes around the buggy address:
>   0x00008010bf50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x00008010bf60: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
>   0x00008010bf70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x00008010bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x00008010bf90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> =>0x00008010bfa0: 00 00 00 00 f9 f9 f9 f9[01]f9 f9 f9 f9 f9 f9 f9
>   0x00008010bfb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x00008010bfc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x00008010bfd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x00008010bfe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x00008010bff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Shadow byte legend (one shadow byte represents 8 application bytes):
>   Addressable:           00
>   Partially addressable: 01 02 03 04 05 06 07
>   Heap left redzone:       fa
>   Heap right redzone:      fb
>   Freed heap region:       fd
>   Stack left redzone:      f1
>   Stack mid redzone:       f2
>   Stack right redzone:     f3
>   Stack partial redzone:   f4
>   Stack after return:      f5
>   Stack use after scope:   f8
>   Global redzone:          f9
>   Global init order:       f6
>   Poisoned by user:        f7
>   Container overflow:      fc
>   Array cookie:            ac
>   Intra object redzone:    bb
>   ASan internal:           fe
> ==14425==ABORTING
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to