Hi Michael, This report is already severe enough to stop by and fix it. A write overflowing a stack buffer can be potentially exploited to gain control of your program, not to mention the possible stability issues caused by accidentally overwriting other variables and/or stack pointer.
HTH, Alex On Fri, Mar 22, 2019 at 3:06 AM Michael Thomson <mthomson...@gmail.com> wrote: > > Hi > > I am getting the following ASAN issue when i try to check a project that uses > Thrift library > > I have tried a number of ways to add a suppression into the ASAN_OPTIONS but > nothing seems to work > > Does any one have any suggestions on how to get this message suppressed or at > least to be able to tell it to continue to run after this report as even with > halt_on_error=0 it still stops here > > thanks > Michael. > > leaf1> ==1207==ERROR: AddressSanitizer: stack-buffer-overflow on address > 0x7ff75e2d1a60 at pc 0x000001357d5f bp 0x7ff75e2d19b0 sp 0x7ff75e2d19a8 > leaf1> WRITE of size 8 at 0x7ff75e2d1a60 thread T10 > leaf1> #0 0x1357d5e in > std::__shared_ptr<apache::thrift::transport::TTransport, > (__gnu_cxx::_Lock_policy)2>::__shared_ptr(std::__shared_ptr<apache::thrift::transport::TTransport, > (__gnu_cxx::_Lock_policy)2> const&) > /usr/local/my-deps/20190102/include/c++/6.4.0/bits/shared_ptr_base.h:926 > leaf1> #1 0x504401e in > std::shared_ptr<apache::thrift::transport::TTransport>::shared_ptr(std::shared_ptr<apache::thrift::transport::TTransport> > const&) (/home/michael/my-core-internal/build/bin/my_server+0x504401e) > leaf1> #2 0x50761c6 in > apache::thrift::protocol::TProtocol::getTransport() > (/home/michael/my-core-internal/build/bin/my_server+0x50761c6) > leaf1> #3 0x5075d61 in > apache::thrift::server::TConnectedClient::cleanup() > (/home/michael/my-core-internal/build/bin/my_server+0x5075d61) > leaf1> #4 0x50759af in apache::thrift::server::TConnectedClient::run() > (/home/michael/my-core-internal/build/bin/my_server+0x50759af) > leaf1> #5 0x505de78 in > apache::thrift::server::TThreadedServer::TConnectedClientRunner::run() > (/home/michael/my-core-internal/build/bin/my_server+0x505de78) > leaf1> #6 0x506ee0b in > apache::thrift::concurrency::PthreadThread::threadMain(void*) > (/home/michael/my-core-internal/build/bin/my_server+0x506ee0b) > leaf1> #7 0x7ff76b51fdd4 in start_thread (/lib64/libpthread.so.0+0x7dd4) > leaf1> #8 0x7ff76b248eac in __clone (/lib64/libc.so.6+0xfdeac) > leaf1> > leaf1> Address 0x7ff75e2d1a60 is located in stack of thread T10 at offset 64 > in frame > leaf2> ================================================================= > leaf2> ==1209==ERROR: AddressSanitizer: stack-buffer-overflow on address > 0x7ff6e89d1a60 at pc 0x000001357d5f bp 0x7ff6e89d19b0 sp 0x7ff6e89d19a8 > leaf2> WRITE of size 8 at 0x7ff6e89d1a60 thread T10 > leaf2> #0 0x1357d5e in > std::__shared_ptr<apache::thrift::transport::TTransport, > (__gnu_cxx::_Lock_policy)2>::__shared_ptr(std::__shared_ptr<apache::thrift::transport::TTransport, > (__gnu_cxx::_Lock_policy)2> const&) > /usr/local/my-deps/20190102/include/c++/6.4.0/bits/shared_ptr_base.h:926 > leaf2> #1 0x504401e in > std::shared_ptr<apache::thrift::transport::TTransport>::shared_ptr(std::shared_ptr<apache::thrift::transport::TTransport> > const&) (/home/michael/my-core-internal/build/bin/my_server+0x504401e) > leaf2> #2 0x50761c6 in > apache::thrift::protocol::TProtocol::getTransport() > (/home/michael/my-core-internal/build/bin/my_server+0x50761c6) > leaf2> #3 0x5075d61 in > apache::thrift::server::TConnectedClient::cleanup() > (/home/michael/my-core-internal/build/bin/my_server+0x5075d61) > leaf2> #4 0x50759af in apache::thrift::server::TConnectedClient::run() > (/home/michael/my-core-internal/build/bin/my_server+0x50759af) > leaf2> #5 0x505de78 in > apache::thrift::server::TThreadedServer::TConnectedClientRunner::run() > (/home/michael/my-core-internal/build/bin/my_server+0x505de78) > leaf2> #6 0x506ee0b in > apache::thrift::concurrency::PthreadThread::threadMain(void*) > (/home/michael/my-core-internal/build/bin/my_server+0x506ee0b) > leaf2> #7 0x7ff6f5c1edd4 in start_thread (/lib64/libpthread.so.0+0x7dd4) > leaf2> #8 0x7ff6f5947eac in __clone (/lib64/libc.so.6+0xfdeac) > leaf2> > leaf2> Address 0x7ff6e89d1a60 is located in stack of thread T10 at offset 64 > in frame > leaf1> #0 0x13565b1 in > apache::thrift::TDispatchProcessor::process(std::shared_ptr<apache::thrift::protocol::TProtocol>, > std::shared_ptr<apache::thrift::protocol::TProtocol>, void*) > /usr/local/my-deps/20190102/include/thrift/TDispatchProcessor.h:108 > leaf1> > leaf1> This frame has 3 object(s): > leaf1> [32, 36) 'mtype' > leaf1> [96, 100) 'seqid' <== Memory access at offset 64 underflows this > variable > leaf1> [160, 192) 'fname' > leaf1> HINT: this may be a false positive if your program uses some custom > stack unwind mechanism or swapcontext > leaf1> (longjmp and C++ exceptions *are* supported) > leaf1> Thread T10 created by T8 here: > leaf2> #0 0x13565b1 in > apache::thrift::TDispatchProcessor::process(std::shared_ptr<apache::thrift::protocol::TProtocol>, > std::shared_ptr<apache::thrift::protocol::TProtocol>, void*) > /usr/local/my-deps/20190102/include/thrift/TDispatchProcessor.h:108 > leaf2> > leaf2> This frame has 3 object(s): > leaf2> [32, 36) 'mtype' > leaf2> [96, 100) 'seqid' <== Memory access at offset 64 underflows this > variable > leaf2> [160, 192) 'fname' > leaf2> HINT: this may be a false positive if your program uses some custom > stack unwind mechanism or swapcontext > leaf2> (longjmp and C++ exceptions *are* supported) > leaf2> Thread T10 created by T8 here: > leaf1> #0 0x7ff76c0ce7e9 in __interceptor_pthread_create > ../../.././libsanitizer/asan/asan_interceptors.cc:236 > leaf1> #1 0x506fce4 in > apache::thrift::concurrency::PthreadThread::start() > (/home/michael/my-core-internal/build/bin/my_server+0x506fce4) > leaf1> #2 0x505dbfc in > apache::thrift::server::TThreadedServer::onClientConnected(std::shared_ptr<apache::thrift::server::TConnectedClient> > const&) (/home/michael/my-core-internal/build/bin/my_server+0x505dbfc) > leaf1> #3 0x5072c91 in > apache::thrift::server::TServerFramework::newlyConnectedClient(std::shared_ptr<apache::thrift::server::TConnectedClient> > const&) (/home/michael/my-core-internal/build/bin/my_server+0x5072c91) > leaf1> #4 0x50723fd in apache::thrift::server::TServerFramework::serve() > (/home/michael/my-core-internal/build/bin/my_server+0x50723fd) > leaf1> #5 0x505d996 in apache::thrift::server::TThreadedServer::serve() > (/home/michael/my-core-internal/build/bin/my_server+0x505d996) > leaf2> #0 0x7ff6f67cd7e9 in __interceptor_pthread_create > ../../.././libsanitizer/asan/asan_interceptors.cc:236 > leaf2> #1 0x506fce4 in > apache::thrift::concurrency::PthreadThread::start() > (/home/michael/my-core-internal/build/bin/my_server+0x506fce4) > leaf2> #2 0x505dbfc in > apache::thrift::server::TThreadedServer::onClientConnected(std::shared_ptr<apache::thrift::server::TConnectedClient> > const&) (/home/michael/my-core-internal/build/bin/my_server+0x505dbfc) > leaf2> #3 0x5072c91 in > apache::thrift::server::TServerFramework::newlyConnectedClient(std::shared_ptr<apache::thrift::server::TConnectedClient> > const&) (/home/michael/my-core-internal/build/bin/my_server+0x5072c91) > leaf2> #4 0x50723fd in apache::thrift::server::TServerFramework::serve() > (/home/michael/my-core-internal/build/bin/my_server+0x50723fd) > leaf2> #5 0x505d996 in apache::thrift::server::TThreadedServer::serve() > (/home/michael/my-core-internal/build/bin/my_server+0x505d996) > leaf1> #6 0x1111d75 in > start_server(apache::thrift::server::TThreadedServer&) > /home/michael/my-core-internal/MYServer.cpp:140 > leaf1> #7 0x1126b77 in std::thread::_State_impl<std::_Bind_simple<void > (*(std::reference_wrapper<apache::thrift::server::TThreadedServer>))(apache::thrift::server::TThreadedServer&)> > >::_M_run() (/home/michael/my-core-internal/build/bin/my_server+0x1126b77) > leaf1> #8 0x532e00e in execute_native_thread_routine > ../../../.././libstdc++-v3/src/c++11/thread.cc:83 > leaf1> > leaf1> Thread T8 created by T0 here: > leaf1> #0 0x7ff76c0ce7e9 in __interceptor_pthread_create > ../../.././libsanitizer/asan/asan_interceptors.cc:236 > leaf1> #1 0x532e304 in __gthread_create > /home/jenkins-slave/workspace/my-deps/scripts/gcc-6.4.0/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:662 > leaf1> #2 0x532e304 in > std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, > std::default_delete<std::thread::_State> >, void (*)()) > ../../../.././libstdc++-v3/src/c++11/thread.cc:163 > leaf1> #3 0x112516e in main > /home/michael/my-core-internal/MYServer.cpp:997 > leaf1> #4 0x7ff76b16d3d4 in __libc_start_main (/lib64/libc.so.6+0x223d4) > leaf1> > leaf1> SUMMARY: AddressSanitizer: stack-buffer-overflow > /usr/local/my-deps/20190102/include/c++/6.4.0/bits/shared_ptr_base.h:926 in > std::__shared_ptr<apache::thrift::transport::TTransport, > (__gnu_cxx::_Lock_policy)2>::__shared_ptr(std::__shared_ptr<apache::thrift::transport::TTransport, > (__gnu_cxx::_Lock_policy)2> const&) > leaf1> Shadow bytes around the buggy address: > leaf1> 0x0fff6bc522f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > leaf1> 0x0fff6bc52300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > leaf1> 0x0fff6bc52310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > leaf1> 0x0fff6bc52320: 00 00 f1 f1 f1 f1 01 f4 f4 f4 f2 f2 f2 f2 04 f4 > leaf1> 0x0fff6bc52330: f4 f4 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 > leaf1> =>0x0fff6bc52340: 00 00 00 00 f1 f1 f1 f1 04 f4 f4 f4[f2]f2 f2 f2 > leaf1> 0x0fff6bc52350: 04 f4 f4 f4 f2 f2 f2 f2 00 00 00 00 f3 f3 f3 f3 > leaf1> 0x0fff6bc52360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > leaf1> 0x0fff6bc52370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > leaf1> 0x0fff6bc52380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > leaf1> 0x0fff6bc52390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > leaf1> Shadow byte legend (one shadow byte represents 8 application bytes): > leaf1> Addressable: 00 > leaf1> Partially addressable: 01 02 03 04 05 06 07 > leaf1> Heap left redzone: fa > leaf1> Heap right redzone: fb > leaf1> Freed heap region: fd > leaf1> Stack left redzone: f1 > leaf1> Stack mid redzone: f2 > leaf1> Stack right redzone: f3 > leaf1> Stack partial redzone: f4 > leaf1> Stack after return: f5 > leaf1> Stack use after scope: f8 > leaf1> Global redzone: f9 > leaf1> Global init order: f6 > leaf1> Poisoned by user: f7 > leaf1> Container overflow: fc > leaf1> Array cookie: ac > leaf1> Intra object redzone: bb > leaf1> ASan internal: fe > leaf1> Left alloca redzone: ca > leaf1> Right alloca redzone: cb > leaf1> Stats: 5M malloced (1M for red zones) by 34367 calls > leaf1> Stats: 0M realloced by 120 calls > leaf1> Stats: 3M freed by 11520 calls > leaf1> Stats: 0M really freed by 0 calls > leaf1> Stats: 12M (12M-0M) mmaped; 168 maps, 0 unmaps > leaf1> mallocs by size class: 2:1231; 3:5858; 4:3328; 6:7246; 7:3819; > 8:2858; 11:3778; 12:3977; 13:363; 14:231; 15:155; 16:39; 17:113; 18:284; > 19:25; 20:14; 21:229; 22:196; 23:14; 24:9; 25:345; 26:23; 27:11; 28:5; 29:37; > 30:2; 31:7; 32:2; 33:30; 35:4; 36:2; 37:72; 39:3; 40:2; 41:7; 43:2; 44:29; > 45:5; 46:1; 48:2; 49:4; 50:2; 52:3; > leaf1> Stats: malloc large: 0 > leaf1> Stats: StackDepot: 2859 ids; 0M allocated > leaf1> Stats: SizeClassAllocator64: 12M mapped in 40389 allocations; remains > 40389 > leaf1> 02 (32): total: 64 K allocs: 1536 remains: 1536 > leaf1> 03 (48): total: 384 K allocs: 7168 remains: 7168 > leaf1> 04 (64): total: 256 K allocs: 3712 remains: 3712 > leaf1> 06 (96): total: 768 K allocs: 7936 remains: 7936 > leaf1> 07 (112): total: 512 K allocs: 4352 remains: 4352 > leaf1> 08 (128): total: 448 K allocs: 3200 remains: 3200 > leaf1> 11 (176): total: 704 K allocs: 3968 remains: 3968 > leaf1> 12 (192): total: 832 K allocs: 4096 remains: 4096 > leaf1> 13 (208): total: 192 K allocs: 640 remains: 640 > leaf1> 14 (224): total: 64 K allocs: 256 remains: 256 > leaf1> 15 (240): total: 128 K allocs: 384 remains: 384 > leaf1> 16 (256): total: 64 K allocs: 128 remains: 128 > leaf1> 17 (320): total: 128 K allocs: 256 remains: 256 > leaf1> 18 (384): total: 192 K allocs: 384 remains: 384 > leaf1> 19 (448): total: 64 K allocs: 128 remains: 128 > leaf1> 20 (512): total: 128 K allocs: 128 remains: 128 > leaf1> 21 (640): total: 256 K allocs: 408 remains: 408 > leaf1> 22 (768): total: 384 K allocs: 510 remains: 510 > leaf1> 23 (896): total: 128 K allocs: 73 remains: 73 > leaf1> 24 (1024): total: 128 K allocs: 64 remains: 64 > leaf1> 25 (1280): total: 704 K allocs: 561 remains: 561 > leaf1> 26 (1536): total: 128 K allocs: 42 remains: 42 > leaf1> 27 (1792): total: 128 K allocs: 36 remains: 36 > leaf1> 28 (2048): total: 128 K allocs: 32 remains: 32 > leaf1> 29 (2560): total: 128 K allocs: 50 remains: 50 > leaf1> 30 (3072): total: 128 K allocs: 21 remains: 21 > leaf1> 31 (3584): total: 128 K allocs: 18 remains: 18 > leaf1> 32 (4096): total: 128 K allocs: 16 remains: 16 > leaf1> 33 (5120): total: 256 K allocs: 48 remains: 48 > leaf1> 35 (7168): total: 128 K allocs: 9 remains: 9 > leaf1> 36 (8192): total: 832 K allocs: 96 remains: 96 > leaf1> 37 (10240): total: 768 K allocs: 72 remains: 72 > leaf1> 39 (14336): total: 128 K allocs: 4 remains: 4 > leaf1> 40 (16384): total: 64 K allocs: 2 remains: 2 > leaf1> 41 (20480): total: 192 K allocs: 7 remains: 7 > leaf1> 43 (28672): total: 128 K allocs: 2 remains: 2 > leaf1> 44 (32768): total: 960 K allocs: 29 remains: 29 > leaf1> 45 (40960): total: 256 K allocs: 5 remains: 5 > leaf1> 46 (49152): total: 128 K allocs: 1 remains: 1 > leaf1> 48 (65536): total: 192 K allocs: 2 remains: 2 > leaf1> 49 (81920): total: 448 K allocs: 4 remains: 4 > leaf1> 50 (98304): total: 320 K allocs: 2 remains: 2 > leaf1> 52 (131072): total: 512 K allocs: 3 remains: 3 > leaf1> Stats: LargeMmapAllocator: allocated 0 times, remains 0 (0 K) max 0 M; > by size logs: > leaf1> ==1207==ABORTING > > -- > You received this message because you are subscribed to the Google Groups > "address-sanitizer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to address-sanitizer+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Alexander Potapenko Software Engineer Google Germany GmbH Erika-Mann-Straße, 33 80636 München Geschäftsführer: Paul Manicle, Halimah DeLaine Prado Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to address-sanitizer+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
