[jira] [Resolved] (MINIFICPP-1089) Use after free in RESTSender::sendPayload

Tue, 26 Nov 2019 07:06:17 -0800 


     [ 
https://issues.apache.org/jira/browse/MINIFICPP-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dániel Bakai resolved MINIFICPP-1089.
-------------------------------------
    Resolution: Fixed

> Use after free in RESTSender::sendPayload
> -----------------------------------------
>
>                 Key: MINIFICPP-1089
>                 URL: https://issues.apache.org/jira/browse/MINIFICPP-1089
>             Project: Apache NiFi MiNiFi C++
>          Issue Type: Bug
>    Affects Versions: 0.6.0
>            Reporter: Arpad Boda
>            Assignee: Arpad Boda
>            Priority: Major
>             Fix For: 0.7.0
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> {code}==28232== Invalid write of size 1
> ==28232==    at 0x7814AF: store (atomic_base.h:374)
> ==28232==    by 0x7814AF: operator= (atomic_base.h:267)
> ==28232==    by 0x7814AF: operator= (atomic:79)
> ==28232==    by 0x7814AF: 
> org::apache::nifi::minifi::utils::HTTPClient::forceClose() 
> (HTTPClient.cpp:118)
> ==28232==    by 0x78255B: 
> org::apache::nifi::minifi::utils::HTTPClient::~HTTPClient() 
> (HTTPClient.cpp:106)
> ==28232==    by 0x77E8E2: 
> org::apache::nifi::minifi::c2::RESTSender::sendPayload(std::__cxx11::basic_string<char,
>  std::char_traits<char>, std::allocator<char> >, 
> org::apache::nifi::minifi::c2::Direction, 
> org::apache::nifi::minifi::c2::C2Payload const&, 
> std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> 
> >) (RESTSender.cpp:96)
> ==28232==    by 0x77D653: 
> org::apache::nifi::minifi::c2::RESTSender::consumePayload(std::__cxx11::basic_string<char,
>  std::char_traits<char>, std::allocator<char> > const&, 
> org::apache::nifi::minifi::c2::C2Payload const&, 
> org::apache::nifi::minifi::c2::Direction, bool) (RESTSender.cpp:69)
> ==28232==    by 0x77CDCA: 
> org::apache::nifi::minifi::c2::RESTSender::consumePayload(org::apache::nifi::minifi::c2::C2Payload
>  const&, org::apache::nifi::minifi::c2::Direction, bool) (RESTSender.cpp:76)
> ==28232==    by 0x4D47C1: 
> org::apache::nifi::minifi::c2::C2Agent::performHeartBeat() (C2Agent.cpp:329)
> ==28232==    by 0x4D8969: 
> org::apache::nifi::minifi::c2::C2Agent::C2Agent(std::shared_ptr<org::apache::nifi::minifi::core::controller::ControllerServiceProvider>
>  const&, std::shared_ptr<org::apache::nifi::minifi::state::StateMonitor> 
> const&, std::shared_ptr<org::apache::nifi::minifi::Configure> 
> const&)::{lambda()#1}::operator()() const (C2Agent.cpp:95)
> ==28232==    by 0x4D8DDC: 
> std::_Function_handler<org::apache::nifi::minifi::state::Update (), 
> org::apache::nifi::minifi::c2::C2Agent::C2Agent(std::shared_ptr<org::apache::nifi::minifi::core::controller::ControllerServiceProvider>
>  const&, std::shared_ptr<org::apache::nifi::minifi::state::StateMonitor> 
> const&, std::shared_ptr<org::apache::nifi::minifi::Configure> 
> const&)::{lambda()#1}>::_M_invoke(std::_Any_data const&) (std_function.h:302)
> ==28232==    by 0x4B983A: operator() (std_function.h:706)
> ==28232==    by 0x4B983A: 
> org::apache::nifi::minifi::utils::Worker<org::apache::nifi::minifi::state::Update>::run()
>  (ThreadPool.h:123)
> ==28232==    by 0x4C045B: 
> org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::run_tasks(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>)
>  (ThreadPool.h:586)
> ==28232==    by 0x4BA858: __invoke_impl<void, void 
> (org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::*&)(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>),
>  
> org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>*&,
>  std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>&> 
> (invoke.h:73)
> ==28232==    by 0x4BA858: __invoke<void 
> (org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::*&)(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>),
>  
> org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>*&,
>  std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>&> 
> (invoke.h:95)
> ==28232==    by 0x4BA858: __call<void, 0, 1> (functional:467)
> ==28232==    by 0x4BA858: operator()<> (functional:551)
> ==28232==    by 0x4BA858: std::_Function_handler<void (), std::_Bind<void 
> (org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::*(org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>*,
>  
> std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>))(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>)>
>  >::_M_invoke(std::_Any_data const&) (std_function.h:316)
> ==28232==    by 0x601A66E: ??? (in 
> /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25)
> ==28232==  Address 0x10e60d28 is 40 bytes inside a block of size 64 free'd
> ==28232==    at 0x4C3123B: operator delete(void*) (in 
> /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==28232==    by 0x77E89D: operator() (unique_ptr.h:78)
> ==28232==    by 0x77E89D: ~unique_ptr (unique_ptr.h:268)
> ==28232==    by 0x77E89D: 
> org::apache::nifi::minifi::c2::RESTSender::sendPayload(std::__cxx11::basic_string<char,
>  std::char_traits<char>, std::allocator<char> >, 
> org::apache::nifi::minifi::c2::Direction, 
> org::apache::nifi::minifi::c2::C2Payload const&, 
> std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> 
> >) (RESTSender.cpp:101)
> ==28232==    by 0x77D653: 
> org::apache::nifi::minifi::c2::RESTSender::consumePayload(std::__cxx11::basic_string<char,
>  std::char_traits<char>, std::allocator<char> > const&, 
> org::apache::nifi::minifi::c2::C2Payload const&, 
> org::apache::nifi::minifi::c2::Direction, bool) (RESTSender.cpp:69)
> ==28232==    by 0x77CDCA: 
> org::apache::nifi::minifi::c2::RESTSender::consumePayload(org::apache::nifi::minifi::c2::C2Payload
>  const&, org::apache::nifi::minifi::c2::Direction, bool) (RESTSender.cpp:76)
> ==28232==    by 0x4D47C1: 
> org::apache::nifi::minifi::c2::C2Agent::performHeartBeat() (C2Agent.cpp:329)
> ==28232==    by 0x4D8969: 
> org::apache::nifi::minifi::c2::C2Agent::C2Agent(std::shared_ptr<org::apache::nifi::minifi::core::controller::ControllerServiceProvider>
>  const&, std::shared_ptr<org::apache::nifi::minifi::state::StateMonitor> 
> const&, std::shared_ptr<org::apache::nifi::minifi::Configure> 
> const&)::{lambda()#1}::operator()() const (C2Agent.cpp:95)
> ==28232==    by 0x4D8DDC: 
> std::_Function_handler<org::apache::nifi::minifi::state::Update (), 
> org::apache::nifi::minifi::c2::C2Agent::C2Agent(std::shared_ptr<org::apache::nifi::minifi::core::controller::ControllerServiceProvider>
>  const&, std::shared_ptr<org::apache::nifi::minifi::state::StateMonitor> 
> const&, std::shared_ptr<org::apache::nifi::minifi::Configure> 
> const&)::{lambda()#1}>::_M_invoke(std::_Any_data const&) (std_function.h:302)
> ==28232==    by 0x4B983A: operator() (std_function.h:706)
> ==28232==    by 0x4B983A: 
> org::apache::nifi::minifi::utils::Worker<org::apache::nifi::minifi::state::Update>::run()
>  (ThreadPool.h:123)
> ==28232==    by 0x4C045B: 
> org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::run_tasks(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>)
>  (ThreadPool.h:586)
> ==28232==    by 0x4BA858: __invoke_impl<void, void 
> (org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::*&)(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>),
>  
> org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>*&,
>  std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>&> 
> (invoke.h:73)
> ==28232==    by 0x4BA858: __invoke<void 
> (org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::*&)(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>),
>  
> org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>*&,
>  std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>&> 
> (invoke.h:95)
> ==28232==    by 0x4BA858: __call<void, 0, 1> (functional:467)
> ==28232==    by 0x4BA858: operator()<> (functional:551)
> ==28232==    by 0x4BA858: std::_Function_handler<void (), std::_Bind<void 
> (org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::*(org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>*,
>  
> std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>))(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>)>
>  >::_M_invoke(std::_Any_data const&) (std_function.h:316)
> ==28232==    by 0x601A66E: ??? (in 
> /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25)
> ==28232==    by 0x4E436DA: start_thread (pthread_create.c:463)
> ==28232==  Block was alloc'd at
> ==28232==    at 0x4C3017F: operator new(unsigned long) (in 
> /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==28232==    by 0x77E934: 
> org::apache::nifi::minifi::c2::RESTSender::sendPayload(std::__cxx11::basic_string<char,
>  std::char_traits<char>, std::allocator<char> >, 
> org::apache::nifi::minifi::c2::Direction, 
> org::apache::nifi::minifi::c2::C2Payload const&, 
> std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> 
> >) (RESTSender.cpp:104)
> ==28232==    by 0x77D653: 
> org::apache::nifi::minifi::c2::RESTSender::consumePayload(std::__cxx11::basic_string<char,
>  std::char_traits<char>, std::allocator<char> > const&, 
> org::apache::nifi::minifi::c2::C2Payload const&, 
> org::apache::nifi::minifi::c2::Direction, bool) (RESTSender.cpp:69)
> ==28232==    by 0x77CDCA: 
> org::apache::nifi::minifi::c2::RESTSender::consumePayload(org::apache::nifi::minifi::c2::C2Payload
>  const&, org::apache::nifi::minifi::c2::Direction, bool) (RESTSender.cpp:76)
> ==28232==    by 0x4D47C1: 
> org::apache::nifi::minifi::c2::C2Agent::performHeartBeat() (C2Agent.cpp:329)
> ==28232==    by 0x4D8969: 
> org::apache::nifi::minifi::c2::C2Agent::C2Agent(std::shared_ptr<org::apache::nifi::minifi::core::controller::ControllerServiceProvider>
>  const&, std::shared_ptr<org::apache::nifi::minifi::state::StateMonitor> 
> const&, std::shared_ptr<org::apache::nifi::minifi::Configure> 
> const&)::{lambda()#1}::operator()() const (C2Agent.cpp:95)
> ==28232==    by 0x4D8DDC: 
> std::_Function_handler<org::apache::nifi::minifi::state::Update (), 
> org::apache::nifi::minifi::c2::C2Agent::C2Agent(std::shared_ptr<org::apache::nifi::minifi::core::controller::ControllerServiceProvider>
>  const&, std::shared_ptr<org::apache::nifi::minifi::state::StateMonitor> 
> const&, std::shared_ptr<org::apache::nifi::minifi::Configure> 
> const&)::{lambda()#1}>::_M_invoke(std::_Any_data const&) (std_function.h:302)
> ==28232==    by 0x4B983A: operator() (std_function.h:706)
> ==28232==    by 0x4B983A: 
> org::apache::nifi::minifi::utils::Worker<org::apache::nifi::minifi::state::Update>::run()
>  (ThreadPool.h:123)
> ==28232==    by 0x4C045B: 
> org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::run_tasks(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>)
>  (ThreadPool.h:586)
> ==28232==    by 0x4BA858: __invoke_impl<void, void 
> (org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::*&)(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>),
>  
> org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>*&,
>  std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>&> 
> (invoke.h:73)
> ==28232==    by 0x4BA858: __invoke<void 
> (org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::*&)(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>),
>  
> org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>*&,
>  std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>&> 
> (invoke.h:95)
> ==28232==    by 0x4BA858: __call<void, 0, 1> (functional:467)
> ==28232==    by 0x4BA858: operator()<> (functional:551)
> ==28232==    by 0x4BA858: std::_Function_handler<void (), std::_Bind<void 
> (org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::*(org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>*,
>  
> std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>))(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>)>
>  >::_M_invoke(std::_Any_data const&) (std_function.h:316)
> ==28232==    by 0x601A66E: ??? (in 
> /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25)
> ==28232==    by 0x4E436DA: start_thread (pthread_create.c:463)
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to