[ https://issues.apache.org/jira/browse/DISPATCH-2283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17443955#comment-17443955 ]
Ganesh Murthy commented on DISPATCH-2283: ----------------------------------------- Fixed by commit - [https://github.com/apache/qpid-dispatch/commit/6769203991b20ecf0fdeb28bb8d84962b73c22fd] as part of fix to https://issues.apache.org/jira/browse/DISPATCH-2262 > heap-use-after-free in system_tests_policy_oversize_compound during > qdrc_endpoint_delivery_CT > --------------------------------------------------------------------------------------------- > > Key: DISPATCH-2283 > URL: https://issues.apache.org/jira/browse/DISPATCH-2283 > Project: Qpid Dispatch > Issue Type: Bug > Affects Versions: 1.18.0 > Reporter: Jiri Daněk > Assignee: Ted Ross > Priority: Major > Fix For: 1.18.0 > > > https://github.com/jiridanek/qpid-dispatch/runs/4140877666?check_suite_focus=true#step:9:35786 > This comes from the "set memory pool max size to 0" memory poisoning > investigation. I haven't seen this fail with unmodified main branch (yet ;) > The only somewhat similar stacktrace I could find in Jira is for this leak > DISPATCH-1699. > {noformat} > 27: ==12548==ERROR: AddressSanitizer: heap-use-after-free on address > 0x6110000136e0 at pc 0x55f47830adb9 bp 0x7f1063183140 sp 0x7f1063183130 > 27: READ of size 8 at 0x6110000136e0 thread T1 > 27: #0 0x55f47830adb8 in qdrc_endpoint_delivery_CT > ../src/router_core/core_link_endpoint.c:136 > 27: #1 0x55f4783eea3b in on_timer > ../src/router_core/modules/heartbeat_edge/heartbeat_edge.c:157 > 27: #2 0x55f4783c0613 in qdr_process_tick_CT > ../src/router_core/core_timer.c:123 > 27: #3 0x55f47838fec7 in router_core_thread > ../src/router_core/router_core_thread.c:236 > 27: #4 0x55f4782a2964 in _thread_init ../src/posix/threading.c:172 > 27: #5 0x7f1069458608 in start_thread > (/lib/x86_64-linux-gnu/libpthread.so.0+0x9608) > 27: #6 0x7f106864e292 in __clone > (/lib/x86_64-linux-gnu/libc.so.6+0x122292) > 27: > 27: 0x6110000136e0 is located 160 bytes inside of 192-byte region > [0x611000013640,0x611000013700) > 27: freed by thread T1 here: > 27: #0 0x7f1069a167cf in __interceptor_free > (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf) > 27: #1 0x55f4781e3b84 in qd_dealloc ../src/alloc_pool.c:497 > 27: #2 0x55f478308e1d in free_qdrc_endpoint_t > ../src/router_core/core_link_endpoint.c:35 > 27: #3 0x55f47830d34f in qdrc_endpoint_do_cleanup_CT > ../src/router_core/core_link_endpoint.c:245 > 27: #4 0x55f47830cb0f in qdrc_endpoint_do_detach_CT > ../src/router_core/core_link_endpoint.c:220 > 27: #5 0x55f478301824 in qdr_link_inbound_detach_CT > ../src/router_core/connections.c:2033 > 27: #6 0x55f47838fec7 in router_core_thread > ../src/router_core/router_core_thread.c:236 > 27: #7 0x55f4782a2964 in _thread_init ../src/posix/threading.c:172 > 27: #8 0x7f1069458608 in start_thread > (/lib/x86_64-linux-gnu/libpthread.so.0+0x9608) > 27: > 27: previously allocated by thread T1 here: > 27: #0 0x7f1069a17aa5 in posix_memalign > (/lib/x86_64-linux-gnu/libasan.so.5+0x10eaa5) > 27: #1 0x55f4781df9cd in qd_alloc ../src/alloc_pool.c:393 > 27: #2 0x55f478308de5 in new_qdrc_endpoint_t > ../src/router_core/core_link_endpoint.c:35 > 27: #3 0x55f478309d28 in qdrc_endpoint_create_link_CT > ../src/router_core/core_link_endpoint.c:74 > 27: #4 0x55f4783eed7d in on_conn_event > ../src/router_core/modules/heartbeat_edge/heartbeat_edge.c:178 > 27: #5 0x55f47830823d in qdrc_event_conn_raise > ../src/router_core/core_events.c:101 > 27: #6 0x55f4783c5a14 in on_conn_event > ../src/router_core/modules/edge_router/connection_manager.c:59 > 27: #7 0x55f47830823d in qdrc_event_conn_raise > ../src/router_core/core_events.c:101 > 27: #8 0x55f4782f5fdc in qdr_connection_opened_CT > ../src/router_core/connections.c:1479 > 27: #9 0x55f47838fec7 in router_core_thread > ../src/router_core/router_core_thread.c:236 > 27: #10 0x55f4782a2964 in _thread_init ../src/posix/threading.c:172 > 27: #11 0x7f1069458608 in start_thread > (/lib/x86_64-linux-gnu/libpthread.so.0+0x9608) > 27: > 27: Thread T1 created by T0 here: > 27: #0 0x7f1069943805 in pthread_create > (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805) > 27: #1 0x55f4782a2ad3 in sys_thread ../src/posix/threading.c:181 > 27: #2 0x55f47836b817 in qdr_core ../src/router_core/router_core.c:124 > 27: #3 0x55f478411c5c in qd_router_setup_late ../src/router_node.c:2127 > 27: #4 0x7f1064308ff4 (/lib/x86_64-linux-gnu/libffi.so.7+0x6ff4) > 27: #5 0x7ffdaab8945f ([stack]+0x2145f) > 27: > 27: SUMMARY: AddressSanitizer: heap-use-after-free > ../src/router_core/core_link_endpoint.c:136 in qdrc_endpoint_delivery_CT > 27: Shadow bytes around the buggy address: > 27: 0x0c227fffa680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 27: 0x0c227fffa690: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 27: 0x0c227fffa6a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd > 27: 0x0c227fffa6b0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa > 27: 0x0c227fffa6c0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd > 27: =>0x0c227fffa6d0: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd > 27: 0x0c227fffa6e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 27: 0x0c227fffa6f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 27: 0x0c227fffa700: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa > 27: 0x0c227fffa710: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 > 27: 0x0c227fffa720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 27: Shadow byte legend (one shadow byte represents 8 application bytes): > 27: Addressable: 00 > 27: Partially addressable: 01 02 03 04 05 06 07 > 27: Heap left redzone: fa > 27: Freed heap region: fd > 27: Stack left redzone: f1 > 27: Stack mid redzone: f2 > 27: Stack right redzone: f3 > 27: Stack after return: f5 > 27: Stack use after scope: f8 > 27: Global redzone: f9 > 27: Global init order: f6 > 27: Poisoned by user: f7 > 27: Container overflow: fc > 27: Array cookie: ac > 27: Intra object redzone: bb > 27: ASan internal: fe > 27: Left alloca redzone: ca > 27: Right alloca redzone: cb > 27: Shadow gap: cc > 27: ==12548==ABORTING > {noformat} -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org