[jira] [Commented] (DISPATCH-2055) AddressSanitizer: heap-use-after-free in write_log during system_tests_qdmanage

Thu, 29 Apr 2021 06:36:09 -0700 


    [ 
https://issues.apache.org/jira/browse/DISPATCH-2055?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17335490#comment-17335490
 ] 

ASF GitHub Bot commented on DISPATCH-2055:
------------------------------------------

asfgit closed pull request #1146:
URL: https://github.com/apache/qpid-dispatch/pull/1146


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> AddressSanitizer: heap-use-after-free in write_log during 
> system_tests_qdmanage
> -------------------------------------------------------------------------------
>
>                 Key: DISPATCH-2055
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-2055
>             Project: Qpid Dispatch
>          Issue Type: Bug
>    Affects Versions: 1.16.0
>            Reporter: Jiri Daněk
>            Assignee: Ganesh Murthy
>            Priority: Major
>             Fix For: 1.17.0
>
>
> https://travis-ci.com/github/apache/qpid-dispatch/jobs/498853046#L5728
> {noformat}
> 29: Process 13857 error: exit code 1, expected -1
> 29: qdrouterd -c test_router_1.conf -I 
> /home/travis/build/apache/qpid-dispatch/python
> 29: 
> /home/travis/build/apache/qpid-dispatch/build/tests/system_test.dir/system_tests_qdmanage/QdmanageTest/setUpClass/test_router_1-2.cmd
> 29: >>>>
> 29: =================================================================
> 29: ==13857==ERROR: AddressSanitizer: heap-use-after-free on address 
> 0xffffaca04ba8 at pc 0xffffb1f23f34 bp 0xffffa5cf2770 sp 0xffffa5cf2768
> 29: READ of size 8 at 0xffffaca04ba8 thread T2
> 29:     #0 0xffffb1f23f30 in write_log 
> /home/travis/build/apache/qpid-dispatch/src/log.c:343:22
> 29:     #1 0xffffb1f23f30 in qd_vlog_impl 
> /home/travis/build/apache/qpid-dispatch/src/log.c:437:5
> 29:     #2 0xffffb1f24d44 in qd_log_impl 
> /home/travis/build/apache/qpid-dispatch/src/log.c:456:3
> 29:     #3 0xffffb1b482c8 in pni_tracer_to_log_sink 
> /home/travis/build/apache/qpid-dispatch/qpid-proton/c/src/core/transport.c:2874:3
> 29: 
> 29: 0xffffaca04ba8 is located 24 bytes inside of 48-byte region 
> [0xffffaca04b90,0xffffaca04bc0)
> 29: freed by thread T3 here:
> 29:     #0 0x48f30c in free 
> (/home/travis/build/apache/qpid-dispatch/build/router/qdrouterd+0x48f30c)
> 29:     #1 0xffffb1f27c64 in qd_log_entity 
> /home/travis/build/apache/qpid-dispatch/src/log.c:555:17
> 29:     #2 0xffffacf09ff4  (/lib/aarch64-linux-gnu/libffi.so.7+0x5ff4)
> 29:     #3 0xffffacf097c8  (/lib/aarch64-linux-gnu/libffi.so.7+0x57c8)
> 29:     #4 0xffffacddfd20 in _ctypes_callproc 
> (/usr/lib/python3.8/lib-dynload/_ctypes.cpython-38-aarch64-linux-gnu.so+0xfd20)
> 29:     #5 0xffffacde0334  
> (/usr/lib/python3.8/lib-dynload/_ctypes.cpython-38-aarch64-linux-gnu.so+0x10334)
> 29:     #6 0xffffb17dc604 in _PyObject_MakeTpCall 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x299604)
> 29:     #7 0xffffb15b6698  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x73698)
> 29:     #8 0xffffb15bd888 in _PyEval_EvalFrameDefault 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x7a888)
> 29:     #9 0xffffb15c1698  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x7e698)
> 29:     #10 0xffffb17dc8a0  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x2998a0)
> 29:     #11 0xffffb15b6624  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x73624)
> 29:     #12 0xffffb15bd888 in _PyEval_EvalFrameDefault 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x7a888)
> 29:     #13 0xffffb15c1698  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x7e698)
> 29:     #14 0xffffb17dc8a0  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x2998a0)
> 29:     #15 0xffffb15b6624  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x73624)
> 29:     #16 0xffffb15bb3bc in _PyEval_EvalFrameDefault 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x783bc)
> 29:     #17 0xffffb15c1698  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x7e698)
> 29:     #18 0xffffb15b6624  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x73624)
> 29:     #19 0xffffb15b75a0 in _PyEval_EvalFrameDefault 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x745a0)
> 29:     #20 0xffffb1702958 in _PyEval_EvalCodeWithName 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x1bf958)
> 29:     #21 0xffffb17dbbbc in _PyFunction_Vectorcall 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x298bbc)
> 29:     #22 0xffffb17dc808  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x299808)
> 29:     #23 0xffffb17dcf34  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x299f34)
> 29:     #24 0xffffb17dd8c0 in PyObject_CallFunction 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x29a8c0)
> 29:     #25 0xffffb1f7e4d0 in qd_io_rx_handler 
> /home/travis/build/apache/qpid-dispatch/src/python_embedded.c:662:23
> 29:     #26 0xffffb200eb54 in qdr_forward_on_message 
> /home/travis/build/apache/qpid-dispatch/src/router_core/forwarder.c:341:28
> 29:     #27 0xffffb2031bb4 in qdr_general_handler 
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:903:9
> 29:     #28 0xffffb20ee754 in qd_timer_visit 
> /home/travis/build/apache/qpid-dispatch/src/timer.c:205:9
> 29:     #29 0xffffb20e1754 in handle 
> /home/travis/build/apache/qpid-dispatch/src/server.c:1008:9
> 29: 
> 29: previously allocated by thread T0 here:
> 29:     #0 0x48f578 in malloc 
> (/home/travis/build/apache/qpid-dispatch/build/router/qdrouterd+0x48f578)
> 29:     #1 0xffffb1f262ac in qd_malloc 
> /home/travis/build/apache/qpid-dispatch/include/qpid/dispatch/ctools.h:229:17
> 29:     #2 0xffffb1f262ac in log_sink_lh 
> /home/travis/build/apache/qpid-dispatch/src/log.c:165:16
> 29:     #3 0xffffb1f27a48 in qd_log_entity 
> /home/travis/build/apache/qpid-dispatch/src/log.c:550:32
> 29:     #4 0xffffacf09ff4  (/lib/aarch64-linux-gnu/libffi.so.7+0x5ff4)
> 29:     #5 0xffffacf097c8  (/lib/aarch64-linux-gnu/libffi.so.7+0x57c8)
> 29:     #6 0xffffacddfd20 in _ctypes_callproc 
> (/usr/lib/python3.8/lib-dynload/_ctypes.cpython-38-aarch64-linux-gnu.so+0xfd20)
> 29:     #7 0xffffacde0334  
> (/usr/lib/python3.8/lib-dynload/_ctypes.cpython-38-aarch64-linux-gnu.so+0x10334)
> 29:     #8 0xffffb17dc604 in _PyObject_MakeTpCall 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x299604)
> 29:     #9 0xffffb15b6698  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x73698)
> 29:     #10 0xffffb15bd888 in _PyEval_EvalFrameDefault 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x7a888)
> 29:     #11 0xffffb15c1698  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x7e698)
> 29:     #12 0xffffb17dc8a0  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x2998a0)
> 29:     #13 0xffffb15b6624  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x73624)
> 29:     #14 0xffffb15bd888 in _PyEval_EvalFrameDefault 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x7a888)
> 29:     #15 0xffffb15c1698  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x7e698)
> 29:     #16 0xffffb15b6624  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x73624)
> 29:     #17 0xffffb15b75a0 in _PyEval_EvalFrameDefault 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x745a0)
> 29:     #18 0xffffb15c1698  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x7e698)
> 29:     #19 0xffffb15b6624  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x73624)
> 29:     #20 0xffffb15b75a0 in _PyEval_EvalFrameDefault 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x745a0)
> 29:     #21 0xffffb1702958 in _PyEval_EvalCodeWithName 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x1bf958)
> 29:     #22 0xffffb17dbbbc in _PyFunction_Vectorcall 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x298bbc)
> 29:     #23 0xffffb15b6624  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x73624)
> 29:     #24 0xffffb15bb3bc in _PyEval_EvalFrameDefault 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x783bc)
> 29:     #25 0xffffb1702958 in _PyEval_EvalCodeWithName 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x1bf958)
> 29:     #26 0xffffb17dbbbc in _PyFunction_Vectorcall 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x298bbc)
> 29:     #27 0xffffb17dcf34  
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x299f34)
> 29:     #28 0xffffb17dd8c0 in PyObject_CallFunction 
> (/lib/aarch64-linux-gnu/libpython3.8.so.1.0+0x29a8c0)
> 29:     #29 0xffffb1f057f8 in qd_dispatch_load_config 
> /home/travis/build/apache/qpid-dispatch/src/dispatch.c:133:45
> 29:     #30 0x4bd030 in main_process 
> /home/travis/build/apache/qpid-dispatch/router/src/main.c:97:5
> 29: 
> 29: Thread T2 created by T0 here:
> 29:     #0 0x47a794 in pthread_create 
> (/home/travis/build/apache/qpid-dispatch/build/router/qdrouterd+0x47a794)
> 29:     #1 0xffffb1f79084 in sys_thread 
> /home/travis/build/apache/qpid-dispatch/src/posix/threading.c:183:5
> 29:     #2 0xffffb20dac9c in qd_server_run 
> /home/travis/build/apache/qpid-dispatch/src/server.c:1485:22
> 29: 
> 29: Thread T3 created by T0 here:
> 29:     #0 0x47a794 in pthread_create 
> (/home/travis/build/apache/qpid-dispatch/build/router/qdrouterd+0x47a794)
> 29:     #1 0xffffb1f79084 in sys_thread 
> /home/travis/build/apache/qpid-dispatch/src/posix/threading.c:183:5
> 29:     #2 0xffffb20dac9c in qd_server_run 
> /home/travis/build/apache/qpid-dispatch/src/server.c:1485:22
> 29: 
> 29: SUMMARY: AddressSanitizer: heap-use-after-free 
> /home/travis/build/apache/qpid-dispatch/src/log.c:343:22 in write_log
> 29: Shadow bytes around the buggy address:
> 29:   0x200ff5940920: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
> 29:   0x200ff5940930: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
> 29:   0x200ff5940940: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
> 29:   0x200ff5940950: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
> 29:   0x200ff5940960: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 fa
> 29: =>0x200ff5940970: fa fa fd fd fd[fd]fd fd fa fa fd fd fd fd fd fa
> 29:   0x200ff5940980: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
> 29:   0x200ff5940990: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 03 fa
> 29:   0x200ff59409a0: fa fa 00 00 00 00 03 fa fa fa fd fd fd fd fd fa
> 29:   0x200ff59409b0: fa fa fd fd fd fd fd fd fa fa 00 00 00 00 00 fa
> 29:   0x200ff59409c0: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 00 00
> 29: Shadow byte legend (one shadow byte represents 8 application bytes):
> 29:   Addressable:           00
> 29:   Partially addressable: 01 02 03 04 05 06 07 
> 29:   Heap left redzone:       fa
> 29:   Freed heap region:       fd
> 29:   Stack left redzone:      f1
> 29:   Stack mid redzone:       f2
> 29:   Stack right redzone:     f3
> 29:   Stack after return:      f5
> 29:   Stack use after scope:   f8
> 29:   Global redzone:          f9
> 29:   Global init order:       f6
> 29:   Poisoned by user:        f7
> 29:   Container overflow:      fc
> 29:   Array cookie:            ac
> 29:   Intra object redzone:    bb
> 29:   ASan internal:           fe
> 29:   Left alloca redzone:     ca
> 29:   Right alloca redzone:    cb
> 29:   Shadow gap:              cc
> 29: ==13857==ABORTING
> 29: <<<<
> 29: 
> 29: ----------------------------------------------------------------------
> 29: Ran 34 tests in 82.088s
> 29: 
> 29: FAILED (errors=6)
> 29/74 Test #29: system_tests_qdmanage .............................***Failed  
>  82.36 sec
> {noformat}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to