bneradt opened a new issue, #11388: URL: https://github.com/apache/trafficserver/issues/11388
Running https://github.com/apache/trafficserver/commit/399d04ceace14fae66dc615d96ff93557b55ad00 in production under ASan, we see the following ASan buffer overflow error: [asan_overflow.txt](https://github.com/apache/trafficserver/files/15408600/asan_overflow.txt) ``` ================================================================= ==3888081==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625008bc3900 at pc 0x7f52c03d0a63 bp 0x7f52a25a0da0 sp 0x7f52a25a0548 WRITE of size 6238 at 0x625008bc3900 thread T30 ([ET_NET 28]) #0 0x7f52c03d0a62 in __interceptor_memcpy (/lib64/libasan.so.8+0x70a62) (BuildId: 71dbf393857c775be459ab5583ba7b5fcbd9c884) #1 0xb38b3e in XpackDynamicTableStorage::write(char const*, unsigned int, char const*, unsigned int) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/proxy/hdrs/XPACK.cc:545 #2 0xb38b3e in XpackDynamicTable::insert_entry(char const*, unsigned long, char const*, unsigned long) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/proxy/hdrs/XPACK.cc:351 #3 0xb3936a in XpackDynamicTable::insert_entry(std::basic_string_view<char, std::char_traits<char> >, std::basic_string_view<char, std::char_traits<char> >) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/proxy/hdrs/XPACK.cc:366 #4 0x9ce105 in HpackIndexingTable::add_header_field(HpackHeaderField const&) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/proxy/http2/HPACK.cc:367 #5 0x9ce105 in encode_literal_header_field_with_new_name(unsigned char*, unsigned char const*, HpackHeaderField const&, HpackIndexingTable&, HpackField) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/proxy/http2/HPACK.cc:483 #6 0x9d0b83 in hpack_encode_header_block(HpackIndexingTable&, unsigned char*, unsigned long, HTTPHdr*, int) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/proxy/http2/HPACK.cc:818 #7 0x93d29d in http2_encode_header_blocks(HTTPHdr*, unsigned char*, unsigned int, unsigned int*, HpackIndexingTable&, int) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/proxy/http2/HTTP2.cc:426 #8 0x972da2 in Http2ConnectionState::send_headers_frame(Http2Stream*) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/proxy/http2/Http2ConnectionState.cc:2363 #9 0x9a7ce2 in Http2Stream::update_write_request(bool) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/proxy/http2/Http2Stream.cc:821 ... 0x625008bc3900 is located 0 bytes after 8192-byte region [0x625008bc1900,0x625008bc3900) allocated by thread T30 ([ET_NET 28]) here: #0 0x7f52c043d62f in malloc (/lib64/libasan.so.8+0xdd62f) (BuildId: 71dbf393857c775be459ab5583ba7b5fcbd9c884) #1 0x7f52bfea2a25 in ats_malloc(unsigned long) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/tscore/ink_memory.cc:65 #2 0xb35a0d in XpackDynamicTableStorage::XpackDynamicTableStorage(unsigned int) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/proxy/hdrs/XPACK.cc:523 #3 0xb35a0d in XpackDynamicTable::XpackDynamicTable(unsigned int) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/proxy/hdrs/XPACK.cc:217 #4 0x95c3f5 in HpackIndexingTable::HpackIndexingTable(unsigned int) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/include/proxy/http2/HPACK.h:114 #5 0x95c3f5 in Http2ConnectionState::init(Http2CommonSession*) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/proxy/http2/Http2ConnectionState.cc:1256 #6 0x9dbd51 in Http2ClientSession::start() /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/proxy/http2/Http2ClientSession.cc:79 #7 0xe4f874 in ProxySession::do_api_callout(TSHttpHookID) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/proxy/ProxySession.cc:150 #8 0x9da3b2 in Http2ClientSession::new_connection(NetVConnection*, MIOBuffer*, IOBufferReader*) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/proxy/http2/Http2ClientSession.cc:134 #9 0x9b7a46 in Http2SessionAccept::accept(NetVConnection*, MIOBuffer*, IOBufferReader*) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/proxy/http2/Http2SessionAccept.cc:62 #10 0x9b7518 in Http2SessionAccept::mainEvent(int, void*) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/proxy/http2/Http2SessionAccept.cc:75 #11 0x9b7518 in Http2SessionAccept::mainEvent(int, void*) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/proxy/http2/Http2SessionAccept.cc:68 #12 0xf3b7c6 in Continuation::handleEvent(int, void*) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/include/iocore/eventsystem/Continuation.h:228 #13 0xf3b7c6 in Continuation::handleEvent(int, void*) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/include/iocore/eventsystem/Continuation.h:224 #14 0xf3b7c6 in send_plugin_event /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/iocore/net/SSLNextProtocolAccept.cc:34 #15 0xf3bd91 in SSLNextProtocolTrampoline::ioCompletionEvent(int, void*) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/iocore/net/SSLNextProtocolAccept.cc:117 #16 0xfe6d70 in Continuation::handleEvent(int, void*) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/include/iocore/eventsystem/Continuation.h:228 #17 0xfe6d70 in Continuation::handleEvent(int, void*) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/include/iocore/eventsystem/Continuation.h:224 #18 0xfe6d70 in read_signal_and_update /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/iocore/net/UnixNetVConnection.cc:87 #19 0xfec3b7 in read_signal_done /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/iocore/net/UnixNetVConnection.cc:154 #20 0xfec3b7 in UnixNetVConnection::readSignalDone(int, NetHandler*) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/iocore/net/UnixNetVConnection.cc:969 #21 0xf2305c in SSLNetVConnection::net_read_io(NetHandler*, EThread*) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/iocore/net/SSLNetVConnection.cc:695 #22 0x1090278 in NetHandler::process_ready_list() /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/iocore/net/NetHandler.cc:276 #23 0x1090cd2 in NetHandler::waitForActivity(long) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/iocore/net/NetHandler.cc:364 #24 0x117ade1 in EThread::execute_regular() /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/iocore/eventsystem/UnixEThread.cc:299 #25 0x117b4c8 in EThread::execute() /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/iocore/eventsystem/UnixEThread.cc:348 #26 0x117b4c8 in EThread::execute() /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/iocore/eventsystem/UnixEThread.cc:326 #27 0x11741d7 in spawn_thread_internal /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/iocore/eventsystem/Thread.cc:75 #28 0x7f52bed3a1c9 in start_thread (/lib64/libpthread.so.0+0x81c9) (BuildId: e08f397aa6b7de799209cd5bc35aabe0496678f1) Thread T30 ([ET_NET 28]) created by T0 ([TS_MAIN]) here: #0 0x7f52c03a8ea5 in __interceptor_pthread_create (/lib64/libasan.so.8+0x48ea5) (BuildId: 71dbf393857c775be459ab5583ba7b5fcbd9c884) #1 0x11748fc in ink_thread_create /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/include/tscore/ink_thread.h:129 #2 0x11748fc in Thread::start(char const*, void*, unsigned long, std::function<void ()> const&) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/iocore/eventsystem/Thread.cc:92 #3 0x11865f4 in EventProcessor::spawn_event_threads(int, int, unsigned long) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/iocore/eventsystem/UnixEventProcessor.cc:467 #4 0x118744a in EventProcessor::start(int, unsigned long) /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/iocore/eventsystem/UnixEventProcessor.cc:548 #5 0x56fe64 in main /sd/workspace/src/git.ouryahoo.com/Edge/build/_scm/trafficserver10.0_asan/src/traffic_server/traffic_server.cc:2104 #6 0x7f52be9a7d84 in __libc_start_main (/lib64/libc.so.6+0x3ad84) (BuildId: 574d156ec0c828321a4038189fc1cfe74d0bb2ec) SUMMARY: AddressSanitizer: heap-buffer-overflow (/lib64/libasan.so.8+0x70a62) (BuildId: 71dbf393857c775be459ab5583ba7b5fcbd9c884) in __interceptor_memcpy ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
