[jira] [Updated] (TS-4470) ASAN stack-buffer-overflow when slow log is enabled
[ https://issues.apache.org/jira/browse/TS-4470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phil Sorber updated TS-4470: Backport to Version: (was: 6.2.0) > ASAN stack-buffer-overflow when slow log is enabled > --- > > Key: TS-4470 > URL: https://issues.apache.org/jira/browse/TS-4470 > Project: Traffic Server > Issue Type: Bug >Affects Versions: 6.2.0 >Reporter: Bryan Call >Assignee: Bryan Call >Priority: Blocker > Fix For: 6.2.0, 7.0.0 > > > = > ==13159==ERROR: AddressSanitizer: stack-buffer-overflow on address > 0x2b5ec8877660 at pc 0x004fcdf1 bp 0x2b5ec8875c60 sp 0x2b5ec8875410 > READ of size 260 at 0x2b5ec8877660 thread T21 ([ET_NET 20]) > #0 0x4fcdf0 in printf_common(void*, char const*, __va_list_tag*) [clone > .isra.6] (/usr/local/bin/traffic_server+0x4fcdf0) > #1 0x4fd744 in vfprintf (/usr/local/bin/traffic_server+0x4fd744) > #2 0x2b5ec1a668ee in vprintline<1024> > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:61 > #3 0x2b5ec1a668ee in Diags::print_va(char const*, DiagsLevel, SrcLoc > const*, char const*, __va_list_tag*) const > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:340 > #4 0x2b5ec1a6765f in Diags::error_va(DiagsLevel, char const*, char > const*, int, char const*, __va_list_tag*) const > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:572 > #5 0x72a724 in Diags::error(DiagsLevel, char const*, char const*, int, > char const*, ...) const /home/bcall/dev/trafficserver/lib/ts/Diags.h:242 > #6 0x7455d6 in HttpSM::update_stats() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6972 > #7 0x77b07f in HttpSM::kill_this() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6786 > #8 0x77d6f7 in HttpSM::main_handler(int, void*) > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:2660 > #9 0x832d3a in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #10 0x832d3a in HttpTunnel::main_handler(int, void*) > /home/bcall/dev/trafficserver/proxy/http/HttpTunnel.cc:1637 > #11 0xcfdbb5 in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #12 0xcfdbb5 in write_signal_and_update > /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:181 > #13 0xcfdbb5 in write_signal_done > /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:223 > #14 0xcfdbb5 in write_to_net_io(NetHandler*, UnixNetVConnection*, > EThread*) /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:563 > #15 0xcbc4ca in NetHandler::mainNetEvent(int, Event*) > /home/bcall/dev/trafficserver/iocore/net/UnixNet.cc:529 > #16 0xda8ce3 in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #17 0xda8ce3 in EThread::process_event(Event*, int) > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:148 > #18 0xdabc8a in EThread::execute() > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:275 > #19 0xda7a58 in spawn_thread_internal > /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:86 > #20 0x2b5ec2264aa0 in start_thread (/lib64/libpthread.so.0+0x3818807aa0) > #21 0x38180e893c in clone (/lib64/libc.so.6+0x38180e893c) > Address 0x2b5ec8877660 is located in stack of thread T21 ([ET_NET 20]) at > offset 736 in frame > #0 0x7443ef in HttpSM::update_stats() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6827 > This frame has 6 object(s): > [32, 36) 'offset' > [96, 100) 'skip' > [160, 164) 'length' > [224, 270) 'client_ip' > [320, 448) 'unique_id_string' > [480, 736) 'url_string' <== Memory access at offset 736 overflows this > variable > HINT: this may be a false positive if your program uses some custom stack > unwind mechanism or swapcontext > (longjmp and C++ exceptions *are* supported) > Thread T21 ([ET_NET 20]) created by T0 ([ET_NET 0]) here: > #0 0x4d50b4 in pthread_create (/usr/local/bin/traffic_server+0x4d50b4) > #1 0xda85aa in ink_thread_create > /home/bcall/dev/trafficserver/lib/ts/ink_thread.h:147 > #2 0xda85aa in Thread::start(char const*, unsigned long, void* > (*)(void*), void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:101 > #3 0xdafff2 in EventProcessor::start(int, unsigned long) > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEventProcessor.cc:141 > #4 0x4ab7ed in main /home/bcall/dev/trafficserver/proxy/Main.cc:1733 > #5 0x381801ed5c in __libc_start_main (/lib64/libc.so.6+0x381801ed5c) > SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 printf_common(void*, > char const*, __va_list_tag*) [clone .isra.6]
[jira] [Updated] (TS-4470) ASAN stack-buffer-overflow when slow log is enabled
[ https://issues.apache.org/jira/browse/TS-4470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phil Sorber updated TS-4470: Fix Version/s: 6.2.0 > ASAN stack-buffer-overflow when slow log is enabled > --- > > Key: TS-4470 > URL: https://issues.apache.org/jira/browse/TS-4470 > Project: Traffic Server > Issue Type: Bug >Affects Versions: 6.2.0 >Reporter: Bryan Call >Assignee: Bryan Call >Priority: Blocker > Fix For: 6.2.0, 7.0.0 > > > = > ==13159==ERROR: AddressSanitizer: stack-buffer-overflow on address > 0x2b5ec8877660 at pc 0x004fcdf1 bp 0x2b5ec8875c60 sp 0x2b5ec8875410 > READ of size 260 at 0x2b5ec8877660 thread T21 ([ET_NET 20]) > #0 0x4fcdf0 in printf_common(void*, char const*, __va_list_tag*) [clone > .isra.6] (/usr/local/bin/traffic_server+0x4fcdf0) > #1 0x4fd744 in vfprintf (/usr/local/bin/traffic_server+0x4fd744) > #2 0x2b5ec1a668ee in vprintline<1024> > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:61 > #3 0x2b5ec1a668ee in Diags::print_va(char const*, DiagsLevel, SrcLoc > const*, char const*, __va_list_tag*) const > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:340 > #4 0x2b5ec1a6765f in Diags::error_va(DiagsLevel, char const*, char > const*, int, char const*, __va_list_tag*) const > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:572 > #5 0x72a724 in Diags::error(DiagsLevel, char const*, char const*, int, > char const*, ...) const /home/bcall/dev/trafficserver/lib/ts/Diags.h:242 > #6 0x7455d6 in HttpSM::update_stats() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6972 > #7 0x77b07f in HttpSM::kill_this() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6786 > #8 0x77d6f7 in HttpSM::main_handler(int, void*) > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:2660 > #9 0x832d3a in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #10 0x832d3a in HttpTunnel::main_handler(int, void*) > /home/bcall/dev/trafficserver/proxy/http/HttpTunnel.cc:1637 > #11 0xcfdbb5 in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #12 0xcfdbb5 in write_signal_and_update > /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:181 > #13 0xcfdbb5 in write_signal_done > /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:223 > #14 0xcfdbb5 in write_to_net_io(NetHandler*, UnixNetVConnection*, > EThread*) /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:563 > #15 0xcbc4ca in NetHandler::mainNetEvent(int, Event*) > /home/bcall/dev/trafficserver/iocore/net/UnixNet.cc:529 > #16 0xda8ce3 in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #17 0xda8ce3 in EThread::process_event(Event*, int) > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:148 > #18 0xdabc8a in EThread::execute() > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:275 > #19 0xda7a58 in spawn_thread_internal > /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:86 > #20 0x2b5ec2264aa0 in start_thread (/lib64/libpthread.so.0+0x3818807aa0) > #21 0x38180e893c in clone (/lib64/libc.so.6+0x38180e893c) > Address 0x2b5ec8877660 is located in stack of thread T21 ([ET_NET 20]) at > offset 736 in frame > #0 0x7443ef in HttpSM::update_stats() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6827 > This frame has 6 object(s): > [32, 36) 'offset' > [96, 100) 'skip' > [160, 164) 'length' > [224, 270) 'client_ip' > [320, 448) 'unique_id_string' > [480, 736) 'url_string' <== Memory access at offset 736 overflows this > variable > HINT: this may be a false positive if your program uses some custom stack > unwind mechanism or swapcontext > (longjmp and C++ exceptions *are* supported) > Thread T21 ([ET_NET 20]) created by T0 ([ET_NET 0]) here: > #0 0x4d50b4 in pthread_create (/usr/local/bin/traffic_server+0x4d50b4) > #1 0xda85aa in ink_thread_create > /home/bcall/dev/trafficserver/lib/ts/ink_thread.h:147 > #2 0xda85aa in Thread::start(char const*, unsigned long, void* > (*)(void*), void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:101 > #3 0xdafff2 in EventProcessor::start(int, unsigned long) > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEventProcessor.cc:141 > #4 0x4ab7ed in main /home/bcall/dev/trafficserver/proxy/Main.cc:1733 > #5 0x381801ed5c in __libc_start_main (/lib64/libc.so.6+0x381801ed5c) > SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 printf_common(void*, > char const*, __va_list_tag*) [clone .isra.6] > Shadow bytes
[jira] [Updated] (TS-4470) ASAN stack-buffer-overflow when slow log is enabled
[ https://issues.apache.org/jira/browse/TS-4470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bryan Call updated TS-4470: --- Backport to Version: 6.2.0 (was: 6.2.1) > ASAN stack-buffer-overflow when slow log is enabled > --- > > Key: TS-4470 > URL: https://issues.apache.org/jira/browse/TS-4470 > Project: Traffic Server > Issue Type: Bug >Affects Versions: 6.2.0 >Reporter: Bryan Call >Assignee: Bryan Call >Priority: Blocker > Fix For: 7.0.0 > > > = > ==13159==ERROR: AddressSanitizer: stack-buffer-overflow on address > 0x2b5ec8877660 at pc 0x004fcdf1 bp 0x2b5ec8875c60 sp 0x2b5ec8875410 > READ of size 260 at 0x2b5ec8877660 thread T21 ([ET_NET 20]) > #0 0x4fcdf0 in printf_common(void*, char const*, __va_list_tag*) [clone > .isra.6] (/usr/local/bin/traffic_server+0x4fcdf0) > #1 0x4fd744 in vfprintf (/usr/local/bin/traffic_server+0x4fd744) > #2 0x2b5ec1a668ee in vprintline<1024> > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:61 > #3 0x2b5ec1a668ee in Diags::print_va(char const*, DiagsLevel, SrcLoc > const*, char const*, __va_list_tag*) const > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:340 > #4 0x2b5ec1a6765f in Diags::error_va(DiagsLevel, char const*, char > const*, int, char const*, __va_list_tag*) const > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:572 > #5 0x72a724 in Diags::error(DiagsLevel, char const*, char const*, int, > char const*, ...) const /home/bcall/dev/trafficserver/lib/ts/Diags.h:242 > #6 0x7455d6 in HttpSM::update_stats() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6972 > #7 0x77b07f in HttpSM::kill_this() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6786 > #8 0x77d6f7 in HttpSM::main_handler(int, void*) > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:2660 > #9 0x832d3a in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #10 0x832d3a in HttpTunnel::main_handler(int, void*) > /home/bcall/dev/trafficserver/proxy/http/HttpTunnel.cc:1637 > #11 0xcfdbb5 in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #12 0xcfdbb5 in write_signal_and_update > /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:181 > #13 0xcfdbb5 in write_signal_done > /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:223 > #14 0xcfdbb5 in write_to_net_io(NetHandler*, UnixNetVConnection*, > EThread*) /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:563 > #15 0xcbc4ca in NetHandler::mainNetEvent(int, Event*) > /home/bcall/dev/trafficserver/iocore/net/UnixNet.cc:529 > #16 0xda8ce3 in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #17 0xda8ce3 in EThread::process_event(Event*, int) > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:148 > #18 0xdabc8a in EThread::execute() > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:275 > #19 0xda7a58 in spawn_thread_internal > /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:86 > #20 0x2b5ec2264aa0 in start_thread (/lib64/libpthread.so.0+0x3818807aa0) > #21 0x38180e893c in clone (/lib64/libc.so.6+0x38180e893c) > Address 0x2b5ec8877660 is located in stack of thread T21 ([ET_NET 20]) at > offset 736 in frame > #0 0x7443ef in HttpSM::update_stats() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6827 > This frame has 6 object(s): > [32, 36) 'offset' > [96, 100) 'skip' > [160, 164) 'length' > [224, 270) 'client_ip' > [320, 448) 'unique_id_string' > [480, 736) 'url_string' <== Memory access at offset 736 overflows this > variable > HINT: this may be a false positive if your program uses some custom stack > unwind mechanism or swapcontext > (longjmp and C++ exceptions *are* supported) > Thread T21 ([ET_NET 20]) created by T0 ([ET_NET 0]) here: > #0 0x4d50b4 in pthread_create (/usr/local/bin/traffic_server+0x4d50b4) > #1 0xda85aa in ink_thread_create > /home/bcall/dev/trafficserver/lib/ts/ink_thread.h:147 > #2 0xda85aa in Thread::start(char const*, unsigned long, void* > (*)(void*), void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:101 > #3 0xdafff2 in EventProcessor::start(int, unsigned long) > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEventProcessor.cc:141 > #4 0x4ab7ed in main /home/bcall/dev/trafficserver/proxy/Main.cc:1733 > #5 0x381801ed5c in __libc_start_main (/lib64/libc.so.6+0x381801ed5c) > SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 printf_common(void*, > char const*, __va_list_tag*) [clone .isra.6] > S
[jira] [Updated] (TS-4470) ASAN stack-buffer-overflow when slow log is enabled
[ https://issues.apache.org/jira/browse/TS-4470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phil Sorber updated TS-4470: Backport to Version: 6.2.1 (was: 6.2.0) > ASAN stack-buffer-overflow when slow log is enabled > --- > > Key: TS-4470 > URL: https://issues.apache.org/jira/browse/TS-4470 > Project: Traffic Server > Issue Type: Bug >Affects Versions: 6.2.0 >Reporter: Bryan Call >Assignee: Bryan Call >Priority: Blocker > Fix For: 7.0.0 > > > = > ==13159==ERROR: AddressSanitizer: stack-buffer-overflow on address > 0x2b5ec8877660 at pc 0x004fcdf1 bp 0x2b5ec8875c60 sp 0x2b5ec8875410 > READ of size 260 at 0x2b5ec8877660 thread T21 ([ET_NET 20]) > #0 0x4fcdf0 in printf_common(void*, char const*, __va_list_tag*) [clone > .isra.6] (/usr/local/bin/traffic_server+0x4fcdf0) > #1 0x4fd744 in vfprintf (/usr/local/bin/traffic_server+0x4fd744) > #2 0x2b5ec1a668ee in vprintline<1024> > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:61 > #3 0x2b5ec1a668ee in Diags::print_va(char const*, DiagsLevel, SrcLoc > const*, char const*, __va_list_tag*) const > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:340 > #4 0x2b5ec1a6765f in Diags::error_va(DiagsLevel, char const*, char > const*, int, char const*, __va_list_tag*) const > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:572 > #5 0x72a724 in Diags::error(DiagsLevel, char const*, char const*, int, > char const*, ...) const /home/bcall/dev/trafficserver/lib/ts/Diags.h:242 > #6 0x7455d6 in HttpSM::update_stats() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6972 > #7 0x77b07f in HttpSM::kill_this() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6786 > #8 0x77d6f7 in HttpSM::main_handler(int, void*) > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:2660 > #9 0x832d3a in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #10 0x832d3a in HttpTunnel::main_handler(int, void*) > /home/bcall/dev/trafficserver/proxy/http/HttpTunnel.cc:1637 > #11 0xcfdbb5 in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #12 0xcfdbb5 in write_signal_and_update > /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:181 > #13 0xcfdbb5 in write_signal_done > /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:223 > #14 0xcfdbb5 in write_to_net_io(NetHandler*, UnixNetVConnection*, > EThread*) /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:563 > #15 0xcbc4ca in NetHandler::mainNetEvent(int, Event*) > /home/bcall/dev/trafficserver/iocore/net/UnixNet.cc:529 > #16 0xda8ce3 in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #17 0xda8ce3 in EThread::process_event(Event*, int) > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:148 > #18 0xdabc8a in EThread::execute() > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:275 > #19 0xda7a58 in spawn_thread_internal > /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:86 > #20 0x2b5ec2264aa0 in start_thread (/lib64/libpthread.so.0+0x3818807aa0) > #21 0x38180e893c in clone (/lib64/libc.so.6+0x38180e893c) > Address 0x2b5ec8877660 is located in stack of thread T21 ([ET_NET 20]) at > offset 736 in frame > #0 0x7443ef in HttpSM::update_stats() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6827 > This frame has 6 object(s): > [32, 36) 'offset' > [96, 100) 'skip' > [160, 164) 'length' > [224, 270) 'client_ip' > [320, 448) 'unique_id_string' > [480, 736) 'url_string' <== Memory access at offset 736 overflows this > variable > HINT: this may be a false positive if your program uses some custom stack > unwind mechanism or swapcontext > (longjmp and C++ exceptions *are* supported) > Thread T21 ([ET_NET 20]) created by T0 ([ET_NET 0]) here: > #0 0x4d50b4 in pthread_create (/usr/local/bin/traffic_server+0x4d50b4) > #1 0xda85aa in ink_thread_create > /home/bcall/dev/trafficserver/lib/ts/ink_thread.h:147 > #2 0xda85aa in Thread::start(char const*, unsigned long, void* > (*)(void*), void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:101 > #3 0xdafff2 in EventProcessor::start(int, unsigned long) > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEventProcessor.cc:141 > #4 0x4ab7ed in main /home/bcall/dev/trafficserver/proxy/Main.cc:1733 > #5 0x381801ed5c in __libc_start_main (/lib64/libc.so.6+0x381801ed5c) > SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 printf_common(void*, > char const*, __va_list_tag*) [clone .isra.6] >
[jira] [Updated] (TS-4470) ASAN stack-buffer-overflow when slow log is enabled
[ https://issues.apache.org/jira/browse/TS-4470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phil Sorber updated TS-4470: Assignee: Bryan Call > ASAN stack-buffer-overflow when slow log is enabled > --- > > Key: TS-4470 > URL: https://issues.apache.org/jira/browse/TS-4470 > Project: Traffic Server > Issue Type: Bug >Affects Versions: 6.2.0 >Reporter: Bryan Call >Assignee: Bryan Call >Priority: Blocker > Fix For: 7.0.0 > > > = > ==13159==ERROR: AddressSanitizer: stack-buffer-overflow on address > 0x2b5ec8877660 at pc 0x004fcdf1 bp 0x2b5ec8875c60 sp 0x2b5ec8875410 > READ of size 260 at 0x2b5ec8877660 thread T21 ([ET_NET 20]) > #0 0x4fcdf0 in printf_common(void*, char const*, __va_list_tag*) [clone > .isra.6] (/usr/local/bin/traffic_server+0x4fcdf0) > #1 0x4fd744 in vfprintf (/usr/local/bin/traffic_server+0x4fd744) > #2 0x2b5ec1a668ee in vprintline<1024> > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:61 > #3 0x2b5ec1a668ee in Diags::print_va(char const*, DiagsLevel, SrcLoc > const*, char const*, __va_list_tag*) const > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:340 > #4 0x2b5ec1a6765f in Diags::error_va(DiagsLevel, char const*, char > const*, int, char const*, __va_list_tag*) const > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:572 > #5 0x72a724 in Diags::error(DiagsLevel, char const*, char const*, int, > char const*, ...) const /home/bcall/dev/trafficserver/lib/ts/Diags.h:242 > #6 0x7455d6 in HttpSM::update_stats() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6972 > #7 0x77b07f in HttpSM::kill_this() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6786 > #8 0x77d6f7 in HttpSM::main_handler(int, void*) > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:2660 > #9 0x832d3a in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #10 0x832d3a in HttpTunnel::main_handler(int, void*) > /home/bcall/dev/trafficserver/proxy/http/HttpTunnel.cc:1637 > #11 0xcfdbb5 in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #12 0xcfdbb5 in write_signal_and_update > /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:181 > #13 0xcfdbb5 in write_signal_done > /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:223 > #14 0xcfdbb5 in write_to_net_io(NetHandler*, UnixNetVConnection*, > EThread*) /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:563 > #15 0xcbc4ca in NetHandler::mainNetEvent(int, Event*) > /home/bcall/dev/trafficserver/iocore/net/UnixNet.cc:529 > #16 0xda8ce3 in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #17 0xda8ce3 in EThread::process_event(Event*, int) > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:148 > #18 0xdabc8a in EThread::execute() > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:275 > #19 0xda7a58 in spawn_thread_internal > /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:86 > #20 0x2b5ec2264aa0 in start_thread (/lib64/libpthread.so.0+0x3818807aa0) > #21 0x38180e893c in clone (/lib64/libc.so.6+0x38180e893c) > Address 0x2b5ec8877660 is located in stack of thread T21 ([ET_NET 20]) at > offset 736 in frame > #0 0x7443ef in HttpSM::update_stats() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6827 > This frame has 6 object(s): > [32, 36) 'offset' > [96, 100) 'skip' > [160, 164) 'length' > [224, 270) 'client_ip' > [320, 448) 'unique_id_string' > [480, 736) 'url_string' <== Memory access at offset 736 overflows this > variable > HINT: this may be a false positive if your program uses some custom stack > unwind mechanism or swapcontext > (longjmp and C++ exceptions *are* supported) > Thread T21 ([ET_NET 20]) created by T0 ([ET_NET 0]) here: > #0 0x4d50b4 in pthread_create (/usr/local/bin/traffic_server+0x4d50b4) > #1 0xda85aa in ink_thread_create > /home/bcall/dev/trafficserver/lib/ts/ink_thread.h:147 > #2 0xda85aa in Thread::start(char const*, unsigned long, void* > (*)(void*), void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:101 > #3 0xdafff2 in EventProcessor::start(int, unsigned long) > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEventProcessor.cc:141 > #4 0x4ab7ed in main /home/bcall/dev/trafficserver/proxy/Main.cc:1733 > #5 0x381801ed5c in __libc_start_main (/lib64/libc.so.6+0x381801ed5c) > SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 printf_common(void*, > char const*, __va_list_tag*) [clone .isra.6] > Shadow bytes around
[jira] [Updated] (TS-4470) ASAN stack-buffer-overflow when slow log is enabled
[ https://issues.apache.org/jira/browse/TS-4470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bryan Call updated TS-4470: --- Backport to Version: 6.2.0 > ASAN stack-buffer-overflow when slow log is enabled > --- > > Key: TS-4470 > URL: https://issues.apache.org/jira/browse/TS-4470 > Project: Traffic Server > Issue Type: Bug >Affects Versions: 6.2.0 >Reporter: Bryan Call >Priority: Blocker > Fix For: 7.0.0 > > > = > ==13159==ERROR: AddressSanitizer: stack-buffer-overflow on address > 0x2b5ec8877660 at pc 0x004fcdf1 bp 0x2b5ec8875c60 sp 0x2b5ec8875410 > READ of size 260 at 0x2b5ec8877660 thread T21 ([ET_NET 20]) > #0 0x4fcdf0 in printf_common(void*, char const*, __va_list_tag*) [clone > .isra.6] (/usr/local/bin/traffic_server+0x4fcdf0) > #1 0x4fd744 in vfprintf (/usr/local/bin/traffic_server+0x4fd744) > #2 0x2b5ec1a668ee in vprintline<1024> > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:61 > #3 0x2b5ec1a668ee in Diags::print_va(char const*, DiagsLevel, SrcLoc > const*, char const*, __va_list_tag*) const > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:340 > #4 0x2b5ec1a6765f in Diags::error_va(DiagsLevel, char const*, char > const*, int, char const*, __va_list_tag*) const > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:572 > #5 0x72a724 in Diags::error(DiagsLevel, char const*, char const*, int, > char const*, ...) const /home/bcall/dev/trafficserver/lib/ts/Diags.h:242 > #6 0x7455d6 in HttpSM::update_stats() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6972 > #7 0x77b07f in HttpSM::kill_this() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6786 > #8 0x77d6f7 in HttpSM::main_handler(int, void*) > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:2660 > #9 0x832d3a in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #10 0x832d3a in HttpTunnel::main_handler(int, void*) > /home/bcall/dev/trafficserver/proxy/http/HttpTunnel.cc:1637 > #11 0xcfdbb5 in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #12 0xcfdbb5 in write_signal_and_update > /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:181 > #13 0xcfdbb5 in write_signal_done > /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:223 > #14 0xcfdbb5 in write_to_net_io(NetHandler*, UnixNetVConnection*, > EThread*) /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:563 > #15 0xcbc4ca in NetHandler::mainNetEvent(int, Event*) > /home/bcall/dev/trafficserver/iocore/net/UnixNet.cc:529 > #16 0xda8ce3 in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #17 0xda8ce3 in EThread::process_event(Event*, int) > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:148 > #18 0xdabc8a in EThread::execute() > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:275 > #19 0xda7a58 in spawn_thread_internal > /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:86 > #20 0x2b5ec2264aa0 in start_thread (/lib64/libpthread.so.0+0x3818807aa0) > #21 0x38180e893c in clone (/lib64/libc.so.6+0x38180e893c) > Address 0x2b5ec8877660 is located in stack of thread T21 ([ET_NET 20]) at > offset 736 in frame > #0 0x7443ef in HttpSM::update_stats() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6827 > This frame has 6 object(s): > [32, 36) 'offset' > [96, 100) 'skip' > [160, 164) 'length' > [224, 270) 'client_ip' > [320, 448) 'unique_id_string' > [480, 736) 'url_string' <== Memory access at offset 736 overflows this > variable > HINT: this may be a false positive if your program uses some custom stack > unwind mechanism or swapcontext > (longjmp and C++ exceptions *are* supported) > Thread T21 ([ET_NET 20]) created by T0 ([ET_NET 0]) here: > #0 0x4d50b4 in pthread_create (/usr/local/bin/traffic_server+0x4d50b4) > #1 0xda85aa in ink_thread_create > /home/bcall/dev/trafficserver/lib/ts/ink_thread.h:147 > #2 0xda85aa in Thread::start(char const*, unsigned long, void* > (*)(void*), void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:101 > #3 0xdafff2 in EventProcessor::start(int, unsigned long) > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEventProcessor.cc:141 > #4 0x4ab7ed in main /home/bcall/dev/trafficserver/proxy/Main.cc:1733 > #5 0x381801ed5c in __libc_start_main (/lib64/libc.so.6+0x381801ed5c) > SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 printf_common(void*, > char const*, __va_list_tag*) [clone .isra.6] > Shadow bytes around the buggy address: > 0x056c
[jira] [Updated] (TS-4470) ASAN stack-buffer-overflow when slow log is enabled
[ https://issues.apache.org/jira/browse/TS-4470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bryan Call updated TS-4470: --- Fix Version/s: 7.0.0 > ASAN stack-buffer-overflow when slow log is enabled > --- > > Key: TS-4470 > URL: https://issues.apache.org/jira/browse/TS-4470 > Project: Traffic Server > Issue Type: Bug >Affects Versions: 6.2.0 >Reporter: Bryan Call >Priority: Blocker > Fix For: 7.0.0 > > > = > ==13159==ERROR: AddressSanitizer: stack-buffer-overflow on address > 0x2b5ec8877660 at pc 0x004fcdf1 bp 0x2b5ec8875c60 sp 0x2b5ec8875410 > READ of size 260 at 0x2b5ec8877660 thread T21 ([ET_NET 20]) > #0 0x4fcdf0 in printf_common(void*, char const*, __va_list_tag*) [clone > .isra.6] (/usr/local/bin/traffic_server+0x4fcdf0) > #1 0x4fd744 in vfprintf (/usr/local/bin/traffic_server+0x4fd744) > #2 0x2b5ec1a668ee in vprintline<1024> > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:61 > #3 0x2b5ec1a668ee in Diags::print_va(char const*, DiagsLevel, SrcLoc > const*, char const*, __va_list_tag*) const > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:340 > #4 0x2b5ec1a6765f in Diags::error_va(DiagsLevel, char const*, char > const*, int, char const*, __va_list_tag*) const > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:572 > #5 0x72a724 in Diags::error(DiagsLevel, char const*, char const*, int, > char const*, ...) const /home/bcall/dev/trafficserver/lib/ts/Diags.h:242 > #6 0x7455d6 in HttpSM::update_stats() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6972 > #7 0x77b07f in HttpSM::kill_this() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6786 > #8 0x77d6f7 in HttpSM::main_handler(int, void*) > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:2660 > #9 0x832d3a in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #10 0x832d3a in HttpTunnel::main_handler(int, void*) > /home/bcall/dev/trafficserver/proxy/http/HttpTunnel.cc:1637 > #11 0xcfdbb5 in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #12 0xcfdbb5 in write_signal_and_update > /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:181 > #13 0xcfdbb5 in write_signal_done > /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:223 > #14 0xcfdbb5 in write_to_net_io(NetHandler*, UnixNetVConnection*, > EThread*) /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:563 > #15 0xcbc4ca in NetHandler::mainNetEvent(int, Event*) > /home/bcall/dev/trafficserver/iocore/net/UnixNet.cc:529 > #16 0xda8ce3 in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #17 0xda8ce3 in EThread::process_event(Event*, int) > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:148 > #18 0xdabc8a in EThread::execute() > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:275 > #19 0xda7a58 in spawn_thread_internal > /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:86 > #20 0x2b5ec2264aa0 in start_thread (/lib64/libpthread.so.0+0x3818807aa0) > #21 0x38180e893c in clone (/lib64/libc.so.6+0x38180e893c) > Address 0x2b5ec8877660 is located in stack of thread T21 ([ET_NET 20]) at > offset 736 in frame > #0 0x7443ef in HttpSM::update_stats() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6827 > This frame has 6 object(s): > [32, 36) 'offset' > [96, 100) 'skip' > [160, 164) 'length' > [224, 270) 'client_ip' > [320, 448) 'unique_id_string' > [480, 736) 'url_string' <== Memory access at offset 736 overflows this > variable > HINT: this may be a false positive if your program uses some custom stack > unwind mechanism or swapcontext > (longjmp and C++ exceptions *are* supported) > Thread T21 ([ET_NET 20]) created by T0 ([ET_NET 0]) here: > #0 0x4d50b4 in pthread_create (/usr/local/bin/traffic_server+0x4d50b4) > #1 0xda85aa in ink_thread_create > /home/bcall/dev/trafficserver/lib/ts/ink_thread.h:147 > #2 0xda85aa in Thread::start(char const*, unsigned long, void* > (*)(void*), void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:101 > #3 0xdafff2 in EventProcessor::start(int, unsigned long) > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEventProcessor.cc:141 > #4 0x4ab7ed in main /home/bcall/dev/trafficserver/proxy/Main.cc:1733 > #5 0x381801ed5c in __libc_start_main (/lib64/libc.so.6+0x381801ed5c) > SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 printf_common(void*, > char const*, __va_list_tag*) [clone .isra.6] > Shadow bytes around the buggy address: > 0x056c59106e
[jira] [Updated] (TS-4470) ASAN stack-buffer-overflow when slow log is enabled
[ https://issues.apache.org/jira/browse/TS-4470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bryan Call updated TS-4470: --- Affects Version/s: 6.2.0 > ASAN stack-buffer-overflow when slow log is enabled > --- > > Key: TS-4470 > URL: https://issues.apache.org/jira/browse/TS-4470 > Project: Traffic Server > Issue Type: Bug >Affects Versions: 6.2.0 >Reporter: Bryan Call > > = > ==13159==ERROR: AddressSanitizer: stack-buffer-overflow on address > 0x2b5ec8877660 at pc 0x004fcdf1 bp 0x2b5ec8875c60 sp 0x2b5ec8875410 > READ of size 260 at 0x2b5ec8877660 thread T21 ([ET_NET 20]) > #0 0x4fcdf0 in printf_common(void*, char const*, __va_list_tag*) [clone > .isra.6] (/usr/local/bin/traffic_server+0x4fcdf0) > #1 0x4fd744 in vfprintf (/usr/local/bin/traffic_server+0x4fd744) > #2 0x2b5ec1a668ee in vprintline<1024> > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:61 > #3 0x2b5ec1a668ee in Diags::print_va(char const*, DiagsLevel, SrcLoc > const*, char const*, __va_list_tag*) const > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:340 > #4 0x2b5ec1a6765f in Diags::error_va(DiagsLevel, char const*, char > const*, int, char const*, __va_list_tag*) const > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:572 > #5 0x72a724 in Diags::error(DiagsLevel, char const*, char const*, int, > char const*, ...) const /home/bcall/dev/trafficserver/lib/ts/Diags.h:242 > #6 0x7455d6 in HttpSM::update_stats() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6972 > #7 0x77b07f in HttpSM::kill_this() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6786 > #8 0x77d6f7 in HttpSM::main_handler(int, void*) > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:2660 > #9 0x832d3a in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #10 0x832d3a in HttpTunnel::main_handler(int, void*) > /home/bcall/dev/trafficserver/proxy/http/HttpTunnel.cc:1637 > #11 0xcfdbb5 in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #12 0xcfdbb5 in write_signal_and_update > /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:181 > #13 0xcfdbb5 in write_signal_done > /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:223 > #14 0xcfdbb5 in write_to_net_io(NetHandler*, UnixNetVConnection*, > EThread*) /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:563 > #15 0xcbc4ca in NetHandler::mainNetEvent(int, Event*) > /home/bcall/dev/trafficserver/iocore/net/UnixNet.cc:529 > #16 0xda8ce3 in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #17 0xda8ce3 in EThread::process_event(Event*, int) > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:148 > #18 0xdabc8a in EThread::execute() > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:275 > #19 0xda7a58 in spawn_thread_internal > /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:86 > #20 0x2b5ec2264aa0 in start_thread (/lib64/libpthread.so.0+0x3818807aa0) > #21 0x38180e893c in clone (/lib64/libc.so.6+0x38180e893c) > Address 0x2b5ec8877660 is located in stack of thread T21 ([ET_NET 20]) at > offset 736 in frame > #0 0x7443ef in HttpSM::update_stats() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6827 > This frame has 6 object(s): > [32, 36) 'offset' > [96, 100) 'skip' > [160, 164) 'length' > [224, 270) 'client_ip' > [320, 448) 'unique_id_string' > [480, 736) 'url_string' <== Memory access at offset 736 overflows this > variable > HINT: this may be a false positive if your program uses some custom stack > unwind mechanism or swapcontext > (longjmp and C++ exceptions *are* supported) > Thread T21 ([ET_NET 20]) created by T0 ([ET_NET 0]) here: > #0 0x4d50b4 in pthread_create (/usr/local/bin/traffic_server+0x4d50b4) > #1 0xda85aa in ink_thread_create > /home/bcall/dev/trafficserver/lib/ts/ink_thread.h:147 > #2 0xda85aa in Thread::start(char const*, unsigned long, void* > (*)(void*), void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:101 > #3 0xdafff2 in EventProcessor::start(int, unsigned long) > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEventProcessor.cc:141 > #4 0x4ab7ed in main /home/bcall/dev/trafficserver/proxy/Main.cc:1733 > #5 0x381801ed5c in __libc_start_main (/lib64/libc.so.6+0x381801ed5c) > SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 printf_common(void*, > char const*, __va_list_tag*) [clone .isra.6] > Shadow bytes around the buggy address: > 0x056c59106e70: f1 f1 f1 f1 04 f4 f4 f4 f2 f2 f2 f2 04 f4 f4 f4 > 0x
[jira] [Updated] (TS-4470) ASAN stack-buffer-overflow when slow log is enabled
[ https://issues.apache.org/jira/browse/TS-4470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bryan Call updated TS-4470: --- Priority: Blocker (was: Major) > ASAN stack-buffer-overflow when slow log is enabled > --- > > Key: TS-4470 > URL: https://issues.apache.org/jira/browse/TS-4470 > Project: Traffic Server > Issue Type: Bug >Affects Versions: 6.2.0 >Reporter: Bryan Call >Priority: Blocker > > = > ==13159==ERROR: AddressSanitizer: stack-buffer-overflow on address > 0x2b5ec8877660 at pc 0x004fcdf1 bp 0x2b5ec8875c60 sp 0x2b5ec8875410 > READ of size 260 at 0x2b5ec8877660 thread T21 ([ET_NET 20]) > #0 0x4fcdf0 in printf_common(void*, char const*, __va_list_tag*) [clone > .isra.6] (/usr/local/bin/traffic_server+0x4fcdf0) > #1 0x4fd744 in vfprintf (/usr/local/bin/traffic_server+0x4fd744) > #2 0x2b5ec1a668ee in vprintline<1024> > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:61 > #3 0x2b5ec1a668ee in Diags::print_va(char const*, DiagsLevel, SrcLoc > const*, char const*, __va_list_tag*) const > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:340 > #4 0x2b5ec1a6765f in Diags::error_va(DiagsLevel, char const*, char > const*, int, char const*, __va_list_tag*) const > /home/bcall/dev/trafficserver/lib/ts/Diags.cc:572 > #5 0x72a724 in Diags::error(DiagsLevel, char const*, char const*, int, > char const*, ...) const /home/bcall/dev/trafficserver/lib/ts/Diags.h:242 > #6 0x7455d6 in HttpSM::update_stats() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6972 > #7 0x77b07f in HttpSM::kill_this() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6786 > #8 0x77d6f7 in HttpSM::main_handler(int, void*) > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:2660 > #9 0x832d3a in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #10 0x832d3a in HttpTunnel::main_handler(int, void*) > /home/bcall/dev/trafficserver/proxy/http/HttpTunnel.cc:1637 > #11 0xcfdbb5 in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #12 0xcfdbb5 in write_signal_and_update > /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:181 > #13 0xcfdbb5 in write_signal_done > /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:223 > #14 0xcfdbb5 in write_to_net_io(NetHandler*, UnixNetVConnection*, > EThread*) /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:563 > #15 0xcbc4ca in NetHandler::mainNetEvent(int, Event*) > /home/bcall/dev/trafficserver/iocore/net/UnixNet.cc:529 > #16 0xda8ce3 in Continuation::handleEvent(int, void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153 > #17 0xda8ce3 in EThread::process_event(Event*, int) > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:148 > #18 0xdabc8a in EThread::execute() > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:275 > #19 0xda7a58 in spawn_thread_internal > /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:86 > #20 0x2b5ec2264aa0 in start_thread (/lib64/libpthread.so.0+0x3818807aa0) > #21 0x38180e893c in clone (/lib64/libc.so.6+0x38180e893c) > Address 0x2b5ec8877660 is located in stack of thread T21 ([ET_NET 20]) at > offset 736 in frame > #0 0x7443ef in HttpSM::update_stats() > /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6827 > This frame has 6 object(s): > [32, 36) 'offset' > [96, 100) 'skip' > [160, 164) 'length' > [224, 270) 'client_ip' > [320, 448) 'unique_id_string' > [480, 736) 'url_string' <== Memory access at offset 736 overflows this > variable > HINT: this may be a false positive if your program uses some custom stack > unwind mechanism or swapcontext > (longjmp and C++ exceptions *are* supported) > Thread T21 ([ET_NET 20]) created by T0 ([ET_NET 0]) here: > #0 0x4d50b4 in pthread_create (/usr/local/bin/traffic_server+0x4d50b4) > #1 0xda85aa in ink_thread_create > /home/bcall/dev/trafficserver/lib/ts/ink_thread.h:147 > #2 0xda85aa in Thread::start(char const*, unsigned long, void* > (*)(void*), void*) > /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:101 > #3 0xdafff2 in EventProcessor::start(int, unsigned long) > /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEventProcessor.cc:141 > #4 0x4ab7ed in main /home/bcall/dev/trafficserver/proxy/Main.cc:1733 > #5 0x381801ed5c in __libc_start_main (/lib64/libc.so.6+0x381801ed5c) > SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 printf_common(void*, > char const*, __va_list_tag*) [clone .isra.6] > Shadow bytes around the buggy address: > 0x056c59106e70: f1 f1 f1 f1 04 f
