You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by GitBox <gi...@apache.org> on 2021/02/05 02:36:40 UTC
[GitHub] [trafficserver] masaori335 opened a new issue #7489: ASan: dynamic-stack-buffer-overflow on unit test of access_control plugin
masaori335 opened a new issue #7489:
URL: https://github.com/apache/trafficserver/issues/7489
The master branch has build failure on fedora & freebsd. It looks like https://github.com/apache/trafficserver/commit/1ad4e81e37f1d21c9ee6d1075478cf6eee7e782e triggered the crash on unit test of access_control plugin with ASan.
```
FAIL: experimental/access_control/test_access_control
=====================================================
=================================================================
==12661==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7ffc123c7f10 at pc 0x7fb620c2d2d5 bp 0x7ffc123c7e80 sp 0x7ffc123c7e70
READ of size 1 at 0x7ffc123c7f10 thread T0
#0 0x7fb620c2d2d4 in ats_base64_decode(char const*, unsigned long, unsigned char*, unsigned long, unsigned long*) ../../../src/tscore/ink_base64.cc:139
#1 0x65a8c8 in cryptoBase64Decode(char const*, unsigned long, char*, unsigned long) ../../plugins/experimental/access_control/utils.cc:353
#2 0x65a8c8 in cryptoModifiedBase64Decode(char const*, unsigned long, char*, unsigned long) ../../plugins/experimental/access_control/utils.cc:430
#3 0x64711a in ____C_A_T_C_H____T_E_S_T____16 ../../plugins/experimental/access_control/unit_tests/test_utils.cc:217
#4 0x485102 in Catch::TestInvokerAsFunction::invoke() const ../../tests/include/catch.hpp:14036
#5 0x485102 in Catch::TestCase::invoke() const ../../tests/include/catch.hpp:13929
#6 0x485102 in Catch::RunContext::invokeActiveTestCase() ../../tests/include/catch.hpp:12791
#7 0x4f9606 in Catch::RunContext::runCurrentTest(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) ../../tests/include/catch.hpp:12764
#8 0x542dcf in Catch::RunContext::runTest(Catch::TestCase const&) ../../tests/include/catch.hpp:12525
#9 0x564107 in execute ../../tests/include/catch.hpp:13119
#10 0x564107 in Catch::Session::runInternal() ../../tests/include/catch.hpp:13325
#11 0x5663a1 in Catch::Session::run() ../../tests/include/catch.hpp:13281
#12 0x45e7eb in int Catch::Session::run<char>(int, char const* const*) ../../tests/include/catch.hpp:13003
#13 0x45e7eb in int Catch::Session::run<char>(int, char const* const*) ../../tests/include/catch.hpp:12998
#14 0x45e7eb in main ../../tests/include/catch.hpp:17164
#15 0x7fb620310081 in __libc_start_main (/lib64/libc.so.6+0x27081)
#16 0x461ddd in _start (/var/jenkins/workspace/fedora_32-master/compiler/gcc/label/fedora_32/type/release/build/BUILDS/plugins/experimental/access_control/.libs/lt-test_access_control+0x461ddd)
Address 0x7ffc123c7f10 is located in stack of thread T0
SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow ../../../src/tscore/ink_base64.cc:139 in ats_base64_decode(char const*, unsigned long, unsigned char*, unsigned long, unsigned long*)
Shadow bytes around the buggy address:
0x100002470f90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100002470fa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100002470fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100002470fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100002470fd0: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca
=>0x100002470fe0: 00 00[cb]cb cb cb cb cb 00 00 00 00 00 00 00 00
0x100002470ff0: 00 00 f1 f1 f1 f1 00 f3 f3 f3 00 00 00 00 00 00
0x100002471000: 00 00 00 00 ca ca ca ca 00 00 04 cb cb cb cb cb
0x100002471010: 00 00 00 00 ca ca ca ca 00 00 04 cb cb cb cb cb
0x100002471020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100002471030: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 f8 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==12661==ABORTING
```
https://ci.trafficserver.apache.org/view/10.x%20master/job/fedora_32-master/compiler=gcc,label=fedora_32,type=release/269/console
On FreeBSD, the unit test is failed without ASan. The root cause might be the same.
```
FAIL: experimental/access_control/test_access_control
=====================================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test_access_control is a Catch v2.11.0 host application.
Run with -? for options
-------------------------------------------------------------------------------
Base64: modified encode / decode with '+', '/' and various paddings
-------------------------------------------------------------------------------
../../plugins/experimental/access_control/unit_tests/test_utils.cc:198
...............................................................................
../../plugins/experimental/access_control/unit_tests/test_utils.cc:221: FAILED:
CHECK( strlen(decoded[i]) == decodedMessageLen )
with expansion:
12 == 13
with messages:
i := 0
decoded[i] := "ts>ts?ts!!!!"
std::string(decodedMessage) := "ts>ts?ts!!!!�"
```
https://ci.trafficserver.apache.org/view/10.x%20master/job/freebsd_12-master/compiler=clang,label=freebsd_12,type=release/1622/console
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] maskit commented on issue #7489: ASan: dynamic-stack-buffer-overflow on unit test of access_control plugin
Posted by GitBox <gi...@apache.org>.
maskit commented on issue #7489:
URL: https://github.com/apache/trafficserver/issues/7489#issuecomment-777886339
Fedora32-master and FreeBSD12-master were fixed.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] maskit closed issue #7489: ASan: dynamic-stack-buffer-overflow on unit test of access_control plugin
Posted by GitBox <gi...@apache.org>.
maskit closed issue #7489:
URL: https://github.com/apache/trafficserver/issues/7489
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org