You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2016/09/08 16:19:20 UTC
[jira] [Updated] (TS-4558) ASAN buffer overflow in traffic_manager
-h
[ https://issues.apache.org/jira/browse/TS-4558?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-4558:
------------------------------
Fix Version/s: (was: 7.0.0)
7.1.0
> ASAN buffer overflow in traffic_manager -h
> ------------------------------------------
>
> Key: TS-4558
> URL: https://issues.apache.org/jira/browse/TS-4558
> Project: Traffic Server
> Issue Type: Bug
> Components: Manager
> Reporter: Leif Hedstrom
> Assignee: Steven Feltner
> Labels: ASAN
> Fix For: 7.1.0
>
>
> {code}
> [root@qa1 ats]# ./bin/traffic_manager -h
> Usage: traffic_manager [--SWITCH [ARG]]
> switch__________________type__default___description
> --proxyOff on =================================================================
> ==14425==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000089fd40 at pc 0x7fd0aef80b5e bp 0x7ffe0d210590 sp 0x7ffe0d210588
> READ of size 4 at 0x00000089fd40 thread T0
> #0 0x7fd0aef80b5d in usage(ArgumentDescription const*, unsigned int, char const*) /usr/local/src/trafficserver/lib/ts/ink_args.cc:323
> #1 0x7fd0aef7f5c7 in process_arg /usr/local/src/trafficserver/lib/ts/ink_args.cc:122
> #2 0x7fd0aef80135 in process_args_ex(AppVersionInfo const*, ArgumentDescription const*, unsigned int, char const**) /usr/local/src/trafficserver/lib/ts/ink_args.cc:237
> #3 0x7fd0aef80bba in process_args(AppVersionInfo const*, ArgumentDescription const*, unsigned int, char const**, char const*) /usr/local/src/trafficserver/lib/ts/ink_args.cc:166
> #4 0x4305a4 in main /usr/local/src/trafficserver/cmd/traffic_manager/traffic_manager.cc:481
> #5 0x7fd0abbfdb14 in __libc_start_main (/lib64/libc.so.6+0x21b14)
> #6 0x4343e4 (/opt/ats/bin/traffic_manager+0x4343e4)
> 0x00000089fd41 is located 0 bytes to the right of global variable 'proxy_off' defined in 'traffic_manager.cc:86:13' (0x89fd40) of size 1
> 'proxy_off' is ascii string ''
> SUMMARY: AddressSanitizer: global-buffer-overflow /usr/local/src/trafficserver/lib/ts/ink_args.cc:323 usage(ArgumentDescription const*, unsigned int, char const*)
> Shadow bytes around the buggy address:
> 0x00008010bf50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 0x00008010bf60: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
> 0x00008010bf70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 0x00008010bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 0x00008010bf90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> =>0x00008010bfa0: 00 00 00 00 f9 f9 f9 f9[01]f9 f9 f9 f9 f9 f9 f9
> 0x00008010bfb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 0x00008010bfc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 0x00008010bfd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 0x00008010bfe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 0x00008010bff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Shadow byte legend (one shadow byte represents 8 application bytes):
> Addressable: 00
> Partially addressable: 01 02 03 04 05 06 07
> Heap left redzone: fa
> Heap right redzone: fb
> Freed heap region: fd
> Stack left redzone: f1
> Stack mid redzone: f2
> Stack right redzone: f3
> Stack partial redzone: f4
> Stack after return: f5
> Stack use after scope: f8
> Global redzone: f9
> Global init order: f6
> Poisoned by user: f7
> Container overflow: fc
> Array cookie: ac
> Intra object redzone: bb
> ASan internal: fe
> ==14425==ABORTING
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)