You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Phil Sorber (JIRA)" <ji...@apache.org> on 2016/11/02 17:01:58 UTC

[jira] [Commented] (TS-4652) ASAN issue in logging with gcc 6.1.1

    [ https://issues.apache.org/jira/browse/TS-4652?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15629604#comment-15629604 ] 

Phil Sorber commented on TS-4652:
---------------------------------

Back port PR?

> ASAN issue in logging with gcc 6.1.1
> ------------------------------------
>
>                 Key: TS-4652
>                 URL: https://issues.apache.org/jira/browse/TS-4652
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Logging
>            Reporter: Bryan Call
>            Assignee: Bryan Call
>             Fix For: 7.0.0
>
>          Time Spent: 4h
>  Remaining Estimate: 0h
>
> Doesn't happen all the time, but enough to make it difficult to do development:
> {code}
> [bcall@homer trafficserver]$ sudo /usr/local/bin/traffic_server
> traffic_server: using root directory '/usr/local'
> =================================================================
> ==13717==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61600004fa98 at pc 0x7fe847e44a41 bp 0x7ffdb0ec75b0 sp 0x7ffdb0ec6d28
> READ of size 518 at 0x61600004fa98 thread T0
>     #0 0x7fe847e44a40  (/lib64/libasan.so.3+0x8ea40)
>     #1 0x7fe847e46cad in __interceptor_vsnprintf (/lib64/libasan.so.3+0x90cad)
>     #2 0x7fe847e47030 in __interceptor_snprintf (/lib64/libasan.so.3+0x91030)
>     #3 0x8cfc63 in LogConfig::update_space_used() /home/bcall/dev/apache/trafficserver/proxy/logging/LogConfig.cc:786
>     #4 0x8da373 in LogConfig::init(LogConfig*) /home/bcall/dev/apache/trafficserver/proxy/logging/LogConfig.cc:392
>     #5 0x499024 in main /home/bcall/dev/apache/trafficserver/proxy/Main.cc:1833
>     #6 0x7fe844d8e730 in __libc_start_main (/lib64/libc.so.6+0x20730)
>     #7 0x4a9898 in _start (/usr/local/bin/traffic_server+0x4a9898)
> 0x61600004fa98 is located 0 bytes to the right of 536-byte region [0x61600004f880,0x61600004fa98)
> allocated by thread T14 ([LOG_FLUSH]) here:
>     #0 0x7fe847e7ce20 in malloc (/lib64/libasan.so.3+0xc6e20)
>     #1 0x7fe847b850d5 in ats_malloc /home/bcall/dev/apache/trafficserver/lib/ts/ink_memory.cc:59
>     #2 0x8d0dec in LogConfig::update_space_used() /home/bcall/dev/apache/trafficserver/proxy/logging/LogConfig.cc:774
>     #3 0x8b2bd4 in Log::periodic_tasks(long) /home/bcall/dev/apache/trafficserver/proxy/logging/Log.cc:239
>     #4 0x8b4fd2 in Log::flush_thread_main(void*) /home/bcall/dev/apache/trafficserver/proxy/logging/Log.cc:1308
>     #5 0x8bdbcc in LoggingFlushContinuation::mainEvent(int, void*) /home/bcall/dev/apache/trafficserver/proxy/logging/Log.cc:292
>     #6 0xd078a9 in Continuation::handleEvent(int, void*) /home/bcall/dev/apache/trafficserver/iocore/eventsystem/I_Continuation.h:153
>     #7 0xd078a9 in EThread::execute() /home/bcall/dev/apache/trafficserver/iocore/eventsystem/UnixEThread.cc:298
>     #8 0xd04f69 in spawn_thread_internal /home/bcall/dev/apache/trafficserver/iocore/eventsystem/Thread.cc:84
>     #9 0x7fe845f4d5c9 in start_thread (/lib64/libpthread.so.0+0x75c9)
> Thread T14 ([LOG_FLUSH]) created by T0 here:
>     #0 0x7fe847de7458 in pthread_create (/lib64/libasan.so.3+0x31458)
>     #1 0xd05b7c in ink_thread_create ../../lib/ts/ink_thread.h:147
>     #2 0xd05b7c in Thread::start(char const*, unsigned long, void* (*)(void*), void*) /home/bcall/dev/apache/trafficserver/iocore/eventsystem/Thread.cc:99
>     #3 0xd0e705 in EventProcessor::spawn_thread(Continuation*, char const*, unsigned long) /home/bcall/dev/apache/trafficserver/iocore/eventsystem/UnixEventProcessor.cc:184
>     #4 0x8b69bd in Log::create_threads() /home/bcall/dev/apache/trafficserver/proxy/logging/Log.cc:999
>     #5 0x8bbd2e in Log::init_when_enabled() /home/bcall/dev/apache/trafficserver/proxy/logging/Log.cc:957
>     #6 0x8bca83 in Log::init(int) /home/bcall/dev/apache/trafficserver/proxy/logging/Log.cc:925
>     #7 0x499024 in main /home/bcall/dev/apache/trafficserver/proxy/Main.cc:1833
>     #8 0x7fe844d8e730 in __libc_start_main (/lib64/libc.so.6+0x20730)
> SUMMARY: AddressSanitizer: heap-buffer-overflow (/lib64/libasan.so.3+0x8ea40)
> Shadow bytes around the buggy address:
>   0x0c2c80001f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c2c80001f10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x0c2c80001f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x0c2c80001f30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x0c2c80001f40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> =>0x0c2c80001f50: 00 00 00[fa]fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c2c80001f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c2c80001f70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c2c80001f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c2c80001f90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c2c80001fa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> Shadow byte legend (one shadow byte represents 8 application bytes):
>   Addressable:           00
>   Partially addressable: 01 02 03 04 05 06 07
>   Heap left redzone:       fa
>   Heap right redzone:      fb
>   Freed heap region:       fd
>   Stack left redzone:      f1
>   Stack mid redzone:       f2
>   Stack right redzone:     f3
>   Stack partial redzone:   f4
>   Stack after return:      f5
>   Stack use after scope:   f8
>   Global redzone:          f9
>   Global init order:       f6
>   Poisoned by user:        f7
>   Container overflow:      fc
>   Array cookie:            ac
>   Intra object redzone:    bb
>   ASan internal:           fe
>   Left alloca redzone:     ca
>   Right alloca redzone:    cb
> ==13717==ABORTING
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)