You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Phil Sorber (JIRA)" <ji...@apache.org> on 2016/11/02 17:01:58 UTC
[jira] [Commented] (TS-4652) ASAN issue in logging with gcc 6.1.1
[ https://issues.apache.org/jira/browse/TS-4652?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15629604#comment-15629604 ]
Phil Sorber commented on TS-4652:
---------------------------------
Back port PR?
> ASAN issue in logging with gcc 6.1.1
> ------------------------------------
>
> Key: TS-4652
> URL: https://issues.apache.org/jira/browse/TS-4652
> Project: Traffic Server
> Issue Type: Bug
> Components: Logging
> Reporter: Bryan Call
> Assignee: Bryan Call
> Fix For: 7.0.0
>
> Time Spent: 4h
> Remaining Estimate: 0h
>
> Doesn't happen all the time, but enough to make it difficult to do development:
> {code}
> [bcall@homer trafficserver]$ sudo /usr/local/bin/traffic_server
> traffic_server: using root directory '/usr/local'
> =================================================================
> ==13717==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61600004fa98 at pc 0x7fe847e44a41 bp 0x7ffdb0ec75b0 sp 0x7ffdb0ec6d28
> READ of size 518 at 0x61600004fa98 thread T0
> #0 0x7fe847e44a40 (/lib64/libasan.so.3+0x8ea40)
> #1 0x7fe847e46cad in __interceptor_vsnprintf (/lib64/libasan.so.3+0x90cad)
> #2 0x7fe847e47030 in __interceptor_snprintf (/lib64/libasan.so.3+0x91030)
> #3 0x8cfc63 in LogConfig::update_space_used() /home/bcall/dev/apache/trafficserver/proxy/logging/LogConfig.cc:786
> #4 0x8da373 in LogConfig::init(LogConfig*) /home/bcall/dev/apache/trafficserver/proxy/logging/LogConfig.cc:392
> #5 0x499024 in main /home/bcall/dev/apache/trafficserver/proxy/Main.cc:1833
> #6 0x7fe844d8e730 in __libc_start_main (/lib64/libc.so.6+0x20730)
> #7 0x4a9898 in _start (/usr/local/bin/traffic_server+0x4a9898)
> 0x61600004fa98 is located 0 bytes to the right of 536-byte region [0x61600004f880,0x61600004fa98)
> allocated by thread T14 ([LOG_FLUSH]) here:
> #0 0x7fe847e7ce20 in malloc (/lib64/libasan.so.3+0xc6e20)
> #1 0x7fe847b850d5 in ats_malloc /home/bcall/dev/apache/trafficserver/lib/ts/ink_memory.cc:59
> #2 0x8d0dec in LogConfig::update_space_used() /home/bcall/dev/apache/trafficserver/proxy/logging/LogConfig.cc:774
> #3 0x8b2bd4 in Log::periodic_tasks(long) /home/bcall/dev/apache/trafficserver/proxy/logging/Log.cc:239
> #4 0x8b4fd2 in Log::flush_thread_main(void*) /home/bcall/dev/apache/trafficserver/proxy/logging/Log.cc:1308
> #5 0x8bdbcc in LoggingFlushContinuation::mainEvent(int, void*) /home/bcall/dev/apache/trafficserver/proxy/logging/Log.cc:292
> #6 0xd078a9 in Continuation::handleEvent(int, void*) /home/bcall/dev/apache/trafficserver/iocore/eventsystem/I_Continuation.h:153
> #7 0xd078a9 in EThread::execute() /home/bcall/dev/apache/trafficserver/iocore/eventsystem/UnixEThread.cc:298
> #8 0xd04f69 in spawn_thread_internal /home/bcall/dev/apache/trafficserver/iocore/eventsystem/Thread.cc:84
> #9 0x7fe845f4d5c9 in start_thread (/lib64/libpthread.so.0+0x75c9)
> Thread T14 ([LOG_FLUSH]) created by T0 here:
> #0 0x7fe847de7458 in pthread_create (/lib64/libasan.so.3+0x31458)
> #1 0xd05b7c in ink_thread_create ../../lib/ts/ink_thread.h:147
> #2 0xd05b7c in Thread::start(char const*, unsigned long, void* (*)(void*), void*) /home/bcall/dev/apache/trafficserver/iocore/eventsystem/Thread.cc:99
> #3 0xd0e705 in EventProcessor::spawn_thread(Continuation*, char const*, unsigned long) /home/bcall/dev/apache/trafficserver/iocore/eventsystem/UnixEventProcessor.cc:184
> #4 0x8b69bd in Log::create_threads() /home/bcall/dev/apache/trafficserver/proxy/logging/Log.cc:999
> #5 0x8bbd2e in Log::init_when_enabled() /home/bcall/dev/apache/trafficserver/proxy/logging/Log.cc:957
> #6 0x8bca83 in Log::init(int) /home/bcall/dev/apache/trafficserver/proxy/logging/Log.cc:925
> #7 0x499024 in main /home/bcall/dev/apache/trafficserver/proxy/Main.cc:1833
> #8 0x7fe844d8e730 in __libc_start_main (/lib64/libc.so.6+0x20730)
> SUMMARY: AddressSanitizer: heap-buffer-overflow (/lib64/libasan.so.3+0x8ea40)
> Shadow bytes around the buggy address:
> 0x0c2c80001f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c2c80001f10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 0x0c2c80001f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 0x0c2c80001f30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 0x0c2c80001f40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> =>0x0c2c80001f50: 00 00 00[fa]fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c2c80001f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c2c80001f70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c2c80001f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c2c80001f90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c2c80001fa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> Shadow byte legend (one shadow byte represents 8 application bytes):
> Addressable: 00
> Partially addressable: 01 02 03 04 05 06 07
> Heap left redzone: fa
> Heap right redzone: fb
> Freed heap region: fd
> Stack left redzone: f1
> Stack mid redzone: f2
> Stack right redzone: f3
> Stack partial redzone: f4
> Stack after return: f5
> Stack use after scope: f8
> Global redzone: f9
> Global init order: f6
> Poisoned by user: f7
> Container overflow: fc
> Array cookie: ac
> Intra object redzone: bb
> ASan internal: fe
> Left alloca redzone: ca
> Right alloca redzone: cb
> ==13717==ABORTING
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)