You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2016/06/16 21:33:05 UTC

[jira] [Created] (TS-4558) ASAN buffer overflow in traffic_manager -h

Leif Hedstrom created TS-4558:
---------------------------------

             Summary: ASAN buffer overflow in traffic_manager -h
                 Key: TS-4558
                 URL: https://issues.apache.org/jira/browse/TS-4558
             Project: Traffic Server
          Issue Type: Bug
          Components: Manager
            Reporter: Leif Hedstrom


{code}
[root@qa1 ats]# ./bin/traffic_manager  -h
Usage: traffic_manager [--SWITCH [ARG]]
  switch__________________type__default___description
      --proxyOff          on   =================================================================
==14425==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000089fd40 at pc 0x7fd0aef80b5e bp 0x7ffe0d210590 sp 0x7ffe0d210588
READ of size 4 at 0x00000089fd40 thread T0
    #0 0x7fd0aef80b5d in usage(ArgumentDescription const*, unsigned int, char const*) /usr/local/src/trafficserver/lib/ts/ink_args.cc:323
    #1 0x7fd0aef7f5c7 in process_arg /usr/local/src/trafficserver/lib/ts/ink_args.cc:122
    #2 0x7fd0aef80135 in process_args_ex(AppVersionInfo const*, ArgumentDescription const*, unsigned int, char const**) /usr/local/src/trafficserver/lib/ts/ink_args.cc:237
    #3 0x7fd0aef80bba in process_args(AppVersionInfo const*, ArgumentDescription const*, unsigned int, char const**, char const*) /usr/local/src/trafficserver/lib/ts/ink_args.cc:166
    #4 0x4305a4 in main /usr/local/src/trafficserver/cmd/traffic_manager/traffic_manager.cc:481
    #5 0x7fd0abbfdb14 in __libc_start_main (/lib64/libc.so.6+0x21b14)
    #6 0x4343e4  (/opt/ats/bin/traffic_manager+0x4343e4)

0x00000089fd41 is located 0 bytes to the right of global variable 'proxy_off' defined in 'traffic_manager.cc:86:13' (0x89fd40) of size 1
  'proxy_off' is ascii string ''
SUMMARY: AddressSanitizer: global-buffer-overflow /usr/local/src/trafficserver/lib/ts/ink_args.cc:323 usage(ArgumentDescription const*, unsigned int, char const*)
Shadow bytes around the buggy address:
  0x00008010bf50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008010bf60: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008010bf70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008010bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008010bf90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x00008010bfa0: 00 00 00 00 f9 f9 f9 f9[01]f9 f9 f9 f9 f9 f9 f9
  0x00008010bfb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008010bfc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008010bfd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008010bfe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008010bff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==14425==ABORTING
{code}




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)