You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@trafficserver.apache.org by shinrich <gi...@git.apache.org> on 2016/06/01 21:23:48 UTC

[GitHub] trafficserver pull request #689: Ts 4424: ASAN heap-buffer-overflow

GitHub user shinrich opened a pull request:

    https://github.com/apache/trafficserver/pull/689

    Ts 4424: ASAN heap-buffer-overflow

    Looking at the stack the only thing that seems feasible is that the reader is moving after we get the amount of data to read.  Changed the order of fetching the block pointer and the amount to read.  A bit disturbing if this is indeed happening.  I also added a release assert to catch in this case.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/shinrich/trafficserver ts-4424

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/trafficserver/pull/689.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #689
    
----
commit 2001938ba3bc966b0758079740200e6174db81ed
Author: Susan Hinrichs <sh...@ieee.org>
Date:   2016-06-01T21:12:48Z

    TS-4424: ASAN heap-buffer-overflow.

commit 4f4f1b93197460ab97c71d7b7a43b1626376dbae
Author: Susan Hinrichs <sh...@ieee.org>
Date:   2016-06-01T21:21:53Z

    Add release assert to capture an unexpected reader move.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] trafficserver pull request #689: TS-4424: ASAN heap-buffer-overflow

Posted by shinrich <gi...@git.apache.org>.

Github user shinrich closed the pull request at:

    https://github.com/apache/trafficserver/pull/689


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] trafficserver issue #689: TS-4424: ASAN heap-buffer-overflow

Posted by shinrich <gi...@git.apache.org>.

Github user shinrich commented on the issue:

    https://github.com/apache/trafficserver/pull/689
  
    Closing.  Turns out the issue was due to openssl version change.  See Jira comments for details.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---