ASAN reports "stack buffer over flow" #368
Labels
help wanted
Extra attention is needed
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
ASAN complains
Expected behavior
Runs forever
Actual Behavior
==382476==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffff03f8bd0 at pc 0x7ffff75f9fb9 bp 0x7ffff33fdca0 sp 0x7ffff33fd448
READ of size 2 at 0x7ffff03f8bd0 thread T1
#0 0x7ffff75f9fb8 in read_iovec ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1013
#1 0x7ffff763c4ec in read_msghdr ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:3082
#2 0x7ffff763dcf5 in __interceptor_sendmsg ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:3099
#3 0x5555559bfc55 in tcp_dowrite /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_tcpconn.c:69
#4 0x5555559c09f9 in tcp_cb /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_tcpconn.c:245
#5 0x55555564d9ed in nni_posix_poll_thr /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_pollq_epoll.c:291
#6 0x555555642bc5 in nni_thr_wrap /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/thread.c:94
#7 0x55555564bd7a in nni_plat_thr_main /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_thread.c:266
#8 0x7ffff6f49b42 in start_thread nptl/pthread_create.c:442
#9 0x7ffff6fdb9ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)
Address 0x7ffff03f8bd0 is located in stack of thread T7 at offset 112 in frame
#0 0x55555560bd74 in server_cb /home/jaylin/Projects/EdgeComputing/nanomq/nanomq/apps/broker.c:225
This frame has 3 object(s):
[32, 40) 'msg' (line 227)
[64, 72) 'decode_msg' (line 280)
[96, 104) 'rep_msg' (line 403) <== Memory access at offset 112 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions are supported)
Thread T7 created by T0 here:
#0 0x7ffff7616685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
#1 0x55555564beaa in nni_plat_thr_init /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_thread.c:279
#2 0x555555642e71 in nni_thr_init /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/thread.c:121
#3 0x555555641b2f in nni_taskq_init /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/taskq.c:95
#4 0x55555564288f in nni_taskq_sys_init /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/taskq.c:294
#5 0x55555562c70e in nni_init_helper /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/init.c:35
#6 0x55555564c24f in nni_plat_init /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_thread.c:422
#7 0x55555562c78f in nni_init /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/init.c:58
#8 0x55555569592a in nng_mtx_alloc /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/supplemental/util/platform.c:93
#9 0x5555555e0616 in log_init /home/jaylin/Projects/EdgeComputing/nanomq/nanomq/mqtt_api.c:223
#10 0x55555561590a in broker_start /home/jaylin/Projects/EdgeComputing/nanomq/nanomq/apps/broker.c:1565
#11 0x5555555e09bf in main /home/jaylin/Projects/EdgeComputing/nanomq/nanomq/nanomq.c:142
#12 0x7ffff6eded8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: stack-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1013 in read_iovec
Shadow bytes around the buggy address:
0x10007e077120: 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 00 00 f3 f3
0x10007e077130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e077140: 00 00 f1 f1 f1 f1 00 f3 f3 f3 00 00 00 00 00 00
0x10007e077150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e077160: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x10007e077170: 00 f2 f2 f2 00 f2 f2 f2 00 f3[f3]f3 00 00 00 00
0x10007e077180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e077190: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00
0x10007e0771a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3
0x10007e0771b0: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007e0771c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
Thread T1 created by T0 here:
#0 0x7ffff7616685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
#1 0x55555564beaa in nni_plat_thr_init /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_thread.c:279
#2 0x555555642e71 in nni_thr_init /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/thread.c:121
#3 0x55555564e309 in nni_posix_pollq_create /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_pollq_epoll.c:386
#4 0x55555564e3f9 in nni_posix_pollq_sysinit /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_pollq_epoll.c:400
#5 0x55555564c13b in nni_plat_init /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/platform/posix/posix_thread.c:396
#6 0x55555562c78f in nni_init /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/core/init.c:58
#7 0x55555569592a in nng_mtx_alloc /home/jaylin/Projects/EdgeComputing/nanomq/nng/src/supplemental/util/platform.c:93
#8 0x5555555e0616 in log_init /home/jaylin/Projects/EdgeComputing/nanomq/nanomq/mqtt_api.c:223
#9 0x55555561590a in broker_start /home/jaylin/Projects/EdgeComputing/nanomq/nanomq/apps/broker.c:1565
#10 0x5555555e09bf in main /home/jaylin/Projects/EdgeComputing/nanomq/nanomq/nanomq.c:142
#11 0x7ffff6eded8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
==382476==ABORTING
To Reproduce
emqtt_bench pub -c 10 -i 5 -I 100 -p 1883 -t wangha/1 -s 40480
bridge nanomq to remote broker on topic wangha/1
** Environment Details **
The text was updated successfully, but these errors were encountered: