View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002299 | GNUnet | ARM service | public | 2012-05-03 13:42 | 2012-06-02 19:15 |
| Reporter | Christian Grothoff | Assigned To | Christian Grothoff | ||
| Priority | immediate | Severity | crash | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | Git master | ||||
| Target Version | 0.9.3 | Fixed in Version | 0.9.3 | ||
| Summary | 0002299: ARM/server interaction results in use-after-free | ||||
| Description | ==28119== Invalid read of size 8 ==28119== at 0x4A6B6E9: GNUNET_SERVER_client_disconnect (server.c:1336) ==28119== by 0x4A6AD1F: GNUNET_SERVER_client_drop (server.c:1178) ==28119== by 0x40570C: transmit_shutdown_ack (gnunet-service-arm.c:1080) ==28119== by 0x4A6B7CB: transmit_ready_callback_wrapper (server.c:1380) ==28119== by 0x4A3FB96: process_notify (connection.c:1157) ==28119== by 0x4A40713: transmit_ready (connection.c:1288) ==28119== by 0x4A66334: run_ready (scheduler.c:602) ==28119== by 0x4A66B3D: GNUNET_SCHEDULER_run (scheduler.c:790) ==28119== by 0x4A747DE: GNUNET_SERVICE_run (service.c:1773) ==28119== by 0x4062FA: main (gnunet-service-arm.c:1304) ==28119== Address 0x607a8e0 is 80 bytes inside a block of size 112 free'd ==28119== at 0x4027AAE: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==28119== by 0x4A36BD2: GNUNET_xfree_ (common_allocation.c:201) ==28119== by 0x4A69BA8: GNUNET_SERVER_destroy (server.c:723) ==28119== by 0x404718: do_shutdown (gnunet-service-arm.c:771) ==28119== by 0x404C3F: shutdown_task (gnunet-service-arm.c:839) ==28119== by 0x4A66334: run_ready (scheduler.c:602) ==28119== by 0x4A66B3D: GNUNET_SCHEDULER_run (scheduler.c:790) ==28119== by 0x4A747DE: GNUNET_SERVICE_run (service.c:1773) ==28119== by 0x4062FA: main (gnunet-service-arm.c:1304) ==28119== ==28119== Invalid read of size 4 ==28119== at 0x4A694A2: test_monitor_clients (server.c:638) ==28119== by 0x4A6B747: GNUNET_SERVER_client_disconnect (server.c:1342) ==28119== by 0x4A6AD1F: GNUNET_SERVER_client_drop (server.c:1178) ==28119== by 0x40570C: transmit_shutdown_ack (gnunet-service-arm.c:1080) ==28119== by 0x4A6B7CB: transmit_ready_callback_wrapper (server.c:1380) ==28119== by 0x4A3FB96: process_notify (connection.c:1157) ==28119== by 0x4A40713: transmit_ready (connection.c:1288) ==28119== by 0x4A66334: run_ready (scheduler.c:602) ==28119== by 0x4A66B3D: GNUNET_SCHEDULER_run (scheduler.c:790) ==28119== by 0x4A747DE: GNUNET_SERVICE_run (service.c:1773) ==28119== by 0x4062FA: main (gnunet-service-arm.c:1304) ==28119== Address 0x607a8fc is 108 bytes inside a block of size 112 free'd ==28119== at 0x4027AAE: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==28119== by 0x4A36BD2: GNUNET_xfree_ (common_allocation.c:201) ==28119== by 0x4A69BA8: GNUNET_SERVER_destroy (server.c:723) ==28119== by 0x404718: do_shutdown (gnunet-service-arm.c:771) ==28119== by 0x404C3F: shutdown_task (gnunet-service-arm.c:839) ==28119== by 0x4A66334: run_ready (scheduler.c:602) ==28119== by 0x4A66B3D: GNUNET_SCHEDULER_run (scheduler.c:790) ==28119== by 0x4A747DE: GNUNET_SERVICE_run (service.c:1773) ==28119== by 0x4062FA: main (gnunet-service-arm.c:1304) ==28119== = | ||||
| Steps To Reproduce | run 'make check' in src/arm/ under valgrind... | ||||
| Tags | No tags attached. | ||||
|
|
Now something similar happens with stats (again, valgrinding 'make check'): ==31596== Command: /home/grothoff/bin//gnunet-service-statistics -L DEBUG -c test_statistics_api_data.conf ==31596== ==31596== Invalid read of size 8 ==31596== at 0x4C73598: GNUNET_SERVER_client_disconnect (server.c:1319) ==31596== by 0x4C726E4: process_incoming (server.c:1017) ==31596== by 0x4C47589: receive_ready (connection.c:1055) ==31596== by 0x4C6E334: run_ready (scheduler.c:602) ==31596== by 0x4C6EB3D: GNUNET_SCHEDULER_run (scheduler.c:790) ==31596== by 0x4C7C7FA: GNUNET_SERVICE_run (service.c:1773) ==31596== by 0x40424E: main (gnunet-service-statistics.c:847) ==31596== Address 0x6282cc8 is 8 bytes inside a block of size 136 free'd ==31596== at 0x4027AAE: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==31596== by 0x4C3EBD2: GNUNET_xfree_ (common_allocation.c:201) ==31596== by 0x4C73754: GNUNET_SERVER_client_disconnect (server.c:1340) ==31596== by 0x4C72D1F: GNUNET_SERVER_client_drop (server.c:1178) ==31596== by 0x4C75118: handle_client_disconnect (server_nc.c:189) ==31596== by 0x4C73552: GNUNET_SERVER_client_disconnect (server.c:1315) ==31596== by 0x4C726E4: process_incoming (server.c:1017) ==31596== by 0x4C47589: receive_ready (connection.c:1055) ==31596== by 0x4C6E334: run_ready (scheduler.c:602) ==31596== by 0x4C6EB3D: GNUNET_SCHEDULER_run (scheduler.c:790) ==31596== by 0x4C7C7FA: GNUNET_SERVICE_run (service.c:1773) ==31596== by 0x40424E: main (gnunet-service-statistics.c:847) ==31596== ==31596== Invalid write of size 8 ==31596== at 0x4C735A8: GNUNET_SERVER_client_disconnect (server.c:1320) ==31596== by 0x4C726E4: process_incoming (server.c:1017) ==31596== by 0x4C47589: receive_ready (connection.c:1055) ==31596== by 0x4C6E334: run_ready (scheduler.c:602) ==31596== by 0x4C6EB3D: GNUNET_SCHEDULER_run (scheduler.c:790) ==31596== by 0x4C7C7FA: GNUNET_SERVICE_run (service.c:1773) ==31596== by 0x40424E: main (gnunet-service-statistics.c:847) ==31596== Address 0x6282cc8 is 8 bytes inside a block of size 136 free'd ==31596== at 0x4027AAE: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==31596== by 0x4C3EBD2: GNUNET_xfree_ (common_allocation.c:201) ==31596== by 0x4C73754: GNUNET_SERVER_client_disconnect (server.c:1340) ==31596== by 0x4C72D1F: GNUNET_SERVER_client_drop (server.c:1178) ==31596== by 0x4C75118: handle_client_disconnect (server_nc.c:189) ==31596== by 0x4C73552: GNUNET_SERVER_client_disconnect (server.c:1315) ==31596== by 0x4C726E4: process_incoming (server.c:1017) ==31596== by 0x4C47589: receive_ready (connection.c:1055) ==31596== by 0x4C6E334: run_ready (scheduler.c:602) ==31596== by 0x4C6EB3D: GNUNET_SCHEDULER_run (scheduler.c:790) ==31596== by 0x4C7C7FA: GNUNET_SERVICE_run (service.c:1773) ==31596== by 0x40424E: main (gnunet-service-statistics.c:847) ==31596== |
|
|
Should be fixed in SVN 21249. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2012-05-03 13:42 | Christian Grothoff | New Issue | |
| 2012-05-03 13:42 | Christian Grothoff | Status | new => assigned |
| 2012-05-03 13:42 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2012-05-03 14:31 | Christian Grothoff | Note Added: 0005772 | |
| 2012-05-03 16:04 | Christian Grothoff | Note Added: 0005773 | |
| 2012-05-03 16:04 | Christian Grothoff | Status | assigned => resolved |
| 2012-05-03 16:04 | Christian Grothoff | Fixed in Version | => 0.9.3 |
| 2012-05-03 16:04 | Christian Grothoff | Resolution | open => fixed |
| 2012-06-02 19:15 | Christian Grothoff | Status | resolved => closed |
