View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0002371GNUnetutil librarypublic2012-05-23 12:012012-06-02 19:15
ReporterMatthias Wachs Assigned To 
PriorityhighSeveritycrashReproducibilitysometimes
Status closedResolutionfixed 
Product VersionGit master 
Target Version0.9.3Fixed in Version0.9.3 
Summary0002371: Memory corruption: server's client MST destroyed in callback
DescriptionRevision 21562:

server's client->mst gets distroyed in in client_message_tokenizer_callback due to
GNUNET_SERVER_client_disconnect

server_mst.c 264
mst->cb (mst->cb_cls, client_identity, hdr);

After callback, mst's memory access crashes due to free


==17584== Invalid read of size 8
==17584== at 0x5080DD0: GNUNET_SERVER_mst_receive (server_mst.c:286)
==17584== by 0x507E57F: process_incoming (server.c:1053)
==17584== by 0x5053436: receive_ready (connection.c:1055)
==17584== by 0x5079FA4: run_ready (scheduler.c:602)
==17584== by 0x507A7AD: GNUNET_SCHEDULER_run (scheduler.c:790)
==17584== by 0x508916F: GNUNET_SERVICE_run (service.c:1773)
==17584== by 0x402A29: main (gnunet-service-ats.c:185)
==17584== Address 0x72db550 is 32 bytes inside a block of size 48 free'd
==17584== at 0x4C282ED: free (vg_replace_malloc.c:366)
==17584== by 0x504A9DB: GNUNET_xfree_ (common_allocation.c:201)
==17584== by 0x5080EF5: GNUNET_SERVER_mst_destroy (server_mst.c:309)
==17584== by 0x507F7BF: GNUNET_SERVER_client_disconnect (server.c:1359)
==17584== by 0x507E9BC: client_message_tokenizer_callback (server.c:1123)
==17584== by 0x5080C21: GNUNET_SERVER_mst_receive (server_mst.c:264)
==17584== by 0x507E57F: process_incoming (server.c:1053)
==17584== by 0x5053436: receive_ready (connection.c:1055)
==17584== by 0x5079FA4: run_ready (scheduler.c:602)
==17584== by 0x507A7AD: GNUNET_SCHEDULER_run (scheduler.c:790)
==17584== by 0x508916F: GNUNET_SERVICE_run (service.c:1773)
==17584== by 0x402A29: main (gnunet-service-ats.c:185)
==17584==
==17584== Invalid write of size 8
==17584== at 0x5080DE2: GNUNET_SERVER_mst_receive (server_mst.c:286)
==17584== by 0x507E57F: process_incoming (server.c:1053)
==17584== by 0x5053436: receive_ready (connection.c:1055)
==17584== by 0x5079FA4: run_ready (scheduler.c:602)
==17584== by 0x507A7AD: GNUNET_SCHEDULER_run (scheduler.c:790)
==17584== by 0x508916F: GNUNET_SERVICE_run (service.c:1773)
==17584== by 0x402A29: main (gnunet-service-ats.c:185)
==17584== Address 0x72db550 is 32 bytes inside a block of size 48 free'd
==17584== at 0x4C282ED: free (vg_replace_malloc.c:366)
==17584== by 0x504A9DB: GNUNET_xfree_ (common_allocation.c:201)
==17584== by 0x5080EF5: GNUNET_SERVER_mst_destroy (server_mst.c:309)
==17584== by 0x507F7BF: GNUNET_SERVER_client_disconnect (server.c:1359)
==17584== by 0x507E9BC: client_message_tokenizer_callback (server.c:1123)
==17584== by 0x5080C21: GNUNET_SERVER_mst_receive (server_mst.c:264)
==17584== by 0x507E57F: process_incoming (server.c:1053)
==17584== by 0x5053436: receive_ready (connection.c:1055)
==17584== by 0x5079FA4: run_ready (scheduler.c:602)
==17584== by 0x507A7AD: GNUNET_SCHEDULER_run (scheduler.c:790)
==17584== by 0x508916F: GNUNET_SERVICE_run (service.c:1773)
==17584== by 0x402A29: main (gnunet-service-ats.c:185)
Additional Information==17584== Invalid read of size 8
==17584== at 0x5080DD0: GNUNET_SERVER_mst_receive (server_mst.c:286)
==17584== by 0x507E57F: process_incoming (server.c:1053)
==17584== by 0x5053436: receive_ready (connection.c:1055)
==17584== by 0x5079FA4: run_ready (scheduler.c:602)
==17584== by 0x507A7AD: GNUNET_SCHEDULER_run (scheduler.c:790)
==17584== by 0x508916F: GNUNET_SERVICE_run (service.c:1773)
==17584== by 0x402A29: main (gnunet-service-ats.c:185)
==17584== Address 0x72db550 is 32 bytes inside a block of size 48 free'd
==17584== at 0x4C282ED: free (vg_replace_malloc.c:366)
==17584== by 0x504A9DB: GNUNET_xfree_ (common_allocation.c:201)
==17584== by 0x5080EF5: GNUNET_SERVER_mst_destroy (server_mst.c:309)
==17584== by 0x507F7BF: GNUNET_SERVER_client_disconnect (server.c:1359)
==17584== by 0x507E9BC: client_message_tokenizer_callback (server.c:1123)
==17584== by 0x5080C21: GNUNET_SERVER_mst_receive (server_mst.c:264)
==17584== by 0x507E57F: process_incoming (server.c:1053)
==17584== by 0x5053436: receive_ready (connection.c:1055)
==17584== by 0x5079FA4: run_ready (scheduler.c:602)
==17584== by 0x507A7AD: GNUNET_SCHEDULER_run (scheduler.c:790)
==17584== by 0x508916F: GNUNET_SERVICE_run (service.c:1773)
==17584== by 0x402A29: main (gnunet-service-ats.c:185)
==17584==
==17584== Invalid write of size 8
==17584== at 0x5080DE2: GNUNET_SERVER_mst_receive (server_mst.c:286)
==17584== by 0x507E57F: process_incoming (server.c:1053)
==17584== by 0x5053436: receive_ready (connection.c:1055)
==17584== by 0x5079FA4: run_ready (scheduler.c:602)
==17584== by 0x507A7AD: GNUNET_SCHEDULER_run (scheduler.c:790)
==17584== by 0x508916F: GNUNET_SERVICE_run (service.c:1773)
==17584== by 0x402A29: main (gnunet-service-ats.c:185)
==17584== Address 0x72db550 is 32 bytes inside a block of size 48 free'd
==17584== at 0x4C282ED: free (vg_replace_malloc.c:366)
==17584== by 0x504A9DB: GNUNET_xfree_ (common_allocation.c:201)
==17584== by 0x5080EF5: GNUNET_SERVER_mst_destroy (server_mst.c:309)
==17584== by 0x507F7BF: GNUNET_SERVER_client_disconnect (server.c:1359)
==17584== by 0x507E9BC: client_message_tokenizer_callback (server.c:1123)
==17584== by 0x5080C21: GNUNET_SERVER_mst_receive (server_mst.c:264)
==17584== by 0x507E57F: process_incoming (server.c:1053)
==17584== by 0x5053436: receive_ready (connection.c:1055)
==17584== by 0x5079FA4: run_ready (scheduler.c:602)
==17584== by 0x507A7AD: GNUNET_SCHEDULER_run (scheduler.c:790)
==17584== by 0x508916F: GNUNET_SERVICE_run (service.c:1773)
==17584== by 0x402A29: main (gnunet-service-ats.c:185)
TagsNo tags attached.

Activities

Matthias Wachs

2012-05-24 10:45

reporter   ~0005936

fixed with in 21567

Issue History

Date Modified Username Field Change
2012-05-23 12:01 Matthias Wachs New Issue
2012-05-24 10:45 Matthias Wachs Note Added: 0005936
2012-05-24 10:45 Matthias Wachs Status new => resolved
2012-05-24 10:45 Matthias Wachs Resolution open => fixed
2012-05-27 18:33 Christian Grothoff Fixed in Version => 0.9.3
2012-05-27 18:33 Christian Grothoff Target Version => 0.9.3
2012-06-02 19:15 Christian Grothoff Status resolved => closed