View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0003288 | GNUnet | transport service | public | 2014-01-30 13:34 | 2014-04-08 16:41 |
Reporter | Christian Grothoff | Assigned To | Matthias Wachs | ||
Priority | normal | Severity | crash | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | Git master | ||||
Target Version | 0.10.1 | Fixed in Version | 0.10.1 | ||
Summary | 0003288: write after free reported by valgrind | ||||
Description | ==16247== Invalid write of size 8 ==16247== at 0x40F68A: GST_neighbours_switch_to_address (gnunet-service-transport_neighbours.c:2604) ==16247== by 0x5041FE7: process_ats_message (ats_api_scheduling.c:660) ==16247== by 0x586D954: receive_task (client.c:595) ==16247== by 0x589CF51: GNUNET_SCHEDULER_run (scheduler.c:595) ==16247== by 0x58A6987: GNUNET_SERVICE_run (service.c:1490) ==16247== by 0x403688: main (gnunet-service-transport.c:961) ==16247== Address 0x9e6d7e0 is 16 bytes inside a block of size 64 free'd ==16247== at 0x4C2A68C: free (vg_replace_malloc.c:446) ==16247== by 0x4077C2: GST_blacklist_test_allowed (gnunet-service-transport_blacklist.c:739) ==16247== by 0x40F689: GST_neighbours_switch_to_address (gnunet-service-transport_neighbours.c:2604) ==16247== by 0x5041FE7: process_ats_message (ats_api_scheduling.c:660) ==16247== by 0x586D954: receive_task (client.c:595) ==16247== by 0x589CF51: GNUNET_SCHEDULER_run (scheduler.c:595) ==16247== by 0x58A6987: GNUNET_SERVICE_run (service.c:1490) ==16247== by 0x403688: main (gnunet-service-transport.c:961) | ||||
Additional Information | Was just running a peer, doing nothing. | ||||
Tags | No tags attached. | ||||
|
Is fixed with revision 32116: GST_blacklist_test_allowed only returns a blc context if it has blacklist clients pending, otherwise it will return immediately call cont and return NULL. But the context blc_ctx is free'd in the continuation, so if NULL is returned, this is an invalid write. Change in rev 32116: + if (NULL != (blc = GST_blacklist_test_allowed (peer, address->transport_name, + &switch_address_bl_check_cont, blc_ctx))) + { + blc_ctx->blc = blc; + } |
Date Modified | Username | Field | Change |
---|---|---|---|
2014-01-30 13:34 | Christian Grothoff | New Issue | |
2014-01-30 13:34 | Christian Grothoff | Status | new => assigned |
2014-01-30 13:34 | Christian Grothoff | Assigned To | => Matthias Wachs |
2014-02-04 16:42 | Matthias Wachs | Note Added: 0008067 | |
2014-02-04 16:48 | Matthias Wachs | Note Edited: 0008067 | |
2014-02-04 16:48 | Matthias Wachs | Status | assigned => resolved |
2014-02-04 16:48 | Matthias Wachs | Resolution | open => fixed |
2014-04-08 16:39 | Christian Grothoff | Fixed in Version | => 0.10.1 |
2014-04-08 16:39 | Christian Grothoff | Target Version | => 0.10.1 |
2014-04-08 16:41 | Christian Grothoff | Status | resolved => closed |