0003679: gnunet-service-transport crash (use after free) - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0003679	GNUnet	transport service	public	2015-02-11 21:21	2018-06-07 00:25

Reporter	Christian Grothoff	Assigned To	Christian Grothoff
Priority	urgent	Severity	crash	Reproducibility	have not tried
Status	closed	Resolution	unable to reproduce
Platform	i7	OS	Debian GNU/Linux	OS Version	squeeze
Product Version	Git master
Target Version	0.11.0pre66	Fixed in Version	0.11.0pre66

Summary	0003679: gnunet-service-transport crash (use after free)
Description	(gdb) ba #0 0x0000000000411cfa in free_neighbour (n=0x2285290) at gnunet-service-transport_neighbours.c:956 #1 0x000000000041a64a in delayed_disconnect (cls=0x2285290, tc=0x7fff5ccb48b0) at gnunet-service-transport_neighbours.c:3546 #2 0x00007f2b6b31c711 in run_ready (rs=0x222f820, ws=0x222fcb0) at scheduler.c:587 #3 0x00007f2b6b31cf95 in GNUNET_SCHEDULER_run (task=0x7f2b6b329948 <service_task>, task_cls=0x7fff5ccb4c30) at scheduler.c:816 #4 0x00007f2b6b32b681 in GNUNET_SERVICE_run (argc=3, argv=0x7fff5ccb4eb8, service_name=0x422d8c "transport", options=GNUNET_SERVICE_OPTION_NONE, task=0x406628 <run>, task_cls=0x0) at service.c:1503 #5 0x0000000000406d06 in main (argc=3, argv=0x7fff5ccb4eb8) at gnunet-service-transport.c:1049 (gdb) print *n $4 = {messages_head = 0x22d72e0, messages_tail = 0x7f2b6afc3678 <main_arena+88>, is_active = 0x0, primary_address = { session = 0xdf0adba0df0adba, address = 0xdf0adba0df0adba, connect_timestamp = {abs_value_us = 1004493731513019834}, bandwidth_in = { value__ = 233876922}, bandwidth_out = {value__ = 233876922}, ats_active = 233876922, keep_alive_nonce = 233876922}, alternative_address = {session = 0xdf0adba0df0adba, address = 0xdf0adba0df0adba, connect_timestamp = { abs_value_us = 1004493731513019834}, bandwidth_in = {value__ = 233876922}, bandwidth_out = {value__ = 233876922}, ats_active = 233876922, keep_alive_nonce = 233876922}, id = {public_key = { q_y = "\272\255\360\r\272\255\360\r\272\255\360\r\272\255\360\r\272\255\360\r\272\255\360\r\272\255\360\r\272\255\360\r"}}, task = 0xdf0adba0df0adba, delayed_disconnect_task = 0x0, keep_alive_time = {abs_value_us = 1004493731513019834}, last_keep_alive_time = {abs_value_us = 1004493731513019834}, connect_ack_timestamp = {abs_value_us = 1004493731513019834}, suggest_handle = 0xdf0adba0df0adba, timeout = {abs_value_us = 1004493731513019834}, in_tracker = {update_cb_cls = 0xdf0adba0df0adba, update_cb = 0xdf0adba0df0adba, excess_cb_cls = 0xdf0adba0df0adba, excess_cb = 0xdf0adba0df0adba, consumption_since_last_update__ = 1004493731513019834, excess_task = 0xdf0adba0df0adba, last_update__ = { abs_value_us = 1004493731513019834}, available_bytes_per_s__ = 233876922, max_carry_s__ = 233876922}, quota_violation_count = 233876922, state = 233876922, expect_latency_response = 233876922, ack_state = (ACK_SEND_ACK \| unknown: 233876920), util_total_bytes_sent = 233876922, util_total_bytes_recv = 233876922, last_util_transmission = {abs_value_us = 1004493731513019834}}
Steps To Reproduce	Let a peer running for a bit.
Tags	No tags attached.

Date Modified	Username	Field	Change
2015-02-11 21:21	Christian Grothoff	New Issue
2015-02-11 21:21	Christian Grothoff	Status	new => assigned
2015-02-11 21:21	Christian Grothoff	Assigned To	=> Christian Grothoff
2015-02-12 21:16	Christian Grothoff	Assigned To	Christian Grothoff =>
2015-02-12 21:16	Christian Grothoff	Status	assigned => confirmed
2015-02-28 18:30	Christian Grothoff	Note Added: 0008946
2015-02-28 18:30	Christian Grothoff	Status	confirmed => resolved
2015-02-28 18:30	Christian Grothoff	Fixed in Version	=> 0.11.0pre66
2015-02-28 18:30	Christian Grothoff	Resolution	open => fixed
2015-02-28 18:30	Christian Grothoff	Assigned To	=> Christian Grothoff
2015-02-28 18:30	Christian Grothoff	Resolution	fixed => unable to reproduce
2015-02-28 18:30	Christian Grothoff	Target Version	=> 0.11.0pre66
2018-06-07 00:25	Christian Grothoff	Status	resolved => closed