View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0004674 | GNUnet | cadet service | public | 2016-09-23 16:56 | 2018-06-07 00:24 |
Reporter | tg | Assigned To | Christian Grothoff | ||
Priority | urgent | Severity | crash | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | Git master | ||||
Target Version | 0.11.0pre66 | Fixed in Version | 0.11.0pre66 | ||
Summary | 0004674: CADET: use after free in GCC_debug() | ||||
Description | - | ||||
Steps To Reproduce | test_cadet_2_speed_reliable | ||||
Additional Information | ==23312== 1 errors in context 1 of 9: ==23312== Invalid read of size 8 ==23312== at 0x118B78: GCT_2s (gnunet-service-cadet_tunnel.c:3466) ==23312== by 0x1257CB: GCC_2s (gnunet-service-cadet_connection.c:3613) ==23312== by 0x1258CF: GCC_debug (gnunet-service-cadet_connection.c:3645) ==23312== by 0x11A4C5: conn_message_sent (gnunet-service-cadet_connection.c:712) ==23312== by 0x136DB2: call_peer_cont (gnunet-service-cadet_peer.c:1091) ==23312== by 0x136E1D: mq_sent (gnunet-service-cadet_peer.c:1113) ==23312== by 0x508A626: impl_send_continue (mq.c:454) ==23312== by 0x509E075: run_ready (scheduler.c:620) ==23312== by 0x509EA79: GNUNET_SCHEDULER_run (scheduler.c:887) ==23312== by 0x50AE8B4: GNUNET_SERVICE_run (service.c:1497) ==23312== by 0x13D765: main (gnunet-service-cadet.c:173) ==23312== Address 0x2323232323232323 is not stack'd, malloc'd or (recently) free'd ==23312== ==23312== ==23312== 1 errors in context 2 of 9: ==23312== Invalid read of size 8 ==23312== at 0x1257C1: GCC_2s (gnunet-service-cadet_connection.c:3614) ==23312== by 0x1258CF: GCC_debug (gnunet-service-cadet_connection.c:3645) ==23312== by 0x11A4C5: conn_message_sent (gnunet-service-cadet_connection.c:712) ==23312== by 0x136DB2: call_peer_cont (gnunet-service-cadet_peer.c:1091) ==23312== by 0x136E1D: mq_sent (gnunet-service-cadet_peer.c:1113) ==23312== by 0x508A626: impl_send_continue (mq.c:454) ==23312== by 0x509E075: run_ready (scheduler.c:620) ==23312== by 0x509EA79: GNUNET_SCHEDULER_run (scheduler.c:887) ==23312== by 0x50AE8B4: GNUNET_SERVICE_run (service.c:1497) ==23312== by 0x13D765: main (gnunet-service-cadet.c:173) ==23312== Address 0x83ff4b0 is 0 bytes inside a block of size 272 free'd ==23312== at 0x4C2AD4A: free (in /nix/store/5azp62mkgdkqbwc0ss3xqwz2ngnjxc0m-valgrind-3.11.0/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==23312== by 0x505693D: GNUNET_xfree_ (common_allocation.c:321) ==23312== by 0x122A5E: GCC_destroy (gnunet-service-cadet_connection.c:2878) ==23312== by 0x11D45A: connection_timeout (gnunet-service-cadet_connection.c:1507) ==23312== by 0x11D529: connection_bck_timeout (gnunet-service-cadet_connection.c:1543) ==23312== by 0x509E075: run_ready (scheduler.c:620) ==23312== by 0x509EA79: GNUNET_SCHEDULER_run (scheduler.c:887) ==23312== by 0x50AE8B4: GNUNET_SERVICE_run (service.c:1497) ==23312== by 0x13D765: main (gnunet-service-cadet.c:173) ==23312== Block was alloc'd at ==23312== at 0x4C29C30: malloc (in /nix/store/5azp62mkgdkqbwc0ss3xqwz2ngnjxc0m-valgrind-3.11.0/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==23312== by 0x50565CE: GNUNET_xmalloc_unchecked_ (common_allocation.c:219) ==23312== by 0x5055EEE: GNUNET_xmalloc_ (common_allocation.c:75) ==23312== by 0x1221F1: GCC_new (gnunet-service-cadet_connection.c:2769) ==23312== by 0x1173FA: GCT_use_path (gnunet-service-cadet_tunnel.c:2900) ==23312== by 0x137E46: GCP_connect (gnunet-service-cadet_peer.c:1410) ==23312== by 0x134F0C: core_connect_handler (gnunet-service-cadet_peer.c:364) ==23312== by 0x56F4A82: connect_peer (core_api_2.c:447) ==23312== by 0x56F50A9: handle_connect_notify (core_api_2.c:540) ==23312== by 0x50899F9: GNUNET_MQ_inject_message (mq.c:282) ==23312== by 0x508B337: handle_client_message (mq.c:760) ==23312== by 0x50538E2: receive_task (client.c:610) ==23312== ==23312== ==23312== 1 errors in context 3 of 9: ==23312== Invalid read of size 8 ==23312== at 0x1257B5: GCC_2s (gnunet-service-cadet_connection.c:3609) ==23312== by 0x1258CF: GCC_debug (gnunet-service-cadet_connection.c:3645) ==23312== by 0x11A4C5: conn_message_sent (gnunet-service-cadet_connection.c:712) ==23312== by 0x136DB2: call_peer_cont (gnunet-service-cadet_peer.c:1091) ==23312== by 0x136E1D: mq_sent (gnunet-service-cadet_peer.c:1113) ==23312== by 0x508A626: impl_send_continue (mq.c:454) ==23312== by 0x509E075: run_ready (scheduler.c:620) ==23312== by 0x509EA79: GNUNET_SCHEDULER_run (scheduler.c:887) ==23312== by 0x50AE8B4: GNUNET_SERVICE_run (service.c:1497) ==23312== by 0x13D765: main (gnunet-service-cadet.c:173) ==23312== Address 0x83ff4b0 is 0 bytes inside a block of size 272 free'd ==23312== at 0x4C2AD4A: free (in /nix/store/5azp62mkgdkqbwc0ss3xqwz2ngnjxc0m-valgrind-3.11.0/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==23312== by 0x505693D: GNUNET_xfree_ (common_allocation.c:321) ==23312== by 0x122A5E: GCC_destroy (gnunet-service-cadet_connection.c:2878) ==23312== by 0x11D45A: connection_timeout (gnunet-service-cadet_connection.c:1507) ==23312== by 0x11D529: connection_bck_timeout (gnunet-service-cadet_connection.c:1543) ==23312== by 0x509E075: run_ready (scheduler.c:620) ==23312== by 0x509EA79: GNUNET_SCHEDULER_run (scheduler.c:887) ==23312== by 0x50AE8B4: GNUNET_SERVICE_run (service.c:1497) ==23312== by 0x13D765: main (gnunet-service-cadet.c:173) ==23312== Block was alloc'd at ==23312== at 0x4C29C30: malloc (in /nix/store/5azp62mkgdkqbwc0ss3xqwz2ngnjxc0m-valgrind-3.11.0/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==23312== by 0x50565CE: GNUNET_xmalloc_unchecked_ (common_allocation.c:219) ==23312== by 0x5055EEE: GNUNET_xmalloc_ (common_allocation.c:75) ==23312== by 0x1221F1: GCC_new (gnunet-service-cadet_connection.c:2769) ==23312== by 0x1173FA: GCT_use_path (gnunet-service-cadet_tunnel.c:2900) ==23312== by 0x137E46: GCP_connect (gnunet-service-cadet_peer.c:1410) ==23312== by 0x134F0C: core_connect_handler (gnunet-service-cadet_peer.c:364) ==23312== by 0x56F4A82: connect_peer (core_api_2.c:447) ==23312== by 0x56F50A9: handle_connect_notify (core_api_2.c:540) ==23312== by 0x50899F9: GNUNET_MQ_inject_message (mq.c:282) ==23312== by 0x508B337: handle_client_message (mq.c:760) ==23312== by 0x50538E2: receive_task (client.c:610) ==23312== ==23312== ==23312== 6 errors in context 4 of 9: ==23312== Syscall param socketcall.sendto(msg) points to uninitialised byte(s) ==23312== at 0x75821ED: send (in /nix/store/gwl3ppqj4i730nhd4f50ncl5jc4n97ks-glibc-2.23/lib/libc-2.23.so) ==23312== by 0x508F5FA: GNUNET_NETWORK_socket_send (network.c:903) ==23312== by 0x5062940: transmit_ready (connection.c:1457) ==23312== by 0x509E075: run_ready (scheduler.c:620) ==23312== by 0x509EA79: GNUNET_SCHEDULER_run (scheduler.c:887) ==23312== by 0x50AE8B4: GNUNET_SERVICE_run (service.c:1497) ==23312== by 0x13D765: main (gnunet-service-cadet.c:173) ==23312== Address 0x80331dc is 60 bytes inside a block of size 160 alloc'd ==23312== at 0x4C2BB7D: realloc (in /nix/store/5azp62mkgdkqbwc0ss3xqwz2ngnjxc0m-valgrind-3.11.0/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==23312== by 0x5056649: GNUNET_xrealloc_ (common_allocation.c:255) ==23312== by 0x50626BC: transmit_ready (connection.c:1443) ==23312== by 0x509E075: run_ready (scheduler.c:620) ==23312== by 0x509EA79: GNUNET_SCHEDULER_run (scheduler.c:887) ==23312== by 0x50AE8B4: GNUNET_SERVICE_run (service.c:1497) ==23312== by 0x13D765: main (gnunet-service-cadet.c:173) ==23312== Uninitialised value was created by a stack allocation ==23312== at 0x124680: GCC_send_create (gnunet-service-cadet_connection.c:3391) ==23312== | ||||
Tags | No tags attached. | ||||
Date Modified | Username | Field | Change |
---|---|---|---|
2016-09-23 16:56 | tg | New Issue | |
2016-09-23 16:56 | tg | Status | new => assigned |
2016-09-23 16:56 | tg | Assigned To | => Bart Polot |
2016-09-24 22:36 | Christian Grothoff | Priority | normal => urgent |
2017-02-21 18:27 | Christian Grothoff | Assigned To | Bart Polot => Christian Grothoff |
2017-02-21 18:27 | Christian Grothoff | Status | assigned => resolved |
2017-02-21 18:27 | Christian Grothoff | Resolution | open => fixed |
2017-02-21 18:27 | Christian Grothoff | Fixed in Version | => 0.11.0pre66 |
2017-02-21 18:27 | Christian Grothoff | Note Added: 0011808 | |
2017-02-21 18:27 | Christian Grothoff | Target Version | => 0.11.0pre66 |
2018-06-07 00:24 | Christian Grothoff | Status | resolved => closed |