View Issue Details

IDProjectCategoryView StatusLast Update
0005082GNUnetrevocation servicepublic2018-06-07 00:24
ReporteramatusAssigned ToChristian Grothoff 
PrioritynormalSeveritycrashReproducibilityhave not tried
Status closedResolutionfixed 
Product VersionSVN HEAD 
Target Version0.11.0pre66Fixed in Version0.11.0pre66 
Summary0005082: heap-use-after-free on shutdown
DescriptionI ran gnunet-arm -e on my node that had been running for a few days and hit this heap-use-after-free. See additional information.
Additional Information==29538==ERROR: AddressSanitizer: heap-use-after-free on address 0x6060000270e8
at pc 0x7feb7601a3e0 bp 0x7ffcc04f9c80 sp 0x7ffcc04f9c78
READ of size 1 at 0x6060000270e8 thread T0
    #0 0x7feb7601a3df in GNUNET_STRINGS_data_to_string /root/gnunet/src/util/str
ings.c:925
    #1 0x7feb75fb4aa9 in GNUNET_CRYPTO_eddsa_public_key_to_string /root/gnunet/s
rc/util/crypto_ecc.c:342
    #2 0x7feb75f8bfe9 in GNUNET_i2s /root/gnunet/src/util/common_logging.c:1214
    #3 0x40393e in add_revocation /root/gnunet/src/revocation/gnunet-service-rev
ocation.c:472
    #4 0x7feb76482551 in handle_client_set_error /root/gnunet/src/set/set_api.c:560
    #5 0x7feb75fe03c9 in GNUNET_MQ_inject_error /root/gnunet/src/util/mq.c:295
    #6 0x7feb75f83ff5 in receive_ready /root/gnunet/src/util/client.c:404
    #7 0x7feb76002c3e in run_ready /root/gnunet/src/util/scheduler.c:670
    #8 0x7feb760038fd in GNUNET_SCHEDULER_run /root/gnunet/src/util/scheduler.c:937
    #9 0x7feb76012082 in GNUNET_SERVICE_run_ /root/gnunet/src/util/service.c:1846
    #10 0x4053a2 in main /root/gnunet/src/revocation/gnunet-service-revocation.c:922
    #11 0x7feb758bdb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
    #12 0x402268 (/opt/gnunet/lib/gnunet/libexec/gnunet-service-revocation+0x402268)

0x6060000270e8 is located 8 bytes inside of 56-byte region [0x6060000270e0,0x606000027118)
freed by thread T0 here:
    #0 0x7feb76aed527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
    #1 0x7feb75f87dc3 in GNUNET_xfree_ /root/gnunet/src/util/common_allocation.c:330
    #2 0x4043ec in handle_core_disconnect /root/gnunet/src/revocation/gnunet-service-revocation.c:632
    #3 0x7feb7668d1be in disconnect_and_free_peer_entry /root/gnunet/src/core/core_api.c:198
    #4 0x7feb7668f908 in handle_disconnect_notify /root/gnunet/src/core/core_api.c:588
    #5 0x7feb75fe00e9 in GNUNET_MQ_inject_message /root/gnunet/src/util/mq.c:252
    #6 0x7feb75f835a1 in recv_message /root/gnunet/src/util/client.c:315
    #7 0x7feb75fdf10e in GNUNET_MST_from_buffer /root/gnunet/src/util/mst.c:232
    #8 0x7feb75fdfbfc in GNUNET_MST_read /root/gnunet/src/util/mst.c:359
    #9 0x7feb75f83fa1 in receive_ready /root/gnunet/src/util/client.c:397
    #10 0x7feb76002c3e in run_ready /root/gnunet/src/util/scheduler.c:670
    #11 0x7feb760038fd in GNUNET_SCHEDULER_run /root/gnunet/src/util/scheduler.c:937
    #12 0x7feb76012082 in GNUNET_SERVICE_run_ /root/gnunet/src/util/service.c:1846
    #13 0x4053a2 in main /root/gnunet/src/revocation/gnunet-service-revocation.c:922
    #14 0x7feb758bdb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)

previously allocated by thread T0 here:
    #0 0x7feb76aed73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
    #1 0x7feb75f87a7a in GNUNET_xmalloc_unchecked_ /root/gnunet/src/util/common_allocation.c:227
    #2 0x7feb75f87214 in GNUNET_xmalloc_ /root/gnunet/src/util/common_allocation.c:75
    #3 0x402355 in new_peer_entry /root/gnunet/src/revocation/gnunet-service-revocation.c:151
    #4 0x403f20 in handle_core_connect /root/gnunet/src/revocation/gnunet-service-revocation.c:572
    #5 0x7feb7668eb63 in connect_peer /root/gnunet/src/core/core_api.c:456
    #6 0x7feb7668f52b in handle_connect_notify /root/gnunet/src/core/core_api.c:549
    #7 0x7feb75fe00e9 in GNUNET_MQ_inject_message /root/gnunet/src/util/mq.c:252
    #8 0x7feb75f835a1 in recv_message /root/gnunet/src/util/client.c:315
    #9 0x7feb75fdf10e in GNUNET_MST_from_buffer /root/gnunet/src/util/mst.c:232
    #10 0x7feb75fdfbfc in GNUNET_MST_read /root/gnunet/src/util/mst.c:359
    #11 0x7feb75f83fa1 in receive_ready /root/gnunet/src/util/client.c:397
    #12 0x7feb76002c3e in run_ready /root/gnunet/src/util/scheduler.c:670
    #13 0x7feb760038fd in GNUNET_SCHEDULER_run /root/gnunet/src/util/scheduler.c:937
    #14 0x7feb76012082 in GNUNET_SERVICE_run_ /root/gnunet/src/util/service.c:1846
    #15 0x4053a2 in main /root/gnunet/src/revocation/gnunet-service-revocation.c:922
    #16 0x7feb758bdb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)

SUMMARY: AddressSanitizer: heap-use-after-free /root/gnunet/src/util/strings.c:925 GNUNET_STRINGS_data_to_string
Shadow bytes around the buggy address:
  0x0c0c7fffcdc0: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fa
  0x0c0c7fffcdd0: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
  0x0c0c7fffcde0: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
  0x0c0c7fffcdf0: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fa
  0x0c0c7fffce00: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
=>0x0c0c7fffce10: 00 00 00 00 00 00 00 00 fa fa fa fa fd[fd]fd fd
  0x0c0c7fffce20: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c0c7fffce30: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
  0x0c0c7fffce40: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
  0x0c0c7fffce50: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c0c7fffce60: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Heap right redzone: fb
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack partial redzone: f4
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  Contiguous container OOB:fc
  ASan internal: fe
==29538==ABORTING
TagsNo tags attached.

Activities

Christian Grothoff

2017-07-04 10:22

manager   ~0012302

Should be fixed with Git dcf86b6d0f1caf789342c9903a16b2c44a1621cc

Issue History

Date Modified Username Field Change
2017-06-13 03:52 amatus New Issue
2017-07-04 10:22 Christian Grothoff Assigned To => Christian Grothoff
2017-07-04 10:22 Christian Grothoff Status new => resolved
2017-07-04 10:22 Christian Grothoff Resolution open => fixed
2017-07-04 10:22 Christian Grothoff Fixed in Version => 0.11.0pre66
2017-07-04 10:22 Christian Grothoff Note Added: 0012302
2017-07-04 10:22 Christian Grothoff Target Version => 0.11.0pre66
2018-06-07 00:24 Christian Grothoff Status resolved => closed