New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libasan read buffer overflow in filtercmp. #4534
Comments
Curious what the asan options are |
I just write what I used in my script! 😉
Some are mandatory, and some other are not.
Mandatory ones:
exitcode=0 define the exit code value when libasan detects a problem. it is
mandatory if memory_leak detection is enabled (otherwise the py.tests fails
at setup because ns-slapd exit code is 1 (because of memory leak is
reported when ns-slapd daemonize)
symbolize=1 to get symbol in report instead of addresses
Not so useful ones:
redzone=64 just define the length of the zone reserved after a memory block
(it is a trade off - too big leads to memory outage - too small and some
buffer overflow may be ignored)
quarantine_size_mb=512 (I forgot what it is exactly, (some resource maximum
size)) Irembember that I set it when having massive leaks during initials
backend redesign tests
detect_deadlocks=1 Would be useful in case of dead lock
…On Wed, Jan 13, 2021 at 1:08 AM Firstyear ***@***.***> wrote:
Curious what the asan options are exitcode=0 redzone=64
quarantine_size_mb=512 symbolize=1 detect_deadlocks=1. If these are
useful, we can set them as default options in lib389 for all tests :)
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#4534 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ARLA4LLBM4QGZNHBKKGX7MTSZTP7TANCNFSM4V7TZRSQ>
.
--
--
389 Directory Server Development Team
|
Ahh we also have some of these options in https://github.com/389ds/389-ds-base/blob/master/src/lib389/lib389/__init__.py#L1092 for our test cases. I think we need to leave exitcode=1 in lib389 at least so that CI "fails fast" but the redzone+quarantine may help? Thanks! |
Ok, so we still need to explicitly set up exitcode=0 to run py.tests |
do you mind posting the output with exitcode=1 of the pwdhash command manually? Generally we should be fixing these leaks .... |
It's the NSS leak I always see. I run into this every time I try and use asan with CI tests (hence it still fails for me without very intrusive hacking to work around it). |
Description: Fix copy and paste error in slapi_task_set_warning() relates: #4534 Reviewed by: mreynold(one line commit rule)
@mreynolds389 Okay, if that's the case, I think there is a way in LSAN to make a list of known leaks to ignore. I'll look into this today if I get the chance (but I'm under a pile of mail today :( ) |
@Firstyear: FYI there is not much information about the leak in ASAN output: ================================================================= Direct leak of 4097 byte(s) in 1 object(s) allocated from: SUMMARY: AddressSanitizer: 4097 byte(s) leaked in 1 allocation(s). |
@progier389, I think you're hitting #4479 (https://bugzilla.redhat.com/show_bug.cgi?id=1905581) |
@progier389 I don't have this leak occuring (maybe suse is on a different nspr version, I wouldn't be surprised). You can add suppressions so perhaps: https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer
The hard part will be in this case since we don't have the symbol name that is leaking, adding the suppression could be tricky. I'm going to assume here that you have all the nss/nspr debug infos installed? If the address of the leak never changes, perhaps try that as the suppression? |
Yes, nss debug info are installed (gdb found them). And gdb also shows that what is at the specified address when the leak is detected is not valid code, so IMHO the leak occurs in dynamically loaded code that got unloaded afterwards. And the address changed when I rebuilt the server ... |
This introduced some compiler warnings, can you please fix them:
|
Reopen to add a new PR to fix the compiler warning |
Mark fixed the warning the waring in issue #4093 ==> So closing again. |
Issue Description
libasan exits on a a read buffer overflow in slapi_filter_compare
code review shows that the first key size is used instead of the smallest size
Package Version and Platform:
Steps to Reproduce
Steps to reproduce the behavior:
export ASAN_OPTIONS="exitcode=0 redzone=64 quarantine_size_mb=512 symbolize=1 detect_deadlocks=1 log_path=$VARRUN/dirsrv/ns-slapd-$inst.asan"
4 Run py.tests $PWD/regression_test.py
See (in output) error: /usr/lib64/python3.8/site-packages/ldap/ldapobject.py:324: SERVER_DOWN
See in one of the asan log file:
==1359435==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x605000f9c9e9 at pc 0x7f36851a73f0 bp 0x7f36027f8e10 sp 0x7f36027f85b8
READ of size 12 at 0x605000f9c9e9 thread T16
#0 0x7f36851a73ef (/lib64/libasan.so.6+0x903ef)
pre compile and normalize search filter #1 0x7f36851a7b26 in memcmp (/lib64/libasan.so.6+0x90b26)
If node entries are tombstone'd, subordinate entries fail to get the full DN. #2 0x7f3684ed5b46 in slapi_filter_compare /home/progier/sb/tst1min/tst/source/389-ds-base/ldap/servers/slapd/filtercmp.c:379
...
The text was updated successfully, but these errors were encountered: