ASAN: heap-buffer-overflow in meta_test_base.h #376

foreverneverer · 2020-01-08T08:16:39Z

GTEST_FILTER="meta_app_envs_test.set_slow_query_threshold" ./dsn.meta.test reports heap-buffer-overflow

==13822==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60b000026880 at pc 0x0000007c4291 bp 0x7fd7f4ffe680 sp 0x7fd7f4ffe670
READ of size 4 at 0x60b000026880 thread T23 (test_meta.THREA)
    #0 0x7c4290 in dsn::replication::simple_load_balancer::simple_load_balancer(dsn::replication::meta_service*) /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/meta_server/server_load_balancer.h:235
    #1 0x7c4290 in dsn::replication::server_load_balancer* dsn::replication::server_load_balancer::create<dsn::replication::simple_load_balancer>(dsn::replication::meta_service*) /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/meta_server/server_load_balancer.h:60
    #2 0x5d2ae2 in dsn::replication::server_load_balancer* dsn::utils::factory_store<dsn::replication::server_load_balancer>::create<dsn::replication::meta_test_base*>(char const*, dsn::provider_type, dsn::replication::meta_test_base*) /home/mi/work/PegasusDB/pegasus/rdsn/include/dsn/utility/factory_store.h:122
    #3 0x5d2ae2 in dsn::replication::meta_test_base::SetUp() /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/test/meta_test/unit_test/meta_test_base.h:24
    #4 0x5d3880 in dsn::replication::meta_app_envs_test::SetUp() /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/test/meta_test/unit_test/meta_app_envs_test.cpp:38
    #5 0xcc4df2 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcc4df2)
    #6 0xcbe812 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcbe812)
    #7 0xca21ba in testing::Test::Run() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xca21ba)
    #8 0xca2ba5 in testing::TestInfo::Run() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xca2ba5)
    #9 0xca3298 in testing::TestCase::Run() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xca3298)
    #10 0xcaa3df in testing::internal::UnitTestImpl::RunAllTests() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcaa3df)
    #11 0xcc63bc in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcc63bc)
    #12 0xcbf5e6 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcbf5e6)
    #13 0xca8e7b in testing::UnitTest::Run() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xca8e7b)
    #14 0x5c4865 in RUN_ALL_TESTS() /home/mi/work/PegasusDB/pegasus/rdsn/thirdparty/output/include/gtest/gtest.h:2233
    #15 0x5c4865 in dsn::replication::meta_service_test_app::start(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/test/meta_test/unit_test/main.cpp:77
    #16 0xaa6860 in dsn::service_node::start_app() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/service_engine.cpp:94
    #17 0xafec15 in dsn::service_control_task::exec() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/tool_api.cpp:60
    #18 0xac3d5f in dsn::task::exec_internal() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/task.cpp:180
    #19 0xaf6527 in dsn::task_worker::loop() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/task_worker.cpp:211
    #20 0xaf6cab in dsn::task_worker::run_internal() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/task_worker.cpp:191
    #21 0x7fd804131c7f  (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
    #22 0x7fd8044026b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
    #23 0x7fd80389741c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)

AddressSanitizer can not describe address in more detail (wild memory access suspected).
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/meta_server/server_load_balancer.h:235 dsn::replication::simple_load_balancer::simple_load_balancer(dsn::replication::meta_service*)
Shadow bytes around the buggy address:
  0x0c167fffccc0: fa fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd
  0x0c167fffccd0: fd fd fd fd fa fa fa fa fa fa fa fa 00 00 00 00
  0x0c167fffcce0: 00 00 00 00 00 00 00 00 00 02 fa fa fa fa fa fa
  0x0c167fffccf0: fa fa 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
  0x0c167fffcd00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c167fffcd10:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c167fffcd20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c167fffcd30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c167fffcd40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c167fffcd50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c167fffcd60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
Thread T23 (test_meta.THREA) created by T0 here:
    #0 0x7fd805c83253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
    #1 0x7fd804131dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)

==13822==ABORTING

The text was updated successfully, but these errors were encountered:

foreverneverer · 2020-01-08T09:15:42Z

However,./run.sh test -c --skip_thirdparty --disable_gperf --sanitizer address:

==7448==ERROR: AddressSanitizer: heap-use-after-free on address 0x60b00015ccf0 at pc 0x0000007c4291 bp 0x7f51882f7680 sp 0x7f51882f7670
READ of size 4 at 0x60b00015ccf0 thread T23 (test_meta.THREA)
    #0 0x7c4290 in dsn::replication::simple_load_balancer::simple_load_balancer(dsn::replication::meta_service*) /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/meta_server/server_load_balancer.h:235
    #1 0x7c4290 in dsn::replication::server_load_balancer* dsn::replication::server_load_balancer::create<dsn::replication::simple_load_balancer>(dsn::replication::meta_service*) /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/meta_server/server_load_balancer.h:60
    #2 0x5d2ae2 in dsn::replication::server_load_balancer* dsn::utils::factory_store<dsn::replication::server_load_balancer>::create<dsn::replication::meta_test_base*>(char const*, dsn::provider_type, dsn::replication::meta_test_base*) /home/mi/work/PegasusDB/pegasus/rdsn/include/dsn/utility/factory_store.h:122
    #3 0x5d2ae2 in dsn::replication::meta_test_base::SetUp() /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/test/meta_test/unit_test/meta_test_base.h:24
    #4 0x5d3880 in dsn::replication::meta_app_envs_test::SetUp() /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/test/meta_test/unit_test/meta_app_envs_test.cpp:38
    #5 0xcc4df2 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcc4df2)
    #6 0xcbe812 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcbe812)
    #7 0xca21ba in testing::Test::Run() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xca21ba)
    #8 0xca2ba5 in testing::TestInfo::Run() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xca2ba5)
    #9 0xca3298 in testing::TestCase::Run() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xca3298)
    #10 0xcaa3df in testing::internal::UnitTestImpl::RunAllTests() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcaa3df)
    #11 0xcc63bc in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcc63bc)
    #12 0xcbf5e6 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcbf5e6)
    #13 0xca8e7b in testing::UnitTest::Run() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xca8e7b)
    #14 0x5c4865 in RUN_ALL_TESTS() /home/mi/work/PegasusDB/pegasus/rdsn/thirdparty/output/include/gtest/gtest.h:2233
    #15 0x5c4865 in dsn::replication::meta_service_test_app::start(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/test/meta_test/unit_test/main.cpp:77
    #16 0xaa6860 in dsn::service_node::start_app() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/service_engine.cpp:94
    #17 0xafec15 in dsn::service_control_task::exec() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/tool_api.cpp:60
    #18 0xac3d5f in dsn::task::exec_internal() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/task.cpp:180
    #19 0xaf6527 in dsn::task_worker::loop() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/task_worker.cpp:211
    #20 0xaf6cab in dsn::task_worker::run_internal() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/task_worker.cpp:191
    #21 0x7f5197421c7f  (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)
    #22 0x7f51976f26b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
    #23 0x7f5196b8741c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)

0x60b00015ccf0 is located 64 bytes inside of 104-byte region [0x60b00015ccb0,0x60b00015cd18)
freed by thread T23 (test_meta.THREA) here:
    #0 0x7f5198fd7132 in operator delete(void*, unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9a132)
    #1 0x81678f in _M_destroy /usr/include/c++/5/functional:1726
    #2 0x81678f in _M_manager /usr/include/c++/5/functional:1750
    #3 0x8143ac in std::_Function_base::~_Function_base() /usr/include/c++/5/functional:1830
    #4 0x8143ac in std::function<void (dsn::error_code)>::~function() /usr/include/c++/5/functional:1974
    #5 0x8143ac in ~<lambda> /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/meta_server/server_state.cpp:2591
    #6 0x8143ac in _M_destroy /usr/include/c++/5/functional:1726
    #7 0x8143ac in _M_manager /usr/include/c++/5/functional:1750
    #8 0x817208 in std::_Function_base::~_Function_base() /usr/include/c++/5/functional:1830
    #9 0x817208 in std::function<void (dsn::error_code)>::~function() /usr/include/c++/5/functional:1974
    #10 0x817208 in dsn::replication::server_state::do_update_app_info(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, dsn::app_info const&, std::function<void (dsn::error_code)> const&) /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/meta_server/server_state.cpp:2612
    #11 0x82d580 in dsn::replication::server_state::set_app_envs(dsn::rpc_holder<dsn::replication::configuration_update_app_env_request, dsn::replication::configuration_update_app_env_response> const&) /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/meta_server/server_state.cpp:2683
    #12 0x670342 in dsn::replication::meta_service_test_app::app_envs_basic_test() /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/test/meta_test/unit_test/server_state_test.cpp:76
    #13 0xcc4df2 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcc4df2)
    #14 0xcbe812 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcbe812)
    #15 0xca220d in testing::Test::Run() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xca220d)
    #16 0xca2ba5 in testing::TestInfo::Run() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xca2ba5)
    #17 0xca3298 in testing::TestCase::Run() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xca3298)
    #18 0xcaa3df in testing::internal::UnitTestImpl::RunAllTests() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcaa3df)
    #19 0xcc63bc in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcc63bc)
    #20 0xcbf5e6 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcbf5e6)
    #21 0xca8e7b in testing::UnitTest::Run() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xca8e7b)
    #22 0x5c4865 in RUN_ALL_TESTS() /home/mi/work/PegasusDB/pegasus/rdsn/thirdparty/output/include/gtest/gtest.h:2233
    #23 0x5c4865 in dsn::replication::meta_service_test_app::start(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/test/meta_test/unit_test/main.cpp:77
    #24 0xaa6860 in dsn::service_node::start_app() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/service_engine.cpp:94
    #25 0xafec15 in dsn::service_control_task::exec() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/tool_api.cpp:60
    #26 0xac3d5f in dsn::task::exec_internal() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/task.cpp:180
    #27 0xaf6527 in dsn::task_worker::loop() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/task_worker.cpp:211
    #28 0xaf6cab in dsn::task_worker::run_internal() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/task_worker.cpp:191
    #29 0x7f5197421c7f  (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)

previously allocated by thread T23 (test_meta.THREA) here:
    #0 0x7f5198fd6532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
    #1 0x8167c8 in _M_clone /usr/include/c++/5/functional:1710
    #2 0x8167c8 in _M_manager /usr/include/c++/5/functional:1746
    #3 0x6a31a8 in std::function<void (dsn::error_code)>::function(std::function<void (dsn::error_code)> const&) /usr/include/c++/5/functional:2238
    #4 0x816ef9 in dsn::replication::server_state::do_update_app_info(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, dsn::app_info const&, std::function<void (dsn::error_code)> const&) /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/meta_server/server_state.cpp:2608
    #5 0x82d580 in dsn::replication::server_state::set_app_envs(dsn::rpc_holder<dsn::replication::configuration_update_app_env_request, dsn::replication::configuration_update_app_env_response> const&) /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/meta_server/server_state.cpp:2683
    #6 0x670342 in dsn::replication::meta_service_test_app::app_envs_basic_test() /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/test/meta_test/unit_test/server_state_test.cpp:76
    #7 0xcc4df2 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcc4df2)
    #8 0xcbe812 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcbe812)
    #9 0xca220d in testing::Test::Run() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xca220d)
    #10 0xca2ba5 in testing::TestInfo::Run() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xca2ba5)
    #11 0xca3298 in testing::TestCase::Run() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xca3298)
    #12 0xcaa3df in testing::internal::UnitTestImpl::RunAllTests() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcaa3df)
    #13 0xcc63bc in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcc63bc)
    #14 0xcbf5e6 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xcbf5e6)
    #15 0xca8e7b in testing::UnitTest::Run() (/home/mi/work/PegasusDB/pegasus/rdsn/builder/src/dist/replication/test/meta_test/unit_test/dsn.meta.test+0xca8e7b)
    #16 0x5c4865 in RUN_ALL_TESTS() /home/mi/work/PegasusDB/pegasus/rdsn/thirdparty/output/include/gtest/gtest.h:2233
    #17 0x5c4865 in dsn::replication::meta_service_test_app::start(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/test/meta_test/unit_test/main.cpp:77
    #18 0xaa6860 in dsn::service_node::start_app() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/service_engine.cpp:94
    #19 0xafec15 in dsn::service_control_task::exec() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/tool_api.cpp:60
    #20 0xac3d5f in dsn::task::exec_internal() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/task.cpp:180
    #21 0xaf6527 in dsn::task_worker::loop() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/task_worker.cpp:211
    #22 0xaf6cab in dsn::task_worker::run_internal() /home/mi/work/PegasusDB/pegasus/rdsn/src/core/core/task_worker.cpp:191
    #23 0x7f5197421c7f  (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8c7f)

Thread T23 (test_meta.THREA) created by T0 here:
    #0 0x7f5198f73253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
    #1 0x7f5197421dc2 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb8dc2)

SUMMARY: AddressSanitizer: heap-use-after-free /home/mi/work/PegasusDB/pegasus/rdsn/src/dist/replication/meta_server/server_load_balancer.h:235 dsn::replication::simple_load_balancer::simple_load_balancer(dsn::replication::meta_service*)
Shadow bytes around the buggy address:
  0x0c1680023940: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x0c1680023950: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c1680023960: fd fd fa fa fa fa fa fa fa fa fd fd fd fd fd fd
  0x0c1680023970: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c1680023980: 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa
=>0x0c1680023990: fa fa fa fa fa fa fd fd fd fd fd fd fd fd[fd]fd
  0x0c16800239a0: fd fd fd fa fa fa fa fa fa fa fa fa fd fd fd fd
  0x0c16800239b0: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
  0x0c16800239c0: fa fa 00 00 00 00 00 00 00 00 00 00 00 00 00 02
  0x0c16800239d0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c16800239e0: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==7448==ABORTING

foreverneverer · 2020-01-10T02:43:12Z

it's heap-buffer-overflow bug at last

foreverneverer · 2020-01-10T06:54:34Z

#377 solved

foreverneverer changed the title ~~ASAN: heap-use-after-free in server_state.cpp~~ ASAN: heap-buffer-overflow in server_state.cpp Jan 10, 2020

foreverneverer changed the title ~~ASAN: heap-buffer-overflow in server_state.cpp~~ ASAN: heap-buffer-overflow in meta_test_base.h Jan 10, 2020

foreverneverer mentioned this issue Jan 10, 2020

fix(asan): heap-buffer-overflow in meta_test_base.h #377

Merged

foreverneverer closed this as completed Jan 10, 2020

weekly-digest bot mentioned this issue Jan 12, 2020

Weekly Digest (5 January, 2020 - 12 January, 2020) #378

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ASAN: heap-buffer-overflow in meta_test_base.h #376

ASAN: heap-buffer-overflow in meta_test_base.h #376

foreverneverer commented Jan 8, 2020 •

edited

Loading

foreverneverer commented Jan 8, 2020 •

edited

Loading

foreverneverer commented Jan 10, 2020

foreverneverer commented Jan 10, 2020

ASAN: heap-buffer-overflow in meta_test_base.h #376

ASAN: heap-buffer-overflow in meta_test_base.h #376

Comments

foreverneverer commented Jan 8, 2020 • edited Loading

foreverneverer commented Jan 8, 2020 • edited Loading

foreverneverer commented Jan 10, 2020

foreverneverer commented Jan 10, 2020

foreverneverer commented Jan 8, 2020 •

edited

Loading

foreverneverer commented Jan 8, 2020 •

edited

Loading