Skip to content

Fix null pointer dereference in traffic_crashlog #12756

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bryancall merged 1 commit into from
Dec 15, 2025
Merged

Fix null pointer dereference in traffic_crashlog #12756

bryancall merged 1 commit into from
Dec 15, 2025
+5 −0

Conversation

@bryancall
Copy link
Contributor

@bryancall bryancall commented Dec 11, 2025
edited
Loading

Summary

  • Fix ASAN SEGV in crashlog_write_backtrace() when ServerBacktrace() returns 0 but leaves trace pointer null
  • This occurs when the target process has already exited before crashlog can retrieve the backtrace
  • Added null check before calling fprintf() with the trace pointer

Root Cause

Introduced in PR #10811 which moved backtrace logging from traffic_manager to traffic_crashlog but didn't account for trace being null.

Test plan

  • Build with ASAN (cmake --preset dev-asan)
  • Create invalid remap.config to trigger crash
  • Verify traffic_crashlog no longer crashes with ASAN SEGV
  • Verify crash log contains "Unable to retrieve backtrace: trace is null" message

@bryancall
Fix null pointer dereference in traffic_crashlog
5ad8e91 
ServerBacktrace() can return 0 (success) but leave the trace pointer
null when the target process has already exited. This caused a SEGV
when fprintf() was called with the null trace pointer.

Add a null check before using the trace pointer.
@bryancall bryancall added this to the 10.2.0 milestone Dec 11, 2025
@bryancall bryancall self-assigned this Dec 11, 2025
@bryancall bryancall requested a review from Copilot December 12, 2025 15:09
Copilot AI reviewed Dec 12, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a null pointer dereference bug in traffic_crashlog that occurs when attempting to retrieve a backtrace from a process that has already exited. The fix adds a null check after the ServerBacktrace() call to prevent dereferencing a null pointer before writing to the crash log file.

Key changes:

  • Added null pointer check for the trace variable after ServerBacktrace() returns successfully
  • Added informative error message when backtrace retrieval fails due to null trace

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@bryancall bryancall merged commit 7f6f697 into apache:master Dec 15, 2025
21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@masaori335 masaori335 masaori335 approved these changes

Assignees

@bryancall bryancall

Labels

Bug Crash

Projects

None yet

Milestone

10.2.0

Development

Successfully merging this pull request may close these issues.

2 participants

@bryancall @masaori335