Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Double free reported on cache cleanup /w --enet-vlan=add #594

Closed
fklassen opened this issue Jun 2, 2020 · 3 comments
Closed

[Bug] Double free reported on cache cleanup /w --enet-vlan=add #594

fklassen opened this issue Jun 2, 2020 · 3 comments
Assignees
@fklassen
Labels
4.3.3 bug
Projects
4.3.3

Comments

@fklassen
Copy link
Member

fklassen commented Jun 2, 2020

Describe the bug
Get double free message on some packets when using --enet-vlan==add

To Reproduce
Steps to reproduce the behavior:

  1. Download attached pcap file
  2. run tcpreplay-edit -i ens33 -K --enet-vlan=add --enet-vlan-tag=11 --enet-vlan-cfi=0 --enet-vlan-pri=5 --fixcsum test-double-free.pcap

Expected behavior
no errors

Screenshots

sudo src/tcpreplay-edit -i ens33 -K --enet-vlan=add --enet-vlan-tag=11 --enet-vlan-cfi=0 --enet-vlan-pri=5 --fixcsum test/test-double-free.pcap
File Cache is enabled
Actual: 1 packets (90 bytes) sent in 0.000008 seconds
Rated: 11250000.0 Bps, 90.00 Mbps, 125000.00 pps
Flows: 1 flows, 125000.00 fps, 1 flow packets, 0 non-flow
Statistics for network device: ens33
	Successful packets:        1
	Failed packets:            0
	Truncated packets:         0
	Retried packets (ENOBUFS): 0
	Retried packets (EAGAIN):  0
*** Error in `src/tcpreplay-edit': double free or corruption (!prev): 0x000055ff1a249480 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bfb)[0x7f6c98c4ebfb]
/lib/x86_64-linux-gnu/libc.so.6(+0x76fc6)[0x7f6c98c54fc6]
/lib/x86_64-linux-gnu/libc.so.6(+0x7780e)[0x7f6c98c5580e]
src/tcpreplay-edit(+0x28e31)[0x55ff196aae31]
src/tcpreplay-edit(+0x2d13c)[0x55ff196af13c]
src/tcpreplay-edit(+0x2d270)[0x55ff196af270]
src/tcpreplay-edit(+0x101bd)[0x55ff196921bd]
src/tcpreplay-edit(+0xeca4)[0x55ff19690ca4]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f6c98bfe2e1]
src/tcpreplay-edit(+0x849a)[0x55ff1968a49a]
======= Memory map: ========
55ff19682000-55ff19723000 r-xp 00000000 08:01 4981088                    /home/fklassen/git/tcpreplay/src/tcpreplay-edit
55ff19923000-55ff19924000 r--p 000a1000 08:01 4981088                    /home/fklassen/git/tcpreplay/src/tcpreplay-edit
55ff19924000-55ff19928000 rw-p 000a2000 08:01 4981088                    /home/fklassen/git/tcpreplay/src/tcpreplay-edit
55ff19928000-55ff1992b000 rw-p 00000000 00:00 0 
55ff1a23a000-55ff1a25b000 rw-p 00000000 00:00 0                          [heap]
7f6c90000000-7f6c90021000 rw-p 00000000 00:00 0 
7f6c90021000-7f6c94000000 ---p 00000000 00:00 0 
7f6c9723c000-7f6c97252000 r-xp 00000000 08:01 4456452                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7f6c97252000-7f6c97451000 ---p 00016000 08:01 4456452                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7f6c97451000-7f6c97452000 r--p 00015000 08:01 4456452                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7f6c97452000-7f6c97453000 rw-p 00016000 08:01 4456452                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7f6c97453000-7f6c978d4000 rw-p 00000000 00:00 0 
7f6c978d4000-7f6c978e7000 r-xp 00000000 08:01 4456498                    /lib/x86_64-linux-gnu/libgpg-error.so.0.21.0
7f6c978e7000-7f6c97ae6000 ---p 00013000 08:01 4456498                    /lib/x86_64-linux-gnu/libgpg-error.so.0.21.0
7f6c97ae6000-7f6c97ae7000 r--p 00012000 08:01 4456498                    /lib/x86_64-linux-gnu/libgpg-error.so.0.21.0
7f6c97ae7000-7f6c97ae8000 rw-p 00013000 08:01 4456498                    /lib/x86_64-linux-gnu/libgpg-error.so.0.21.0
7f6c97ae8000-7f6c97aeb000 r-xp 00000000 08:01 4457403                    /lib/x86_64-linux-gnu/libdl-2.24.so
7f6c97aeb000-7f6c97cea000 ---p 00003000 08:01 4457403                    /lib/x86_64-linux-gnu/libdl-2.24.so
7f6c97cea000-7f6c97ceb000 r--p 00002000 08:01 4457403                    /lib/x86_64-linux-gnu/libdl-2.24.so
7f6c97ceb000-7f6c97cec000 rw-p 00003000 08:01 4457403                    /lib/x86_64-linux-gnu/libdl-2.24.so
7f6c97cec000-7f6c97d5e000 r-xp 00000000 08:01 4456487                    /lib/x86_64-linux-gnu/libpcre.so.3.13.3
7f6c97d5e000-7f6c97f5d000 ---p 00072000 08:01 4456487                    /lib/x86_64-linux-gnu/libpcre.so.3.13.3
7f6c97f5d000-7f6c97f5e000 r--p 00071000 08:01 4456487                    /lib/x86_64-linux-gnu/libpcre.so.3.13.3
7f6c97f5e000-7f6c97f5f000 rw-p 00072000 08:01 4456487                    /lib/x86_64-linux-gnu/libpcre.so.3.13.3
7f6c97f5f000-7f6c98066000 r-xp 00000000 08:01 4456629                    /lib/x86_64-linux-gnu/libgcrypt.so.20.1.6
7f6c98066000-7f6c98266000 ---p 00107000 08:01 4456629                    /lib/x86_64-linux-gnu/libgcrypt.so.20.1.6
7f6c98266000-7f6c98268000 r--p 00107000 08:01 4456629                    /lib/x86_64-linux-gnu/libgcrypt.so.20.1.6
7f6c98268000-7f6c9826f000 rw-p 00109000 08:01 4456629                    /lib/x86_64-linux-gnu/libgcrypt.so.20.1.6
7f6c9826f000-7f6c98294000 r-xp 00000000 08:01 4456481                    /lib/x86_64-linux-gnu/liblzma.so.5.2.2
7f6c98294000-7f6c98493000 ---p 00025000 08:01 4456481                    /lib/x86_64-linux-gnu/liblzma.so.5.2.2
7f6c98493000-7f6c98494000 r--p 00024000 08:01 4456481                    /lib/x86_64-linux-gnu/liblzma.so.5.2.2
7f6c98494000-7f6c98495000 rw-p 00025000 08:01 4456481                    /lib/x86_64-linux-gnu/liblzma.so.5.2.2
7f6c98495000-7f6c984ba000 r-xp 00000000 08:01 4456537                    /lib/x86_64-linux-gnu/libselinux.so.1
7f6c984ba000-7f6c986b9000 ---p 00025000 08:01 4456537                    /lib/x86_64-linux-gnu/libselinux.so.1
7f6c986b9000-7f6c986ba000 r--p 00024000 08:01 4456537                    /lib/x86_64-linux-gnu/libselinux.so.1
7f6c986ba000-7f6c986bb000 rw-p 00025000 08:01 4456537                    /lib/x86_64-linux-gnu/libselinux.so.1
7f6c986bb000-7f6c986bd000 rw-p 00000000 00:00 0 
7f6c986bd000-7f6c987c0000 r-xp 00000000 08:01 4457404                    /lib/x86_64-linux-gnu/libm-2.24.so
7f6c987c0000-7f6c989bf000 ---p 00103000 08:01 4457404                    /lib/x86_64-linux-gnu/libm-2.24.so
7f6c989bf000-7f6c989c0000 r--p 00102000 08:01 4457404                    /lib/x86_64-linux-gnu/libm-2.24.so
7f6c989c0000-7f6c989c1000 rw-p 00103000 08:01 4457404                    /lib/x86_64-linux-gnu/libm-2.24.so
7f6c989c1000-7f6c989d9000 r-xp 00000000 08:01 4457421                    /lib/x86_64-linux-gnu/libpthread-2.24.so
7f6c989d9000-7f6c98bd8000 ---p 00018000 08:01 4457421                    /lib/x86_64-linux-gnu/libpthread-2.24.so
7f6c98bd8000-7f6c98bd9000 r--p 00017000 08:01 4457421                    /lib/x86_64-linux-gnu/libpthread-2.24.so
7f6c98bd9000-7f6c98bda000 rw-p 00018000 08:01 4457421                    /lib/x86_64-linux-gnu/libpthread-2.24.so
7f6c98bda000-7f6c98bde000 rw-p 00000000 00:00 0 
7f6c98bde000-7f6c98d73000 r-xp 00000000 08:01 4457385                    /lib/x86_64-linux-gnu/libc-2.24.so
7f6c98d73000-7f6c98f73000 ---p 00195000 08:01 4457385                    /lib/x86_64-linux-gnu/libc-2.24.so
7f6c98f73000-7f6c98f77000 r--p 00195000 08:01 4457385                    /lib/x86_64-linux-gnu/libc-2.24.so
7f6c98f77000-7f6c98f79000 rw-p 00199000 08:01 4457385                    /lib/x86_64-linux-gnu/libc-2.24.so
7f6c98f79000-7f6c98f7d000 rw-p 00000000 00:00 0 
7f6c98f7d000-7f6c98f91000 r-xp 00000000 08:01 4457411                    /lib/x86_64-linux-gnu/libnsl-2.24.so
7f6c98f91000-7f6c99191000 ---p 00014000 08:01 4457411                    /lib/x86_64-linux-gnu/libnsl-2.24.so
7f6c99191000-7f6c99192000 r--p 00014000 08:01 4457411                    /lib/x86_64-linux-gnu/libnsl-2.24.so
7f6c99192000-7f6c99193000 rw-p 00015000 08:01 4457411                    /lib/x86_64-linux-gnu/libnsl-2.24.so
7f6c99193000-7f6c99195000 rw-p 00000000 00:00 0 
7f6c99195000-7f6c9919c000 r-xp 00000000 08:01 4457423                    /lib/x86_64-linux-gnu/librt-2.24.so
7f6c9919c000-7f6c9939b000 ---p 00007000 08:01 4457423                    /lib/x86_64-linux-gnu/librt-2.24.so
7f6c9939b000-7f6c9939c000 r--p 00006000 08:01 4457423                    /lib/x86_64-linux-gnu/librt-2.24.so
7f6c9939c000-7f6c9939d000 rw-p 00007000 08:01 4457423                    /lib/x86_64-linux-gnu/librt-2.24.so
7f6c9939d000-7f6c993aa000 r-xp 00000000 08:01 1598052                    /usr/lib/x86_64-linux-gnu/libdumbnet.so.1.0.1
7f6c993aa000-7f6c995a9000 ---p 0000d000 08:01 1598052                    /usr/lib/x86_64-linux-gnu/libdumbnet.so.1.0.1
7f6c995a9000-7f6c995ab000 r--p 0000c000 08:01 1598052                    /usr/lib/x86_64-linux-gnu/libdumbnet.so.1.0.1
7f6c995ab000-7f6c995ac000 rw-p 0000e000 08:01 1598052                    /usr/lib/x86_64-linux-gnu/libdumbnet.so.1.0.1
7f6c995ac000-7f6c995ae000 rw-p 00000000 00:00 0 
7f6c995ae000-7f6c995fb000 r-xp 00000000 08:01 4457133                    /lib/x86_64-linux-gnu/libdbus-1.so.3.14.16
7f6c995fb000-7f6c997fb000 ---p 0004d000 08:01 4457133                    /lib/x86_64-linux-gnu/libdbus-1.so.3.14.16
7f6c997fb000-7f6c997fd000 r--p 0004d000 08:01 4457133                    /lib/x86_64-linux-gnu/libdbus-1.so.3.14.16
7f6c997fd000-7f6c997fe000 rw-p 0004f000 08:01 4457133                    /lib/x86_64-linux-gnu/libdbus-1.so.3.14.16
7f6c997fe000-7f6c9981d000 r-xp 00000000 08:01 4457180                    /lib/x86_64-linux-gnu/libnl-3.so.200.22.0
7f6c9981d000-7f6c99a1c000 ---p 0001f000 08:01 4457180                    /lib/x86_64-linux-gnu/libnl-3.so.200.22.0
7f6c99a1c000-7f6c99a1e000 r--p 0001e000 08:01 4457180                    /lib/x86_64-linux-gnu/libnl-3.so.200.22.0
7f6c99a1e000-7f6c99a1f000 rw-p 00020000 08:01 4457180                    /lib/x86_64-linux-gnu/libnl-3.so.200.22.0
7f6c99a1f000-7f6c99a24000 r-xp 00000000 08:01 4457182                    /lib/x86_64-linux-gnu/libnl-genl-3.so.200.22.0
7f6c99a24000-7f6c99c23000 ---p 00005000 08:01 4457182                    /lib/x86_64-linux-gnu/libnl-genl-3.so.200.22.0
7f6c99c23000-7f6c99c24000 r--p 00004000 08:01 4457182                    /lib/x86_64-linux-gnu/libnl-genl-3.so.200.22.0
7f6c99c24000-7f6c99c25000 rw-p 00005000 08:01 4457182                    /lib/x86_64-linux-gnu/libnl-genl-3.so.200.22.0
7f6c99c25000-7f6c99c48000 r-xp 00000000 08:01 4457082                    /lib/x86_64-linux-gnu/ld-2.24.so
7f6c99d6b000-7f6c99d70000 rw-p 00000000 00:00 0 
7f6c99d70000-7f6c99d72000 r--p 00000000 08:01 1579624                    /usr/lib/x86_64-linux-gnu/liblz4.so.1.8.3
7f6c99d72000-7f6c99d8a000 r-xp 00002000 08:01 1579624                    /usr/lib/x86_64-linux-gnu/liblz4.so.1.8.3
7f6c99d8a000-7f6c99d8d000 r--p 0001a000 08:01 1579624                    /usr/lib/x86_64-linux-gnu/liblz4.so.1.8.3
7f6c99d8d000-7f6c99d8e000 r--p 0001c000 08:01 1579624                    /usr/lib/x86_64-linux-gnu/liblz4.so.1.8.3
7f6c99d8e000-7f6c99d8f000 rw-p 0001d000 08:01 1579624                    /usr/lib/x86_64-linux-gnu/liblz4.so.1.8.3
7f6c99d8f000-7f6c99d91000 rw-p 00000000 00:00 0 
7f6c99d91000-7f6c99e15000 r-xp 00000000 08:01 4456465                    /lib/x86_64-linux-gnu/libsystemd.so.0.17.0
7f6c99e15000-7f6c99e16000 ---p 00084000 08:01 4456465                    /lib/x86_64-linux-gnu/libsystemd.so.0.17.0
7f6c99e16000-7f6c99e19000 r--p 00084000 08:01 4456465                    /lib/x86_64-linux-gnu/libsystemd.so.0.17.0
7f6c99e19000-7f6c99e1a000 rw-p 00087000 08:01 4456465                    /lib/x86_64-linux-gnu/libsystemd.so.0.17.0
7f6c99e1a000-7f6c99e1f000 rw-p 00000000 00:00 0 
7f6c99e47000-7f6c99e48000 rw-p 00000000 00:00 0 
7f6c99e48000-7f6c99e49000 r--p 00023000 08:01 4457082                    /lib/x86_64-linux-gnu/ld-2.24.so
7f6c99e49000-7f6c99e4a000 rw-p 00024000 08:01 4457082                    /lib/x86_64-linux-gnu/ld-2.24.so
7f6c99e4a000-7f6c99e4b000 rw-p 00000000 00:00 0 
7ffdb791f000-7ffdb7940000 rw-p 00000000 00:00 0                          [stack]
7ffdb7982000-7ffdb7985000 r--p 00000000 00:00 0                          [vvar]
7ffdb7985000-7ffdb7987000 r-xp 00000000 00:00 0                          [vdso]
[1]    65173 abort      sudo src/tcpreplay-edit -i ens33 -K --enet-vlan=add --enet-vlan-tag=11

System (please complete the following information):

  • OS: Debian Linux
  • OS version: stretch
  • Tcpreplay Version [e.g. 4.3.3-beta1]
@fklassen fklassen self-assigned this Jun 2, 2020
@fklassen fklassen added this to To do in 4.3.3 via automation Jun 2, 2020
@fklassen fklassen changed the title [Bug] Double free reported on cache cleanup /w --enet-vlan==add [Bug] Double free reported on cache cleanup /w --enet-vlan=add Jun 2, 2020
@fklassen
Copy link
Member Author

fklassen commented Jun 2, 2020

test-double-free.pcap.zip

@fklassen
Copy link
Member Author

fklassen commented Jun 3, 2020

Used git bisect to isolate. Appears this issue was introduced in commit 4f51c34 in PR #584

@fklassen fklassen moved this from To do to In progress in 4.3.3 Jun 3, 2020
@fklassen fklassen mentioned this issue Jun 3, 2020
Closed
fklassen added a commit that referenced this issue Jun 3, 2020
@fklassen
Bug #594 use safe functions for flow hash malloc/free
4bb7c56
fklassen added a commit that referenced this issue Jun 3, 2020
@fklassen
Bug #594 Add some additional headroom to cached packets
13e555a 
When using '--preload-pcap' option any additional VLAN headers
results in Heap Buffer Overflow. Add 512 bytes additional buffer
space.

TODO: Add intelligence to understand when and how much memory
to allocate/reallocate based on tcpedit function.
fklassen added a commit that referenced this issue Jun 3, 2020
@fklassen
Merge pull request #595 from appneta/Bug_#594_double_free_enet-vlan-add
5f9b2c2 
Bug #594 double free enet vlan add
@fklassen
Copy link
Member Author

fklassen commented Jun 3, 2020

Fixed in #595

@fklassen fklassen closed this as completed Jun 3, 2020
4.3.3 automation moved this from In progress to Done Jun 3, 2020
fklassen added a commit that referenced this issue Jun 3, 2020
@fklassen
Bug #594 add headroom when using --fixlen
64132c5
fklassen added a commit that referenced this issue Jun 3, 2020
@fklassen
Merge pull request #597 from appneta/Bug_#594_more_packet_headroom
b378a9b 
Bug #594 add headroom when using --fixlen
fklassen added a commit that referenced this issue Jun 3, 2020
@fklassen
Bug #594 add pcap_freecode() after pcap_compile()
592fa4e
fklassen added a commit that referenced this issue Jun 3, 2020
@fklassen
Bug #594 add pcap_freecode() after pcap_compile()
619712d
fklassen added a commit that referenced this issue Jun 3, 2020
@fklassen
Bug #594 update changelog
1a9d388
fklassen added a commit that referenced this issue Jun 3, 2020
@fklassen
Merge pull request #599 from appneta/Bug_#572_update_changelog
9eaf438 
Bug #594 update changelog
@fklassen fklassen mentioned this issue Jun 8, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fklassen fklassen

Labels
4.3.3 bug
Projects
No open projects
4.3.3
  
Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fklassen