[Fix] Slight changes to quick start #2
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
@rpraveen has imported this pull request. If you are a Facebook employee, you can view this diff on Phabricator.
facebook-github-bot
pushed a commit
that referenced
this pull request
May 30, 2019
Summary:
```
Direct leak of 143232 byte(s) in 22 object(s) allocated from:
#0 0x7f69985e414e in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/liblsan.so.0+0xd14e)
#1 0x55d5fe489d04 in itti_init /home/vagrant/magma/c/oai/common/itti/intertask_interface.c:821
#2 0x55d5fe3d4da5 in main /home/vagrant/magma/c/oai/oai_mme/oai_mme.c:62
#3 0x7f69946cb2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
```
Let's clean up the resources used by ITTI so LSAN doesn't complain about it.
Reviewed By: ssanadhya
Differential Revision: D13568198
fbshipit-source-id: fa596882c1813fca25a4efd2333e466b139b2dcc
0xastro
referenced
this pull request
in 0xastro/magma
Mar 14, 2020
facebook-github-bot
pushed a commit
that referenced
this pull request
Jun 17, 2020
Summary:
ASAN error:
```
Jun 16 08:56:03 magma-dev sessiond[9856]: =================================================================
Jun 16 08:56:03 magma-dev sessiond[9856]: ==9856==ERROR: AddressSanitizer: new-delete-type-mismatch on 0x61800001fc80 in thread T14:
Jun 16 08:56:03 magma-dev sessiond[9856]: object passed to delete has wrong type:
Jun 16 08:56:03 magma-dev sessiond[9856]: size of the allocated type: 816 bytes;
Jun 16 08:56:03 magma-dev sessiond[9856]: size of the deallocated type: 808 bytes.
Jun 16 08:56:03 magma-dev sessiond[9856]: I0616 08:56:03.149473 9886 SessionEvents.cpp:53] Could not log session_created event {"session_id":"IMSI001010000000001-120251","imsi":"IMSI001010000000001"}, Error Message: Connect Failed
Jun 16 08:56:03 magma-dev sessiond[9856]: #0 0x7ff448b0d7f0 in operator delete(void*, unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc37f0)
Jun 16 08:56:03 magma-dev sessiond[9856]: #1 0x559f94cbc742 in magma::AsyncGRPCRequest<magma::lte::LocalSessionManager::WithAsyncMethod_ReportRuleStats<magma::lte::LocalSessionManager::WithAsyncMethod_CreateSession<magma::lte::LocalSessionManager::WithAsyncMethod_EndSession<magma::lte::LocalSessionManager::Service> > >, magma::lte::LocalCreateSessionRequest, magma::lte::LocalCreateSessionResponse>::proceed() /home/vagrant/magma/lte/gateway/c/session_manager/SessionManagerServer.cpp:98
Jun 16 08:56:03 magma-dev sessiond[9856]: #2 0x559f94ca8f54 in magma::AsyncService::wait_for_requests() /home/vagrant/magma/lte/gateway/c/session_manager/SessionManagerServer.cpp:39
Jun 16 08:56:03 magma-dev sessiond[9856]: #3 0x559f94c7cae9 in operator() /home/vagrant/magma/lte/gateway/c/session_manager/sessiond_main.cpp:259
Jun 16 08:56:03 magma-dev sessiond[9856]: #4 0x559f94c81c51 in _M_invoke<> /usr/include/c++/6/functional:1391
Jun 16 08:56:03 magma-dev sessiond[9856]: #5 0x559f94c81a70 in operator() /usr/include/c++/6/functional:1380
Jun 16 08:56:03 magma-dev sessiond[9856]: #6 0x559f94c8192b in _M_run /usr/include/c++/6/thread:197
Jun 16 08:56:03 magma-dev sessiond[9856]: #7 0x7ff446dbde6e (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb9e6e)
Jun 16 08:56:03 magma-dev sessiond[9856]: #8 0x7ff447d384a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
Jun 16 08:56:03 magma-dev sessiond[9856]: #9 0x7ff446532d0e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe8d0e)
Jun 16 08:56:03 magma-dev sessiond[9856]: 0x61800001fc80 is located 0 bytes inside of 816-byte region [0x61800001fc80,0x61800001ffb0)
Jun 16 08:56:03 magma-dev sessiond[9856]: allocated by thread T14 here:
Jun 16 08:56:03 magma-dev sessiond[9856]: #0 0x7ff448b0cbf0 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2bf0)
Jun 16 08:56:03 magma-dev sessiond[9856]: #1 0x559f94ca91f0 in magma::LocalSessionManagerAsyncService::init_call_data() /home/vagrant/magma/lte/gateway/c/session_manager/SessionManagerServer.cpp:60
```
According to the internet, "Polymorphic base classes should declare virtual destructors. If a class has any virtual functions, it should have a virtual destructor".
Resource : https://stackoverflow.com/questions/41552966/getting-new-delete-type-mismatch-from-asan
Reviewed By: uri200
Differential Revision: D22065108
fbshipit-source-id: ff146a9a92f71408ea25dc86943938ca5afe88a1
facebook-github-bot
added a commit
that referenced
this pull request
Jul 16, 2020
Summary: This is pull request was created automatically because we noticed your project was missing a Code of Conduct file. Code of Conduct files facilitate respectful and constructive communities by establishing expected behaviors for project contributors. This PR was crafted with love by Facebook's Open Source Team. Pull Request resolved: magma/fbc-js-core#2 Reviewed By: dlvhdr Differential Revision: D22570984 Pulled By: a8m fbshipit-source-id: 7d95f1cd14f40d884e64e894819f61f9fa15c5de
This was referenced Jul 28, 2020
This was referenced Sep 16, 2020
amarpad
pushed a commit
that referenced
this pull request
Nov 28, 2020
* Add T3489 tests
Introduce a new test to validate T3489 expiry.
Credit to ulaskozat for the diff
Testing done:
Verified that an ASAN use after free occurs on timer expiry
=7031==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000093460 at pc 0x555807545462 bp 0x7f87093fd2b0 sp 0x7f87093fd2a8
WRITE of size 8 at 0x603000093460 thread T16
#0 0x555807545461 in nas_stop_T3489 /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/esm/esm_data_context.c:101
#1 0x5558075c47c5 in esm_proc_esm_information_response /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/esm/esm_information.c:119
#2 0x55580759339b in esm_recv_information_response /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/esm/sap/esm_recv.c:575
#3 0x555807551fba in _esm_sap_recv /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/esm/sap/esm_sap.c:679
#4 0x555807550f33 in esm_sap_send /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/esm/sap/esm_sap.c:283
#5 0x5558075195a0 in lowerlayer_data_ind /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/emm/LowerLayer.c:276
#6 0x55580757848f in _emm_as_data_ind /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/emm/sap/emm_as.c:688
#7 0x555807574ec4 in emm_as_send /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/emm/sap/emm_as.c:180
#8 0x55580753147f in emm_sap_send /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/emm/sap/emm_sap.c:105
#9 0x5558074d74fc in nas_proc_ul_transfer_ind /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/nas_proc.c:326
#10 0x5558071bd634 in handle_message /home/vagrant/magma/lte/gateway/c/oai/tasks/mme_app/mme_app_main.c:97
#11 0x7f871bb277bd in zloop_start (/usr/lib/x86_64-linux-gnu/libczmq.so.4+0x287bd)
#12 0x5558071bf169 in mme_app_thread /home/vagrant/magma/lte/gateway/c/oai/tasks/mme_app/mme_app_main.c:447
#13 0x7f871e11f4a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
#14 0x7f871a494d0e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe8d0e)
0x603000093460 is located 0 bytes inside of 32-byte region [0x603000093460,0x603000093480)
freed by thread T16 here:
#0 0x7f871e602a10 in free (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1a10)
#1 0x5558070dc054 in free_wrapper /home/vagrant/magma/lte/gateway/c/oai/common/dynamic_memory_check.c:47
#2 0x555807545496 in nas_stop_T3489 /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/esm/esm_data_context.c:103
#3 0x5558075c517a in _esm_information /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/esm/esm_information.c:269
#4 0x5558075c4e15 in _esm_information_t3489_handler /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/esm/esm_information.c:199
#5 0x5558074e2e8a in mme_app_nas_timer_handle_signal_expiry /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/util/nas_timer.c:100
#6 0x5558071be2d2 in handle_message /home/vagrant/magma/lte/gateway/c/oai/tasks/mme_app/mme_app_main.c:235
#7 0x7f871bb277bd in zloop_start (/usr/lib/x86_64-linux-gnu/libczmq.so.4+0x287bd)
Signed-off-by: Amar Padmanabhan <amarpadmanabhan@fb.com>
* Invalidate the T3849 timer id while processing esm information retransmit
The _esm_information function stops the existing T3849 timer as referenced
by the esm_ctxt datastructure timer before rescheduling a new T3849 timer
when it requests for the esm info from a UE.
Stopping the timer has a side effect of freeing up the UE related
retransmission data associated with it. This causes issues during
the T3849 timer expiry handling as the cancelled timer and the rescheduled
one reuse the same retransmission data datastructure.
Fix this by unsetting the T3849 timer in the handling of the timer expiry
as the esm_ctxt is not associated with any valid timers anymore. Further
as the timer is a oneshot timer it will be cleaned up after the processing
of the timer callback.
Signed-off-by: Amar Padmanabhan <amarpadmanabhan@fb.com>
themarwhal
pushed a commit
that referenced
this pull request
Nov 30, 2020
* Add T3489 tests
Introduce a new test to validate T3489 expiry.
Credit to ulaskozat for the diff
Testing done:
Verified that an ASAN use after free occurs on timer expiry
=7031==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000093460 at pc 0x555807545462 bp 0x7f87093fd2b0 sp 0x7f87093fd2a8
WRITE of size 8 at 0x603000093460 thread T16
#0 0x555807545461 in nas_stop_T3489 /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/esm/esm_data_context.c:101
#1 0x5558075c47c5 in esm_proc_esm_information_response /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/esm/esm_information.c:119
#2 0x55580759339b in esm_recv_information_response /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/esm/sap/esm_recv.c:575
#3 0x555807551fba in _esm_sap_recv /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/esm/sap/esm_sap.c:679
#4 0x555807550f33 in esm_sap_send /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/esm/sap/esm_sap.c:283
#5 0x5558075195a0 in lowerlayer_data_ind /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/emm/LowerLayer.c:276
#6 0x55580757848f in _emm_as_data_ind /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/emm/sap/emm_as.c:688
#7 0x555807574ec4 in emm_as_send /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/emm/sap/emm_as.c:180
#8 0x55580753147f in emm_sap_send /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/emm/sap/emm_sap.c:105
#9 0x5558074d74fc in nas_proc_ul_transfer_ind /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/nas_proc.c:326
#10 0x5558071bd634 in handle_message /home/vagrant/magma/lte/gateway/c/oai/tasks/mme_app/mme_app_main.c:97
#11 0x7f871bb277bd in zloop_start (/usr/lib/x86_64-linux-gnu/libczmq.so.4+0x287bd)
#12 0x5558071bf169 in mme_app_thread /home/vagrant/magma/lte/gateway/c/oai/tasks/mme_app/mme_app_main.c:447
#13 0x7f871e11f4a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
#14 0x7f871a494d0e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe8d0e)
0x603000093460 is located 0 bytes inside of 32-byte region [0x603000093460,0x603000093480)
freed by thread T16 here:
#0 0x7f871e602a10 in free (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1a10)
#1 0x5558070dc054 in free_wrapper /home/vagrant/magma/lte/gateway/c/oai/common/dynamic_memory_check.c:47
#2 0x555807545496 in nas_stop_T3489 /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/esm/esm_data_context.c:103
#3 0x5558075c517a in _esm_information /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/esm/esm_information.c:269
#4 0x5558075c4e15 in _esm_information_t3489_handler /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/esm/esm_information.c:199
#5 0x5558074e2e8a in mme_app_nas_timer_handle_signal_expiry /home/vagrant/magma/lte/gateway/c/oai/tasks/nas/util/nas_timer.c:100
#6 0x5558071be2d2 in handle_message /home/vagrant/magma/lte/gateway/c/oai/tasks/mme_app/mme_app_main.c:235
#7 0x7f871bb277bd in zloop_start (/usr/lib/x86_64-linux-gnu/libczmq.so.4+0x287bd)
Signed-off-by: Amar Padmanabhan <amarpadmanabhan@fb.com>
* Invalidate the T3849 timer id while processing esm information retransmit
The _esm_information function stops the existing T3849 timer as referenced
by the esm_ctxt datastructure timer before rescheduling a new T3849 timer
when it requests for the esm info from a UE.
Stopping the timer has a side effect of freeing up the UE related
retransmission data associated with it. This causes issues during
the T3849 timer expiry handling as the cancelled timer and the rescheduled
one reuse the same retransmission data datastructure.
Fix this by unsetting the T3849 timer in the handling of the timer expiry
as the esm_ctxt is not associated with any valid timers anymore. Further
as the timer is a oneshot timer it will be cleaned up after the processing
of the timer callback.
Signed-off-by: Amar Padmanabhan <amarpadmanabhan@fb.com>
1 task
This was referenced Aug 16, 2021
This was referenced Sep 30, 2021
Merged
1 task
electronjoe
added a commit
that referenced
this pull request
Mar 5, 2022
Addresses one finding (more exist) of #11826. Zero-initialized all instances of `plmn_array[PLMN_BYTES]` (so that they will be null terminated) and enlarged the array by one char to accommodate the null termination. Fixes the finding: ``` [ RUN ] TestAMFStateConverter.TestUEm5gmmContextToProto ================================================================= ==15482==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffee811fc86 at pc 0x7f3038dada6d bp 0x7ffee811faa0 sp 0x7ffee811f248 READ of size 7 at 0x7ffee811fc86 thread T0 #0 0x7f3038dada6c (/lib/x86_64-linux-gnu/libasan.so.5+0x67a6c) #1 0x7f302e641e9b in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std::allocator<char> const&) (/lib/x86_64-linux-gnu/libstdc++.so.6+0x145e9b) #2 0x7f30383b85f6 in magma::lte::oai::Tai::set_mcc_mnc(char const*) bazel-out/k8-dbg/bin/lte/protos/oai/nas_state_cpp_proto_pb/lte/protos/oai/nas_state.pb.h:11239 ``` ## Test Plan Using prototype Bazel build with `--config=asan` validated ASAN finding is resolved. Signed-off-by: Scott Moeller <electrojoe@gmail.com>
ardzoht
pushed a commit
that referenced
this pull request
Mar 30, 2022
Addresses one finding (more exist) of #11826. Zero-initialized all instances of `plmn_array[PLMN_BYTES]` (so that they will be null terminated) and enlarged the array by one char to accommodate the null termination. Fixes the finding: ``` [ RUN ] TestAMFStateConverter.TestUEm5gmmContextToProto ================================================================= ==15482==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffee811fc86 at pc 0x7f3038dada6d bp 0x7ffee811faa0 sp 0x7ffee811f248 READ of size 7 at 0x7ffee811fc86 thread T0 #0 0x7f3038dada6c (/lib/x86_64-linux-gnu/libasan.so.5+0x67a6c) #1 0x7f302e641e9b in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std::allocator<char> const&) (/lib/x86_64-linux-gnu/libstdc++.so.6+0x145e9b) #2 0x7f30383b85f6 in magma::lte::oai::Tai::set_mcc_mnc(char const*) bazel-out/k8-dbg/bin/lte/protos/oai/nas_state_cpp_proto_pb/lte/protos/oai/nas_state.pb.h:11239 ``` ## Test Plan Using prototype Bazel build with `--config=asan` validated ASAN finding is resolved. Signed-off-by: Scott Moeller <electrojoe@gmail.com>
emakeev
pushed a commit
to emakeev/magma
that referenced
this pull request
Aug 5, 2022
Addresses one finding (more exist) of magma#11826. Zero-initialized all instances of `plmn_array[PLMN_BYTES]` (so that they will be null terminated) and enlarged the array by one char to accommodate the null termination. Fixes the finding: ``` [ RUN ] TestAMFStateConverter.TestUEm5gmmContextToProto ================================================================= ==15482==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffee811fc86 at pc 0x7f3038dada6d bp 0x7ffee811faa0 sp 0x7ffee811f248 READ of size 7 at 0x7ffee811fc86 thread T0 #0 0x7f3038dada6c (/lib/x86_64-linux-gnu/libasan.so.5+0x67a6c) magma#1 0x7f302e641e9b in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std::allocator<char> const&) (/lib/x86_64-linux-gnu/libstdc++.so.6+0x145e9b) magma#2 0x7f30383b85f6 in magma::lte::oai::Tai::set_mcc_mnc(char const*) bazel-out/k8-dbg/bin/lte/protos/oai/nas_state_cpp_proto_pb/lte/protos/oai/nas_state.pb.h:11239 ``` ## Test Plan Using prototype Bazel build with `--config=asan` validated ASAN finding is resolved. Signed-off-by: Scott Moeller <electrojoe@gmail.com>
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A couple of clarifications when building the quick-start project