Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-2182

heap overrun in test_attrs on darwin address sanitizer

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 5.5.1.0
    • Fix Version/s: None
    • Component/s: Web Agents
    • Labels:
      None

      Description

      Bug description

      Concise statement summarising the error and context (remove this text)

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. on mac
      2. Change DEBUG=1
      3. make tests
      4. (on mac)
      5. ./test
      Expected behaviour
      Sanitizer output should have no errors
      
      Current behaviour
      =================================================================
      ==21125==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c000006600 at pc 0x000109ace4dd bp 0x70000548e670 sp 0x70000548de10
      READ of size 133 at 0x60c000006600 thread T1
          #0 0x109ace4dc in StrstrCheck(void*, char*, char const*, char const*) (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x184dc)
          #1 0x109ace1b9 in wrap_strstr (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x181b9)
          #2 0x1098c4a6d in handle_request test_attrs.c:106
          #3 0x1098e8499 in stub_responder test_stubs.c:100
          #4 0x1098e52b4 in stub_server_lifecycle test_stubs.c:139
          #5 0x7fff7c6cc338 in _pthread_body (libsystem_pthread.dylib:x86_64+0x3338)
          #6 0x7fff7c6cf2a6 in _pthread_start (libsystem_pthread.dylib:x86_64+0x62a6)
          #7 0x7fff7c6cb444 in thread_start (libsystem_pthread.dylib:x86_64+0x2444)
      
      0x60c000006600 is located 0 bytes to the right of 128-byte region [0x60c000006580,0x60c000006600)
      allocated by thread T1 here:
          #0 0x109b0d2d7 in wrap_realloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x572d7)
          #1 0x10987a25f in buffer_allocate buffer.c:56
          #2 0x10987a05c in buffer_allocate_chunk buffer.c:70
          #3 0x10987a7b0 in buffer_add_data buffer.c:114
          #4 0x1098acdca in on_url http_request_data.c:85
          #5 0x109895616 in http_parser_execute http_parser.c:1078
          #6 0x1098ac6ee in http_request_handle http_request_data.c:118
          #7 0x10967d589 in read_to_handler net.c:269
          #8 0x10967d20b in net_read_to_handler net.c:332
          #9 0x109685c4b in net_read_plain net_client.c:439
          #10 0x109685adf in am_net_read net_client.c:470
          #11 0x1098e8301 in stub_responder test_stubs.c:91
          #12 0x1098e52b4 in stub_server_lifecycle test_stubs.c:139
          #13 0x7fff7c6cc338 in _pthread_body (libsystem_pthread.dylib:x86_64+0x3338)
          #14 0x7fff7c6cf2a6 in _pthread_start (libsystem_pthread.dylib:x86_64+0x62a6)
          #15 0x7fff7c6cb444 in thread_start (libsystem_pthread.dylib:x86_64+0x2444)
      
      Thread T1 created by T0 here:
          #0 0x109b04ead in wrap_pthread_create (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x4eead)
          #1 0x10972cd16 in thread_start_joinable tasks.c:63
          #2 0x1098e4ac0 in stub_run test_stubs.c:185
          #3 0x1098c36ff in test_multivalue_attribute test_attrs.c:140
          #4 0x1098bd674 in cmocka_run_one_test_or_fixture cmocka.c:2305
          #5 0x1098b9fe2 in cmocka_run_one_tests cmocka.c:2413
          #6 0x1098b9233 in _cmocka_run_group_tests cmocka.c:2518
          #7 0x1098bf3f7 in main test_MAIN.c:43
          #8 0x7fff7c4da08c in start (libdyld.dylib:x86_64+0x1708c)
      
      SUMMARY: AddressSanitizer: heap-buffer-overflow (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x184dc) in StrstrCheck(void*, char*, char const*, char const*)
      Shadow bytes around the buggy address:
        0x1c1800000c70: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
        0x1c1800000c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
        0x1c1800000c90: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
        0x1c1800000ca0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
        0x1c1800000cb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      =>0x1c1800000cc0:[fa]fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
        0x1c1800000cd0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
        0x1c1800000ce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x1c1800000cf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        0x1c1800000d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        0x1c1800000d10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      Shadow byte legend (one shadow byte represents 8 application bytes):
        Addressable:           00
        Partially addressable: 01 02 03 04 05 06 07
        Heap left redzone:       fa
        Freed heap region:       fd
        Stack left redzone:      f1
        Stack mid redzone:       f2
        Stack right redzone:     f3
        Stack after return:      f5
        Stack use after scope:   f8
        Global redzone:          f9
        Global init order:       f6
        Poisoned by user:        f7
        Container overflow:      fc
        Array cookie:            ac
        Intra object redzone:    bb
        ASan internal:           fe
        Left alloca redzone:     ca
        Right alloca redzone:    cb
      ==21125==ABORTING
      Abort trap: 6
      

      Work around

      OPTIONAL - If you have a workaround, please put the details here (remove this text)

      Code analysis

      testing related issue as buffer was unterminated.

      org.forgerock.$className.java
      ...
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              alex.levin@forgerock.com Alex Levin
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: