ERROR: AddressSanitizer: heap-buffer-overflow #697
Comments
|
@xlb767923274 was this done against the latest HEAD version? I ask because there was a patch (74715b1) that fixed invalid reads on short packets. I just ran the latest nDPI HEAD build using the memcached.cap file (from ./tests/pcap), and ASan didn't detect any issues. Which pcap file are you testing with, or are you using live traffic? |
|
Thank you for your reply,sorry,my code is is older,
commit 1290706
Merge: 4e7fa82 796472c
Author: Luca <[email protected]>
Date: Fri Apr 5 12:51:59 2019 +0200
I will update the newest version, and test again。
[email protected]
From: Darryl Sokoloski
Date: 2019-04-25 00:37
To: ntop/nDPI
CC: xlb767923274; Mention
Subject: Re: [ntop/nDPI] ERROR: AddressSanitizer: heap-buffer-overflow (#697)
@xlb767923274 was this done against the latest HEAD version? I ask because there was a patch (74715b1) that fixed invalid reads on short packets.
I just ran the latest nDPI HEAD build using the memcached.cap file (from ./tests/pcap), and ASan didn't detect any issues. Which pcap file are you testing with, or are you using live traffic?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
=================================================================
==7607==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60600059c1bc at pc 0x7ffff6ed1ca4 bp 0x7ffff2475260 sp 0x7ffff2474a08
READ of size 8 at 0x60600059c1bc thread T2
#0 0x7ffff6ed1ca3 (/usr/lib64/libasan.so.4.0.0+0xafca3)
#1 0x44d339 in ndpi_search_memcached protocols/memcached.c:147
#2 0x43ded8 in check_ndpi_tcp_flow_func /home/ntop/nDPI/src/lib/ndpi_main.c:4089
#3 0x43e3c2 in ndpi_check_flow_func /home/ntop/nDPI/src/lib/ndpi_main.c:4135
#4 0x43f747 in ndpi_detection_process_packet /home/ntop/nDPI/src/lib/ndpi_main.c:4796
#5 0x42d89c in packet_processing /home/ntop/nDPI/example/ndpi_util.c:725
#6 0x42fe55 in ndpi_workflow_process_packet /home/ntop/nDPI/example/ndpi_util.c:1106
#7 0x424c96 in ndpi_process_packet /home/ntop/nDPI/example/ndpiReader.c:2465
#8 0x7ffff6be99fd (/lib64/libpcap.so.1+0x89fd)
#9 0x7ffff6bedb8a (/lib64/libpcap.so.1+0xcb8a)
#10 0x7ffff6bf224c in pcap_loop (/lib64/libpcap.so.1+0x1124c)
#11 0x42656d in runPcapLoop /home/ntop/nDPI/example/ndpiReader.c:2582
#12 0x426693 in processing_thread /home/ntop/nDPI/example/ndpiReader.c:2636
#13 0x7ffff69ccdd4 in start_thread (/lib64/libpthread.so.0+0x7dd4)
#14 0x7ffff5ed6eac in __clone (/lib64/libc.so.6+0xfdeac)
0x60600059c1bc is located 0 bytes to the right of 60-byte region [0x60600059c180,0x60600059c1bc)
allocated by thread T2 here:
#0 0x7ffff6f008a0 in malloc (/usr/lib64/libasan.so.4.0.0+0xde8a0)
#1 0x424bf9 in ndpi_process_packet /home/ntop/nDPI/example/ndpiReader.c:2460
#2 0x7ffff6be99fd (/lib64/libpcap.so.1+0x89fd)
Thread T2 created by T0 here:
#0 0x7ffff6e59a7f in pthread_create (/usr/lib64/libasan.so.4.0.0+0x37a7f)
#1 0x426b3c in test_lib /home/ntop/nDPI/example/ndpiReader.c:2691
#2 0x42755d in main /home/ntop/nDPI/example/ndpiReader.c:3371
#3 0x7ffff5dfb3d4 in __libc_start_main (/lib64/libc.so.6+0x223d4)
SUMMARY: AddressSanitizer: heap-buffer-overflow (/usr/lib64/libasan.so.4.0.0+0xafca3)
Shadow bytes around the buggy address:
0x0c0c800ab7e0: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
0x0c0c800ab7f0: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0c800ab800: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
0x0c0c800ab810: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
0x0c0c800ab820: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
=>0x0c0c800ab830: 00 00 00 00 00 00 00[04]fa fa fa fa fa fa fa fa
0x0c0c800ab840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c800ab850: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c800ab860: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c800ab870: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c800ab880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==7607==ABORTING
Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7ffff2476700 (LWP 7612)]
0x00007ffff5e0f207 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install glibc-2.17-260.el7_6.4.x86_64 libasan4-7.3.1-5.15.el7.x86_64 libgcc-4.8.5-36.el7_6.1.x86_64 libpcap-1.5.3-11.el7.x86_64 libstdc++-4.8.5-36.el7_6.1.x86_64
(gdb) bt
#0 0x00007ffff5e0f207 in raise () from /lib64/libc.so.6
#1 0x00007ffff5e108f8 in abort () from /lib64/libc.so.6
#2 0x00007ffff6f2248e in __sanitizer::Abort() () from /usr/lib64/libasan.so.4.0.0
#3 0x00007ffff6f2a288 in __sanitizer::Die() () from /usr/lib64/libasan.so.4.0.0
#4 0x00007ffff6f0b275 in __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) ()
from /usr/lib64/libasan.so.4.0.0
#5 0x00007ffff6ed1cc3 in __interceptor_memcmp.part.267 () from /usr/lib64/libasan.so.4.0.0
#6 0x000000000044d33a in ndpi_search_memcached (ndpi_struct=0x7ffff7ea3800, flow=0x61d0048d9680) at protocols/memcached.c:147
#7 0x000000000043ded9 in check_ndpi_tcp_flow_func (ndpi_struct=0x7ffff7ea3800, flow=0x61d0048d9680, ndpi_selection_packet=0x7ffff24753ac) at ndpi_main.c:4089
#8 0x000000000043e3c3 in ndpi_check_flow_func (ndpi_struct=0x7ffff7ea3800, flow=0x61d0048d9680, ndpi_selection_packet=0x7ffff24753ac) at ndpi_main.c:4135
#9 0x000000000043f748 in ndpi_detection_process_packet (ndpi_struct=0x7ffff7ea3800, flow=0x61d0048d9680, packet=0x60600059c18e "E", packetlen=46,
current_tick_l=1556080931851, src=0x6120015e23c0, dst=0x6120015e2540) at ndpi_main.c:4796
#10 0x000000000042d89d in packet_processing (workflow=0x629000014200, time=1556080931851, vlan_id=0, iph=0x60600059c18e, iph6=0x0, ip_offset=14, ipsize=46, rawsize=60)
at ndpi_util.c:725
#11 0x000000000042fe56 in ndpi_workflow_process_packet (workflow=0x629000014200, header=0x7ffff2475ab0, packet=0x60600059c180 "L\355\373\301\f'\224ٳ\360Z3\b")
at ndpi_util.c:1106
#12 0x0000000000424c97 in ndpi_process_packet (args=0x7ffff2475bcc "", header=0x7ffff2475ab0, packet=0x7ffff24a6046 "L\355\373\301\f'\224ٳ\360Z3\b")
at ndpiReader.c:2465
#13 0x00007ffff6be99fe in pcap_handle_packet_mmap () from /lib64/libpcap.so.1
#14 0x00007ffff6bedb8b in pcap_read_linux_mmap_v2 () from /lib64/libpcap.so.1
#15 0x00007ffff6bf224d in pcap_loop () from /lib64/libpcap.so.1
#16 0x000000000042656e in runPcapLoop (thread_id=0) at ndpiReader.c:2582
#17 0x0000000000426694 in processing_thread (_thread_id=0x0) at ndpiReader.c:2636
#18 0x00007ffff69ccdd5 in start_thread (arg=0x7ffff2476700) at pthread_create.c:307
#19 0x00007ffff5ed6ead in clone () from /lib64/libc.so.6
The text was updated successfully, but these errors were encountered: