-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ospfv3 is failing in topotests #1135
Comments
Somehow forgot to enforce the Address Sanitizer Tests. They were run, but the results were ignored. |
Address Sanitizer was ok on Master until June 30. The first merge which broke it was Git sha 8186327 |
I would like to recommend that this be removed from the 3.0 milestone. As that there is no way this is not a long standing issue that I would say even exists back in 2.0 and further back into Quagga itself. @mwinter-osr thoughts? |
Fixed by #1217. |
Address Sanitizer is returning this: ```2017/09/07 17:05:58 OSPF6: SPF: Scheduled in 0 msec
r2: ospf6d triggered an exception by AddressSanitizer
ERROR: AddressSanitizer: heap-use-after-free on address 0x61000000d070 at pc 0x00000042e8ca bp 0x7ffeafa44df0 sp 0x7ffeafa44de0
READ of size 4 at 0x61000000d070 thread T0
#0 0x42e8c9 in ospf6_intra_brouter_calculation ospf6d/ospf6_intra.c:1559
#1 0x45429d in ospf6_spf_calculation_thread ospf6d/ospf6_spf.c:611
#2 0x4cc3ca in thread_call lib/thread.c:1482
#3 0x493039 in frr_run lib/libfrr.c:870
#4 0x412fc9 in main ospf6d/ospf6_main.c:209
#5 0x7ff49078982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#6 0x412bd8 in _start (/usr/lib/frr/ospf6d+0x412bd8)
0x61000000d070 is located 48 bytes inside of 184-byte region [0x61000000d040,0x61000000d0f8)
freed by thread T0 here:
#0 0x7ff49193e2ca in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x982ca)
#1 0x4994fe in qfree lib/memory.c:87
#2 0x44b5cb in ospf6_route_delete ospf6d/ospf6_route.c:357
#3 0x44ba5c in ospf6_route_unlock ospf6d/ospf6_route.c:397
#4 0x44dbfb in ospf6_route_next ospf6d/ospf6_route.c:852
#5 0x42e8a7 in ospf6_intra_brouter_calculation ospf6d/ospf6_intra.c:1558
#6 0x45429d in ospf6_spf_calculation_thread ospf6d/ospf6_spf.c:611
#7 0x4cc3ca in thread_call lib/thread.c:1482
#8 0x493039 in frr_run lib/libfrr.c:870
#9 0x412fc9 in main ospf6d/ospf6_main.c:209
#10 0x7ff49078982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
previously allocated by thread T0 here:
#0 0x7ff49193e79a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)
#1 0x499230 in qcalloc lib/memory.c:68
#2 0x44b502 in ospf6_route_create ospf6d/ospf6_route.c:345
#3 0x46735a in ospf6_abr_examin_summary ospf6d/ospf6_abr.c:886
#4 0x468706 in ospf6_area_lsdb_hook_add ospf6d/ospf6_area.c:79
#5 0x4336c3 in ospf6_lsdb_add ospf6d/ospf6_lsdb.c:122
#6 0x41b308 in ospf6_install_lsa ospf6d/ospf6_flood.c:242
#7 0x41c4d7 in ospf6_receive_lsa ospf6d/ospf6_flood.c:857
#8 0x43cabb in ospf6_lsupdate_recv ospf6d/ospf6_message.c:1376
#9 0x43cabb in ospf6_receive ospf6d/ospf6_message.c:1628
#10 0x4cc3ca in thread_call lib/thread.c:1482
#11 0x493039 in frr_run lib/libfrr.c:870
#12 0x412fc9 in main ospf6d/ospf6_main.c:209
#13 0x7ff49078982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-use-after-free ospf6d/ospf6_intra.c:1559 ospf6_intra_brouter_calculation
Shadow bytes around the buggy address:
0x0c207fff99b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c207fff99c0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c207fff99d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c207fff99e0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c207fff99f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
=>0x0c207fff9a00: fa fa fa fa fa fa fa fa fd fd fd fd fd fd[fd]fd
0x0c207fff9a10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c207fff9a20: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c207fff9a30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c207fff9a40: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c207fff9a50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe```
The text was updated successfully, but these errors were encountered: