Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

local socket: fix accept used after free #10785

Merged
merged 1 commit into from
Sep 24, 2023
Merged

local socket: fix accept used after free #10785

merged 1 commit into from
Sep 24, 2023

Commits on Sep 23, 2023

  1. local socket: fix accept used after free 

    ==1729315==ERROR: AddressSanitizer: heap-use-after-free on address 0xf0501d60 at pc 0x032ffe43 bp 0xef4ed158 sp 0xef4ed148
READ of size 2 at 0xf0501d60 thread T0
    #0 0x32ffe42 in nxsem_wait semaphore/sem_wait.c:94
    #1 0x3548cf5 in _net_timedwait utils/net_lock.c:97
    #2 0x3548f48 in net_sem_timedwait utils/net_lock.c:236
    apache#3 0x3548f8c in net_sem_wait utils/net_lock.c:318
    apache#4 0x350124d in local_accept local/local_accept.c:246
    apache#5 0x3492719 in psock_accept socket/accept.c:149
    apache#6 0x3492bcc in accept4 socket/accept.c:280
    apache#7 0x662dc04 in accept net/lib_accept.c:50
    apache#8 0x55c81ab in kvdb_loop kvdb/server.c:415
    apache#9 0x55c860a in kvdbd_main kvdb/server.c:458
    apache#10 0x33d968b in nxtask_startup sched/task_startup.c:70
    apache#11 0x32ec039 in nxtask_start task/task_start.c:134
    apache#12 0x34109be in pre_start sim/sim_initialstate.c:52

0xf0501d60 is located 288 bytes inside of 420-byte region [0xf0501c40,0xf0501de4)
freed by thread T0 here:
    #0 0xf7aa6a3f in __interceptor_free ../../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
    #1 0x73aa06e in host_free sim/posix/sim_hostmemory.c:192
    #2 0x34131d6 in mm_free sim/sim_heap.c:230
    apache#3 0x3409388 in free umm_heap/umm_free.c:49
    apache#4 0x35631f3 in local_free local/local_conn.c:225
    apache#5 0x3563f75 in local_release local/local_release.c:129
    apache#6 0x34f5a32 in local_close local/local_sockif.c:785
    apache#7 0x3496ee8 in psock_close socket/net_close.c:102
    apache#8 0x36500bc in sock_file_close socket/socket.c:115
    apache#9 0x3635f6c in file_close vfs/fs_close.c:74
    apache#10 0x3632439 in nx_close_from_tcb inode/fs_files.c:670
    apache#11 0x36324f3 in nx_close inode/fs_files.c:697
    apache#12 0x3632557 in close inode/fs_files.c:735
    apache#13 0x55be289 in property_set_ kvdb/client.c:210
    apache#14 0x55c0309 in property_set_int32_ kvdb/common.c:226
    apache#15 0x55c03f5 in property_set_int32_oneway kvdb/common.c:236

Signed-off-by: ligd <liguiding1@xiaomi.com>
    @GUIDINGLI
    GUIDINGLI committed Sep 23, 2023
    Configuration menu
    Copy the full SHA
    2946f49 View commit details
    Browse the repository at this point in the history