Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

heap-buffer-overflow bug caused by user misconfiguration (amcl:max_particles=a negative value) #4338

Closed
GoesM opened this issue May 13, 2024 · 1 comment
Closed

heap-buffer-overflow bug caused by user misconfiguration (amcl:max_particles=a negative value) #4338

GoesM opened this issue May 13, 2024 · 1 comment

Comments

@GoesM
Copy link
Contributor

GoesM commented May 13, 2024

this issue is mainly for adding ticket for #4005

Bug report

Required Info:

  • Operating System:
    • Ubuntu 22.04
  • ROS2 Version:
    • humble
  • Version or commit hash:
    • the latest
  • DDS implementation:
    • default

Steps to reproduce issue

Here is our launch command:

source install/setup.bash
source /opt/ros/humble/setup.bash
export TURTLEBOT3_MODEL=waffle
export GAZEBO_MODEL_PATH=$GAZEBO_MODEL_PATH:/opt/ros/humble/share/turtlebot3_gazebo/models
ros2 launch nav2_bringup tb3_simulation_launch.py params_file:=my_nav2_params.yaml

there's only one difference between my_nav2_params.yaml and defaulted nav2_params.yaml:

#my_nav2_params.yaml
......
nav2_amcl
      ......
    max_particles: -67897767946
    min_particles: 500
    ......

Expected behavior

no bug occurs

Actual behavior

face to the asan report:

=================================================================
==148826==ERROR: AddressSanitizer: calloc parameters overflow: count * size (-1829840926 * 72) cannot be represented in type size_t (thread T0)
    #0 0x6540c0140538 in __interceptor_calloc (/home/***/nav2_humble/install/nav2_amcl/lib/nav2_amcl/amcl+0xa9538) (BuildId: 3867e1c4deb9f2b10f5a588dd0fac0b28cac6c97)
    #1 0x7de11516c837 in pf_kdtree_alloc (/home/***/nav2_humble/install/nav2_amcl/lib/libpf_lib.so+0x9837) (BuildId: 5f790c1d486efe88d68d8730614daf5dc67b5248)

==148826==ABORTING

Additional information

It seems that here's already a check for the negative value, however it doesn't work actually.

navigation2/nav2_amcl/src/amcl_node.cpp

Lines 1119 to 1124 in 4fa12ac

if (max_particles_ < 0) {
RCLCPP_WARN(
get_logger(), "You've set max_particles to be negative,"
" this isn't allowed so it will be set to default value 2000.");
max_particles_ = 2000;
}

The detail of why this check doesn't work needs to be checked.
@GoesM
Copy link
Contributor Author

GoesM commented May 13, 2024

additional information

It seems that here's already a check for the negative value, however it doesn't work actually.

further discussion about it is in #4339

@GoesM GoesM closed this as completed May 13, 2024
@GoesM GoesM mentioned this issue May 13, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoesM