Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ASAN (Windows): heap-use-after-free in get_interface_index #576

Open
Danielius1922 opened this issue Dec 1, 2023 · 0 comments
Open

ASAN (Windows): heap-use-after-free in get_interface_index #576

Danielius1922 opened this issue Dec 1, 2023 · 0 comments
Labels
api bug Something isn't working windows issue on windows

Comments

@Danielius1922
Copy link
Member

Danielius1922 commented Dec 1, 2023
edited
Loading

Replication steps:

  1. build on MSYS2 with clang and address sanitizer enabled
  2. run unit tests
==6404==ERROR: AddressSanitizer: heap-use-after-free on address 0x11aec85a1448 at pc 0x7ff67f28378b bp 0x007a0f59c4e0 sp 0x007a0f59c528
1: READ of size 4 at 0x11aec85a1448 thread T0
1:     #0 0x7ff67f28378a in get_interface_index D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:152:23
1:     #1 0x7ff67f280c75 in add_new_session_locked D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:216:19
1:     #2 0x7ff67f26074b in initiate_new_session_locked D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:365:7
1:     #3 0x7ff67f25cff3 in oc_tcp_send_buffer D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:393:22
1:     #4 0x7ff67edd102f in oc_send_buffer D:/a/iotivity-lite/iotivity-lite/port/windows/ipadapter.c:1140:12
1:     #5 0x7ff67eba6dbf in handle_outbound_network_event D:/a/iotivity-lite/iotivity-lite/api/oc_message_buffer.c:151:7
1:     #6 0x7ff67eba2186 in process_thread_oc_message_buffer_handler D:/a/iotivity-lite/iotivity-lite/api/oc_message_buffer.c:182:7
1:     #7 0x7ff67eafd8ac in call_process D:/a/iotivity-lite/iotivity-lite/util/oc_process.c:224:16
1:     #8 0x7ff67eafc0a4 in do_event D:/a/iotivity-lite/iotivity-lite/util/oc_process.c:341:5
1:     #9 0x7ff67eafb82e in oc_process_run D:/a/iotivity-lite/iotivity-lite/util/oc_process.c:354:3
1:     #10 0x7ff67eb9cd2f in oc_main_poll_v1 D:/a/iotivity-lite/iotivity-lite/api/oc_main.c:389:10
1:     #11 0x7ff67e3cf8f3 in oc::Device::PoolEventsMs(unsigned long long, bool) D:/a/iotivity-lite/iotivity-lite/tests/gtest/Device.cpp:221:34
1:     #12 0x7ff67e3d6493 in oc::TestDevice::PoolEventsMsV1(std::__1::chrono::duration<long long, std::__1::ratio<1ll, 1000ll>>, bool) D:/a/iotivity-lite/iotivity-lite/tests/gtest/Device.h:161:12
1:     #13 0x7ff67eaa05d1 in TestResourceWithDevice_BaselineInterfaceProperties_Test::TestBody() D:/a/iotivity-lite/iotivity-lite/api/unittest/resourcetest.cpp:648:3
1:     #14 0x7ff67f13ba49 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2078:10
1:     #15 0x7ff67f0f71bc in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2114:14
1:     #16 0x7ff67f099a7b in testing::Test::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2150:5
1:     #17 0x7ff67f09ccc5 in testing::TestInfo::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2326:11
1:     #18 0x7ff67f09f0ff in testing::TestCase::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2444:28
1:     #19 0x7ff67f0bf50a in testing::internal::UnitTestImpl::RunAllTests() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:4315:43
1:     #20 0x7ff67f159a99 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2078:10
1:     #21 0x7ff67f10149c in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2114:14
1:     #22 0x7ff67f0bd451 in testing::UnitTest::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:3926:10
1:     #23 0x7ff67efb3f22 in RUN_ALL_TESTS() D:/a/iotivity-lite/iotivity-lite/deps/gtest/include/gtest/gtest.h:2288:46
1:     #24 0x7ff67efb3db2 in main D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest_main.cc:37:10
1:     #25 0x7ff67e361314 in __tmainCRTStartup C:/M/B/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:[267](https://github.com/iotivity/iotivity-lite/actions/runs/7050231085/job/19190453935#step:5:268):15
1:     #26 0x7ff67e361365 in .l_start C:/M/B/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:188:9
1:     #27 0x7ff8a11d4ddf  (C:\Windows\System32\KERNEL32.DLL+0x180014ddf)
1:     #28 0x7ff8a315ed9a  (C:\Windows\SYSTEM32\ntdll.dll+0x18007ed9a)
1: 
1: 0x11aec85a1448 is located 136 bytes inside of 144-byte region [0x11aec85a13c0,0x11aec85a1450)
1: freed by thread T0 here:
1:     #0 0x7ff86f4d3ef1 in free (D:\a\_temp\msys64\clang64\bin\libclang_rt.asan_dynamic-x86_64.dll+0x180043ef1)
1:     #1 0x7ff67f29fd3f in free_network_addresses D:/a/iotivity-lite/iotivity-lite/port/windows/network_addresses.c:184:5
1:     #2 0x7ff67f2836c1 in get_interface_index D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:151:9
1:     #3 0x7ff67f[280](https://github.com/iotivity/iotivity-lite/actions/runs/7050231085/job/19190453935#step:5:281)c75 in add_new_session_locked D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:216:19
1:     #4 0x7ff67f26074b in initiate_new_session_locked D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:365:7
1:     #5 0x7ff67f25cff3 in oc_tcp_send_buffer D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:393:22
1:     #6 0x7ff67edd102f in oc_send_buffer D:/a/iotivity-lite/iotivity-lite/port/windows/ipadapter.c:1140:12
1:     #7 0x7ff67eba6dbf in handle_outbound_network_event D:/a/iotivity-lite/iotivity-lite/api/oc_message_buffer.c:151:7
1:     #8 0x7ff67eba2186 in process_thread_oc_message_buffer_handler D:/a/iotivity-lite/iotivity-lite/api/oc_message_buffer.c:182:7
1:     #9 0x7ff67eafd8ac in call_process D:/a/iotivity-lite/iotivity-lite/util/oc_process.c:224:16
1:     #10 0x7ff67eafc0a4 in do_event D:/a/iotivity-lite/iotivity-lite/util/oc_process.c:341:5
1:     #11 0x7ff67eafb82e in oc_process_run D:/a/iotivity-lite/iotivity-lite/util/oc_process.c:354:3
1:     #12 0x7ff67eb9cd2f in oc_main_poll_v1 D:/a/iotivity-lite/iotivity-lite/api/oc_main.c:389:10
1:     #13 0x7ff67e3cf8f3 in oc::Device::PoolEventsMs(unsigned long long, bool) D:/a/iotivity-lite/iotivity-lite/tests/gtest/Device.cpp:221:34
1:     #14 0x7ff67e3d6493 in oc::TestDevice::PoolEventsMsV1(std::__1::chrono::duration<long long, std::__1::ratio<1ll, 1000ll>>, bool) D:/a/iotivity-lite/iotivity-lite/tests/gtest/Device.h:161:12
1:     #15 0x7ff67eaa05d1 in TestResourceWithDevice_BaselineInterfaceProperties_Test::TestBody() D:/a/iotivity-lite/iotivity-lite/api/unittest/resourcetest.cpp:648:3
1:     #16 0x7ff67f13ba49 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2078:10
1:     #17 0x7ff67f0f71bc in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2114:14
1:     #18 0x7ff67f099a7b in testing::Test::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2150:5
1:     #19 0x7ff67f09ccc5 in testing::TestInfo::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2326:11
1:     #20 0x7ff67f09f0ff in testing::TestCase::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2444:28
1:     #21 0x7ff67f0bf50a in testing::internal::UnitTestImpl::RunAllTests() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:4315:43
1:     #22 0x7ff67f159a99 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2078:10
1:     #23 0x7ff67f10149c in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2114:14
1:     #24 0x7ff67f0bd451 in testing::UnitTest::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:3926:10
1:     #25 0x7ff67efb3f22 in RUN_ALL_TESTS() D:/a/iotivity-lite/iotivity-lite/deps/gtest/include/gtest/gtest.h:2288:46
1:     #26 0x7ff67efb3db2 in main D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest_main.cc:37:10
1:     #27 0x7ff67e361314 in __tmainCRTStartup C:/M/B/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:267:15
1: 
1: previously allocated by thread T0 here:
1:     #0 0x7ff86f4d4126 in calloc (D:\a\_temp\msys64\clang64\bin\libclang_rt.asan_dynamic-x86_64.dll+0x180044126)
1:     #1 0x7ff67f29ce6a in get_network_addresses D:/a/iotivity-lite/iotivity-lite/port/windows/network_addresses.c:96:18
1:     #2 0x7ff67f[282](https://github.com/iotivity/iotivity-lite/actions/runs/7050231085/job/19190453935#step:5:283)d9f in get_interface_index D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:133:27
1:     #3 0x7ff67f280c75 in add_new_session_locked D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:216:19
1:     #4 0x7ff67f26074b in initiate_new_session_locked D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:365:7
1:     #5 0x7ff67f25cff3 in oc_tcp_send_buffer D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:393:22
1:     #6 0x7ff67edd102f in oc_send_buffer D:/a/iotivity-lite/iotivity-lite/port/windows/ipadapter.c:1140:12
1:     #7 0x7ff67eba6dbf in handle_outbound_network_event D:/a/iotivity-lite/iotivity-lite/api/oc_message_buffer.c:151:7
1:     #8 0x7ff67eba2186 in process_thread_oc_message_buffer_handler D:/a/iotivity-lite/iotivity-lite/api/oc_message_buffer.c:182:7
1:     #9 0x7ff67eafd8ac in call_process D:/a/iotivity-lite/iotivity-lite/util/oc_process.c:224:16
1:     #10 0x7ff67eafc0a4 in do_event D:/a/iotivity-lite/iotivity-lite/util/oc_process.c:341:5
1:     #11 0x7ff67eafb82e in oc_process_run D:/a/iotivity-lite/iotivity-lite/util/oc_process.c:354:3
1:     #12 0x7ff67eb9cd2f in oc_main_poll_v1 D:/a/iotivity-lite/iotivity-lite/api/oc_main.c:389:10
1:     #13 0x7ff67e3cf8f3 in oc::Device::PoolEventsMs(unsigned long long, bool) D:/a/iotivity-lite/iotivity-lite/tests/gtest/Device.cpp:221:34
1:     #14 0x7ff67e3d6493 in oc::TestDevice::PoolEventsMsV1(std::__1::chrono::duration<long long, std::__1::ratio<1ll, 1000ll>>, bool) D:/a/iotivity-lite/iotivity-lite/tests/gtest/Device.h:161:12
1:     #15 0x7ff67eaa05d1 in TestResourceWithDevice_BaselineInterfaceProperties_Test::TestBody() D:/a/iotivity-lite/iotivity-lite/api/unittest/resourcetest.cpp:648:3
1:     #16 0x7ff67f13ba49 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2078:10
1:     #17 0x7ff67f0f71bc in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2114:14
1:     #18 0x7ff67f099a7b in testing::Test::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2150:5
1:     #19 0x7ff67f09ccc5 in testing::TestInfo::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2326:11
1:     #20 0x7ff67f09f0ff in testing::TestCase::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2444:28
1:     #21 0x7ff67f0bf50a in testing::internal::UnitTestImpl::RunAllTests() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:4315:43
1:     #22 0x7ff67f159a99 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2078:10
1:     #23 0x7ff67f10149c in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2114:14
1:     #24 0x7ff67f0bd451 in testing::UnitTest::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:3926:10
1:     #25 0x7ff67efb3f22 in RUN_ALL_TESTS() D:/a/iotivity-lite/iotivity-lite/deps/gtest/include/gtest/gtest.h:2[288](https://github.com/iotivity/iotivity-lite/actions/runs/7050231085/job/19190453935#step:5:289):46
1:     #26 0x7ff67efb3db2 in main D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest_main.cc:37:10
1:     #27 0x7ff67e361[314](https://github.com/iotivity/iotivity-lite/actions/runs/7050231085/job/19190453935#step:5:315) in __tmainCRTStartup C:/M/B/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:267:15
1: 
1: SUMMARY: AddressSanitizer: heap-use-after-free D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:152:23 in get_interface_index
@Danielius1922 Danielius1922 added bug Something isn't working windows issue on windows api labels Dec 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api bug Something isn't working windows issue on windows
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Danielius1922