Project

General

Profile

Actions
Copy link

Bug #5200

closed

CTRL command nsvc-state causes memory corruption

Added by daniel almost 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
daniel
Target version:
-
Start date:
07/19/2021
Due date:
% Done:

100%

Spec Reference:

Description

ASan crashes with heap-use-after-free /home/daniel/scm/osmo/libosmocore/src/select.c:294 in poll_fill_fds

osmo_ctrl.py -d localhost -p 4263 -g nsvc-state

Breakpoint 1, __asan::ReportGenericError (pc=140737325940093, bp=bp@entry=140737488346384, sp=sp@entry=140737488346376, 
    addr=106652627902132, is_write=is_write@entry=false, access_size=access_size@entry=4, exp=0, fatal=true)
    at ../../../../src/libsanitizer/asan/asan_report.cpp:458
458    ../../../../src/libsanitizer/asan/asan_report.cpp: No such file or directory.
(gdb) bt
#0  __asan::ReportGenericError (pc=140737325940093, bp=bp@entry=140737488346384, sp=sp@entry=140737488346376, addr=106652627902132, 
    is_write=is_write@entry=false, access_size=access_size@entry=4, exp=0, fatal=true)
    at ../../../../src/libsanitizer/asan/asan_report.cpp:458
#1  0x00007ffff764b8a8 in __asan::__asan_report_load4 (addr=<optimized out>) at ../../../../src/libsanitizer/asan/asan_rtl.cpp:119
#2  0x00007ffff651bd7d in poll_fill_fds () at select.c:294
#3  0x00007ffff651e9b4 in _osmo_select_main (polling=polling@entry=0) at select.c:377
#4  0x00007ffff651ead5 in osmo_select_main (polling=polling@entry=0) at select.c:432
#5  0x00005555555b299e in main (argc=3, argv=0x7fffffffdec8) at gb_proxy_main.c:362
(gdb)

So somehow the list of fds gets corrupted

Actions
Copy link

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)