Actions
Bug #5200
closedCTRL command nsvc-state causes memory corruption
Start date:
07/19/2021
Due date:
% Done:
100%
Spec Reference:
Description
ASan crashes with heap-use-after-free /home/daniel/scm/osmo/libosmocore/src/select.c:294 in poll_fill_fds
osmo_ctrl.py -d localhost -p 4263 -g nsvc-state
Breakpoint 1, __asan::ReportGenericError (pc=140737325940093, bp=bp@entry=140737488346384, sp=sp@entry=140737488346376, addr=106652627902132, is_write=is_write@entry=false, access_size=access_size@entry=4, exp=0, fatal=true) at ../../../../src/libsanitizer/asan/asan_report.cpp:458 458 ../../../../src/libsanitizer/asan/asan_report.cpp: No such file or directory. (gdb) bt #0 __asan::ReportGenericError (pc=140737325940093, bp=bp@entry=140737488346384, sp=sp@entry=140737488346376, addr=106652627902132, is_write=is_write@entry=false, access_size=access_size@entry=4, exp=0, fatal=true) at ../../../../src/libsanitizer/asan/asan_report.cpp:458 #1 0x00007ffff764b8a8 in __asan::__asan_report_load4 (addr=<optimized out>) at ../../../../src/libsanitizer/asan/asan_rtl.cpp:119 #2 0x00007ffff651bd7d in poll_fill_fds () at select.c:294 #3 0x00007ffff651e9b4 in _osmo_select_main (polling=polling@entry=0) at select.c:377 #4 0x00007ffff651ead5 in osmo_select_main (polling=polling@entry=0) at select.c:432 #5 0x00005555555b299e in main (argc=3, argv=0x7fffffffdec8) at gb_proxy_main.c:362 (gdb)
So somehow the list of fds gets corrupted
Actions