use after free during make check in osmo-mgw since commit 'mgcp_ratectr: add stats items to monitor trunk usage'
Building with address sanitizer, i get a heap-use-after-free during mgcp_test.c in test_retransmission().
<0010> ../../../../src/osmo-mgw/src/libosmo-mgcp/mgcp_protocol.c:1091 endpoint:rtpbridge/7@mgw CI:B56C87C0 CRCX: connection successfully created ================================================================= ==19776==ERROR: AddressSanitizer: heap-use-after-free on address 0x60e000023188 at pc 0x7f127af94fb6 bp 0x7ffc57de92d0 sp 0x7ffc57de92c8 WRITE of size 8 at 0x60e000023188 thread T0 #0 0x7f127af94fb5 in __llist_add (/usr/local/lib/libosmocore.so.17+0x16afb5) #1 0x7f127af9514d in llist_add (/usr/local/lib/libosmocore.so.17+0x16b14d) #2 0x7f127af96134 in osmo_stat_item_group_alloc (/usr/local/lib/libosmocore.so.17+0x16c134) #3 0x55985cac69a3 in mgcp_stat_trunk_alloc (/home/neels/osmo-dev/make/osmo-mgw/tests/mgcp/mgcp_test+0x1159a3) #4 0x55985cac345c in mgcp_trunk_alloc (/home/neels/osmo-dev/make/osmo-mgw/tests/mgcp/mgcp_test+0x11245c) #5 0x55985ca85d96 in mgcp_config_alloc (/home/neels/osmo-dev/make/osmo-mgw/tests/mgcp/mgcp_test+0xd4d96) #6 0x55985ca6627f in test_retransmission ../../../../src/osmo-mgw/tests/mgcp/mgcp_test.c:933 #7 0x55985ca71944 in main ../../../../src/osmo-mgw/tests/mgcp/mgcp_test.c:2255 #8 0x7f1279c4c09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) #9 0x55985ca61b39 in _start (/home/neels/osmo-dev/make/osmo-mgw/tests/mgcp/mgcp_test+0xb0b39)
I bisected to identify this commit as the cause:
commit 6bad138c96ef0e2a93ef7de42e897880131c0b43 Author: Philipp Maier <firstname.lastname@example.org> mgcp_ratectr: add stats items to monitor trunk usage
I took a very brief look and couldn't figure it out directly, so decided to revert the commit instead.
dexter please take a look and re-submit a fixed patch version
Updated by dexter about 1 year ago
- Status changed from In Progress to Resolved
- % Done changed from 90 to 100
The use after free problem is fixed, there is only a follow up patch still in review: https://gerrit.osmocom.org/c/osmo-mgw/+/25103, however since this patch has technically nothing to do with this problem. I set this to resolved.