Project

General

Profile

Actions

Bug #5201

closed

use after free during make check in osmo-mgw since commit 'mgcp_ratectr: add stats items to monitor trunk usage'

Added by neels over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
07/21/2021
Due date:
% Done:

100%

Spec Reference:

Description

Building with address sanitizer, i get a heap-use-after-free during mgcp_test.c in test_retransmission().

<0010> ../../../../src/osmo-mgw/src/libosmo-mgcp/mgcp_protocol.c:1091 endpoint:rtpbridge/7@mgw CI:B56C87C0 CRCX: connection successfully created
=================================================================
==19776==ERROR: AddressSanitizer: heap-use-after-free on address 0x60e000023188 at pc 0x7f127af94fb6 bp 0x7ffc57de92d0 sp 0x7ffc57de92c8
WRITE of size 8 at 0x60e000023188 thread T0
    #0 0x7f127af94fb5 in __llist_add (/usr/local/lib/libosmocore.so.17+0x16afb5)
    #1 0x7f127af9514d in llist_add (/usr/local/lib/libosmocore.so.17+0x16b14d)
    #2 0x7f127af96134 in osmo_stat_item_group_alloc (/usr/local/lib/libosmocore.so.17+0x16c134)
    #3 0x55985cac69a3 in mgcp_stat_trunk_alloc (/home/neels/osmo-dev/make/osmo-mgw/tests/mgcp/mgcp_test+0x1159a3)
    #4 0x55985cac345c in mgcp_trunk_alloc (/home/neels/osmo-dev/make/osmo-mgw/tests/mgcp/mgcp_test+0x11245c)
    #5 0x55985ca85d96 in mgcp_config_alloc (/home/neels/osmo-dev/make/osmo-mgw/tests/mgcp/mgcp_test+0xd4d96)
    #6 0x55985ca6627f in test_retransmission ../../../../src/osmo-mgw/tests/mgcp/mgcp_test.c:933
    #7 0x55985ca71944 in main ../../../../src/osmo-mgw/tests/mgcp/mgcp_test.c:2255
    #8 0x7f1279c4c09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
    #9 0x55985ca61b39 in _start (/home/neels/osmo-dev/make/osmo-mgw/tests/mgcp/mgcp_test+0xb0b39)

I bisected to identify this commit as the cause:

commit 6bad138c96ef0e2a93ef7de42e897880131c0b43
Author:     Philipp Maier <pmaier@sysmocom.de>
    mgcp_ratectr: add stats items to monitor trunk usage

I took a very brief look and couldn't figure it out directly, so decided to revert the commit instead.

dexter please take a look and re-submit a fixed patch version

Actions

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)