Actions
Bug #5302
closedns2: ASan heap-use-after-free in ns2_nse_notify_unblocked() when running GBProxy_Tests.TC_bvc_reset_blocked_ptp_from_sgsn
Start date:
11/10/2021
Due date:
% Done:
100%
Spec Reference:
Description
Backtrace:
==103449==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000009456 at pc 0x7f4e2bb00fb1 bp 0x7ffc1be40c30 s p 0x7ffc1be40c28 READ of size 1 at 0x611000009456 thread T0 #0 0x7f4e2bb00fb0 in ns2_nse_notify_unblocked /home/daniel/scm/osmo/libosmocore/src/gb/gprs_ns2.c:1410 #1 0x7f4e2bb1b98b in ns2_st_alive_onenter /home/daniel/scm/osmo/libosmocore/src/gb/gprs_ns2_vc_fsm.c:488 #2 0x7f4e2b5a504a in state_chg /home/daniel/scm/osmo/libosmocore/src/fsm.c:699 #3 0x7f4e2b5a6a4f in _osmo_fsm_inst_state_chg /home/daniel/scm/osmo/libosmocore/src/fsm.c:748 #4 0x7f4e2bb19f4f in alive_timeout_handler /home/daniel/scm/osmo/libosmocore/src/gb/gprs_ns2_vc_fsm.c:247 #5 0x7f4e2b58ab54 in osmo_timers_update /home/daniel/scm/osmo/libosmocore/src/timer.c:273 #6 0x7f4e2b58e444 in _osmo_select_main /home/daniel/scm/osmo/libosmocore/src/select.c:388 #7 0x7f4e2b58e4a9 in osmo_select_main /home/daniel/scm/osmo/libosmocore/src/select.c:432 #8 0x5576a6cc4d23 in main /home/daniel/scm/osmo/osmo-gbproxy/src/gb_proxy_main.c:362 #9 0x7f4e2a961e49 in __libc_start_main ../csu/libc-start.c:314 #10 0x5576a6caca59 in _start (/home/daniel/scm/osmo/osmo-gbproxy/src/osmo-gbproxy+0x48a59) 0x611000009456 is located 150 bytes inside of 216-byte region [0x6110000093c0,0x611000009498)
It's probably the NSE that has was freed:
ns2_nse_notify_unblocked (nsvc=0x611000009560, unblocked=unblocked@entry=false) at gprs_ns2.c:1410 1410 if (unblocked == nse->alive)
Related issues
Actions