Details
-
Type:
Bug
-
Status: Done (View workflow)
-
Priority:
Medium
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: bes
-
Labels:None
-
Epic Link:
-
Sprint:Datause-18.3.6 (Review)
Description
See bes/dap/unit-tests
edamame:unit-tests jimg$ ./ResponseBuilderTest
.....=================================================================
==33486==ERROR: AddressSanitizer: container-overflow on address 0x6020000432d0 at pc 0x00010d798b02 bp 0x7ffee3ba51e0 sp 0x7ffee3ba4980
WRITE of size 12 at 0x6020000432d0 thread T0
#0 0x10d798b01 in wrap_memmove (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x1bb01)
#1 0x7fff57a2b195 in std::__1::basic_streambuf<char, std::__1::char_traits<char> >::xsgetn(char*, long) (libc++.1.dylib:x86_64+0xa195)
#2 0x7fff57a2d81d in std::__1::basic_istream<char, std::__1::char_traits<char> >::read(char*, long) (libc++.1.dylib:x86_64+0xc81d)
#3 0x10c093e3c in parse_datadds_response(std::__1::basic_istream<char, std::__1::char_traits<char> >&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >&, std::__1::vector<char, std::__1::allocator<char> >&) ResponseBuilderTest.cc:138
#4 0x10c08d462 in ResponseBuilderTest::invoke_server_side_function_test() ResponseBuilderTest.cc:720
#5 0x10c092a69 in CppUnit::TestCaller<ResponseBuilderTest>::runTest() TestCaller.h:166
#6 0x10d71fdd1 in CppUnit::TestCaseMethodFunctor::operator()() const (libcppunit-1.13.0.dylib:x86_64+0xddd1)
#7 0x10d7141b3 in CppUnit::DefaultProtector::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) (libcppunit-1.13.0.dylib:x86_64+0x21b3)
#8 0x10d71d2f8 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const (libcppunit-1.13.0.dylib:x86_64+0xb2f8)
#9 0x10d71c2bf in CppUnit::ProtectorChain::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) (libcppunit-1.13.0.dylib:x86_64+0xa2bf)
#10 0x10d72720d in CppUnit::TestResult::protect(CppUnit::Functor const&, CppUnit::Test*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) (libcppunit-1.13.0.dylib:x86_64+0x1520d)
#11 0x10d71fa6d in CppUnit::TestCase::run(CppUnit::TestResult*) (libcppunit-1.13.0.dylib:x86_64+0xda6d)
#12 0x10d720374 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) (libcppunit-1.13.0.dylib:x86_64+0xe374)
#13 0x10d72025e in CppUnit::TestComposite::run(CppUnit::TestResult*) (libcppunit-1.13.0.dylib:x86_64+0xe25e)
#14 0x10d720374 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) (libcppunit-1.13.0.dylib:x86_64+0xe374)
#15 0x10d72025e in CppUnit::TestComposite::run(CppUnit::TestResult*) (libcppunit-1.13.0.dylib:x86_64+0xe25e)
#16 0x10d726fd1 in CppUnit::TestResult::runTest(CppUnit::Test*) (libcppunit-1.13.0.dylib:x86_64+0x14fd1)
#17 0x10d729835 in CppUnit::TestRunner::run(CppUnit::TestResult&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) (libcppunit-1.13.0.dylib:x86_64+0x17835)
#18 0x10d72b62e in CppUnit::TextTestRunner::run(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, bool, bool) (libcppunit-1.13.0.dylib:x86_64+0x1962e)
#19 0x10c059486 in main ResponseBuilderTest.cc:820
#20 0x7fff59ad3014 in start (libdyld.dylib:x86_64+0x1014)
0x6020000432d0 is located 0 bytes inside of 12-byte region [0x6020000432d0,0x6020000432dc)
allocated by thread T0 here:
#0 0x10d7dfb32 in wrap__Znwm (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x62b32)
#1 0x10c096b11 in std::__1::__split_buffer<char, std::__1::allocator<char>&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator<char>&) new:226
#2 0x10c0951bc in std::__1::__split_buffer<char, std::__1::allocator<char>&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator<char>&) __split_buffer:310
#3 0x10c09502b in std::__1::vector<char, std::__1::allocator<char> >::reserve(unsigned long) vector:1530
#4 0x10c093dc7 in parse_datadds_response(std::__1::basic_istream<char, std::__1::char_traits<char> >&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >&, std::__1::vector<char, std::__1::allocator<char> >&) ResponseBuilderTest.cc:137
#5 0x10c08d462 in ResponseBuilderTest::invoke_server_side_function_test() ResponseBuilderTest.cc:720
#6 0x10c092a69 in CppUnit::TestCaller<ResponseBuilderTest>::runTest() TestCaller.h:166
#7 0x10d71fdd1 in CppUnit::TestCaseMethodFunctor::operator()() const (libcppunit-1.13.0.dylib:x86_64+0xddd1)
#8 0x10d7141b3 in CppUnit::DefaultProtector::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) (libcppunit-1.13.0.dylib:x86_64+0x21b3)
#9 0x10d71d2f8 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const (libcppunit-1.13.0.dylib:x86_64+0xb2f8)
#10 0x10d71c2bf in CppUnit::ProtectorChain::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) (libcppunit-1.13.0.dylib:x86_64+0xa2bf)
#11 0x10d72720d in CppUnit::TestResult::protect(CppUnit::Functor const&, CppUnit::Test*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) (libcppunit-1.13.0.dylib:x86_64+0x1520d)
#12 0x10d71fa6d in CppUnit::TestCase::run(CppUnit::TestResult*) (libcppunit-1.13.0.dylib:x86_64+0xda6d)
#13 0x10d720374 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) (libcppunit-1.13.0.dylib:x86_64+0xe374)
#14 0x10d72025e in CppUnit::TestComposite::run(CppUnit::TestResult*) (libcppunit-1.13.0.dylib:x86_64+0xe25e)
#15 0x10d720374 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) (libcppunit-1.13.0.dylib:x86_64+0xe374)
#16 0x10d72025e in CppUnit::TestComposite::run(CppUnit::TestResult*) (libcppunit-1.13.0.dylib:x86_64+0xe25e)
#17 0x10d726fd1 in CppUnit::TestResult::runTest(CppUnit::Test*) (libcppunit-1.13.0.dylib:x86_64+0x14fd1)
#18 0x10d729835 in CppUnit::TestRunner::run(CppUnit::TestResult&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) (libcppunit-1.13.0.dylib:x86_64+0x17835)
#19 0x10d72b62e in CppUnit::TextTestRunner::run(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, bool, bool) (libcppunit-1.13.0.dylib:x86_64+0x1962e)
#20 0x10c059486 in main ResponseBuilderTest.cc:820
#21 0x7fff59ad3014 in start (libdyld.dylib:x86_64+0x1014)
HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_container_overflow=0.
If you suspect a false positive see also: https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow.
SUMMARY: AddressSanitizer: container-overflow (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x1bb01) in wrap_memmove
Shadow bytes around the buggy address:
0x1c0400008600: fa fa 00 fa fa fa fd fa fa fa 00 fa fa fa 00 fa
0x1c0400008610: fa fa 00 00 fa fa fd fd fa fa fd fa fa fa fd fa
0x1c0400008620: fa fa fd fa fa fa 00 fa fa fa fd fa fa fa fd fa
0x1c0400008630: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa
0x1c0400008640: fa fa fd fd fa fa fd fa fa fa fd fd fa fa fd fd
=>0x1c0400008650: fa fa fd fa fa fa fd fd fa fa[fc]fc fa fa fa fa
0x1c0400008660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c0400008670: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c0400008680: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c0400008690: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c04000086a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==33486==ABORTING
Abort trap: 6
edamame:unit-tests jimg$
