Bug #5320: Potential double-free in Nfdc/TestCommandDefinition - NFD - NDN project issue tracking system

Actions

Copy link

Bug #5320

open

Potential double-free in Nfdc/TestCommandDefinition

Added by Davide Pesavento 7 months ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Unit Tests

Target version:

Start date:

Due date:

% Done:

Estimated time:

Description

Reported by gcc 14 on Ubuntu 24.04. I haven't investigated yet, so it may or may not be valid.

  ==9866==ERROR: AddressSanitizer: attempting double-free on 0x50300008c7a0 in thread T0:
      #0 0x7f47df8fd738 in operator delete(void*, unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:164
      #1 0x55599b002787 in std::__new_allocator<char>::deallocate(char*, unsigned long) /usr/include/c++/14/bits/new_allocator.h:172
      #2 0x55599b002787 in std::allocator_traits<std::allocator<char> >::deallocate(std::allocator<char>&, char*, unsigned long) /usr/include/c++/14/bits/alloc_traits.h:513
      #3 0x55599b002787 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_destroy(unsigned long) /usr/include/c++/14/bits/basic_string.h:294
      #4 0x55599b002787 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_dispose() /usr/include/c++/14/bits/basic_string.h:288
      #5 0x55599b07057f in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string() /usr/include/c++/14/bits/basic_string.h:809
      #6 0x55599b07057f in nfd::tools::nfdc::tests::Nfdc::TestCommandDefinition::Arguments::PositionalArgs::test_method() ../tests/tools/nfdc/command-definition.t.cpp:134
      #7 0x55599b0726af in PositionalArgs_invoker ../tests/tools/nfdc/command-definition.t.cpp:85
      #8 0x55599aff6de9 in boost::detail::function::void_function_invoker0<void (*)(), void>::invoke(boost::detail::function::function_buffer&) /usr/include/boost/function/function_template.hpp:117
      #9 0x7f47df793c15  (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x28c15) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #10 0x7f47df799cd4 in boost::execution_monitor::catch_signals(boost::function<int ()> const&) (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x2ecd4) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #11 0x7f47df79a14e in boost::execution_monitor::execute(boost::function<int ()> const&) (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x2f14e) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #12 0x7f47df79a237 in boost::execution_monitor::vexecute(boost::function<void ()> const&) (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x2f237) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #13 0x7f47df7b7e4e in boost::unit_test::unit_test_monitor_t::execute_and_translate(boost::function<void ()> const&, unsigned long) (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x4ce4e) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #14 0x7f47df7db9c9  (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x709c9) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #15 0x7f47df7dbd7a  (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x70d7a) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #16 0x7f47df7dbd7a  (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x70d7a) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #17 0x7f47df7dbd7a  (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x70d7a) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #18 0x7f47df7dbd7a  (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x70d7a) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #19 0x7f47df7a4768 in boost::unit_test::framework::run(unsigned long, bool) (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x39768) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #20 0x7f47df7b7783 in boost::unit_test::unit_test_main(bool (*)(), int, char**) (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x4c783) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #21 0x55599b3c5620 in main /usr/include/boost/test/unit_test.hpp:64
      #22 0x7f47de42a1c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 4d9090d61bf70e6b3225d583f0f08193f54670b2)
      #23 0x7f47de42a28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 4d9090d61bf70e6b3225d583f0f08193f54670b2)
      #24 0x55599afed124 in _start (build/unit-tests-tools+0xb4124) (BuildId: 344b767e81157609943749c1acdc10e79aae32c5)

  0x50300008c7a0 is located 0 bytes inside of 26-byte region [0x50300008c7a0,0x50300008c7ba)
  freed by thread T0 here:
      #0 0x7f47df8fd738 in operator delete(void*, unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:164
      #1 0x55599b002787 in std::__new_allocator<char>::deallocate(char*, unsigned long) /usr/include/c++/14/bits/new_allocator.h:172
      #2 0x55599b002787 in std::allocator_traits<std::allocator<char> >::deallocate(std::allocator<char>&, char*, unsigned long) /usr/include/c++/14/bits/alloc_traits.h:513
      #3 0x55599b002787 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_destroy(unsigned long) /usr/include/c++/14/bits/basic_string.h:294
      #4 0x55599b002787 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_dispose() /usr/include/c++/14/bits/basic_string.h:288
      #5 0x55599b0705d5 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string() /usr/include/c++/14/bits/basic_string.h:809
      #6 0x55599b0705d5 in nfd::tools::nfdc::tests::Nfdc::TestCommandDefinition::Arguments::PositionalArgs::test_method() ../tests/tools/nfdc/command-definition.t.cpp:134
      #7 0x55599b0726af in PositionalArgs_invoker ../tests/tools/nfdc/command-definition.t.cpp:85
      #8 0x55599aff6de9 in boost::detail::function::void_function_invoker0<void (*)(), void>::invoke(boost::detail::function::function_buffer&) /usr/include/boost/function/function_template.hpp:117
      #9 0x7f47df793c15  (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x28c15) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #10 0x7f47df799cd4 in boost::execution_monitor::catch_signals(boost::function<int ()> const&) (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x2ecd4) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #11 0x7f47df79a14e in boost::execution_monitor::execute(boost::function<int ()> const&) (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x2f14e) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #12 0x7f47df79a237 in boost::execution_monitor::vexecute(boost::function<void ()> const&) (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x2f237) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #13 0x7f47df7b7e4e in boost::unit_test::unit_test_monitor_t::execute_and_translate(boost::function<void ()> const&, unsigned long) (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x4ce4e) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #14 0x7f47df7db9c9  (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x709c9) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #15 0x7f47df7dbd7a  (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x70d7a) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #16 0x7f47df7dbd7a  (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x70d7a) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #17 0x7f47df7dbd7a  (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x70d7a) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #18 0x7f47df7dbd7a  (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x70d7a) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #19 0x7f47df7a4768 in boost::unit_test::framework::run(unsigned long, bool) (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x39768) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #20 0x7f47df7b7783 in boost::unit_test::unit_test_main(bool (*)(), int, char**) (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x4c783) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #21 0x55599b3c5620 in main /usr/include/boost/test/unit_test.hpp:64
      #22 0x7f47de42a1c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 4d9090d61bf70e6b3225d583f0f08193f54670b2)
      #23 0x7f47de42a28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 4d9090d61bf70e6b3225d583f0f08193f54670b2)
      #24 0x55599afed124 in _start (build/unit-tests-tools+0xb4124) (BuildId: 344b767e81157609943749c1acdc10e79aae32c5)

  previously allocated by thread T0 here:
      #0 0x7f47df8fc698 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:95
      #1 0x55599b007415 in std::__new_allocator<char>::allocate(unsigned long, void const*) /usr/include/c++/14/bits/new_allocator.h:151
      #2 0x55599b007415 in std::allocator_traits<std::allocator<char> >::allocate(std::allocator<char>&, unsigned long) /usr/include/c++/14/bits/alloc_traits.h:478
      #3 0x55599b007415 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_S_allocate(std::allocator<char>&, unsigned long) /usr/include/c++/14/bits/basic_string.h:131
      #4 0x55599b007415 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_create(unsigned long&, unsigned long) /usr/include/c++/14/bits/basic_string.tcc:159
      #5 0x55599b007516 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char const*>(char const*, char const*, std::forward_iterator_tag) /usr/include/c++/14/bits/basic_string.tcc:229
      #6 0x55599b00776f in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string<std::allocator<char> >(char const*, std::allocator<char> const&) /usr/include/c++/14/bits/basic_string.h:654
      #7 0x55599b06d4d2 in nfd::tools::nfdc::tests::Nfdc::TestCommandDefinition::Arguments::PositionalArgs::test_method() ../tests/tools/nfdc/command-definition.t.cpp:134
      #8 0x55599b0726af in PositionalArgs_invoker ../tests/tools/nfdc/command-definition.t.cpp:85
      #9 0x55599aff6de9 in boost::detail::function::void_function_invoker0<void (*)(), void>::invoke(boost::detail::function::function_buffer&) /usr/include/boost/function/function_template.hpp:117
      #10 0x7f47df793c15  (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x28c15) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #11 0x7f47df799cd4 in boost::execution_monitor::catch_signals(boost::function<int ()> const&) (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x2ecd4) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #12 0x7f47df79a14e in boost::execution_monitor::execute(boost::function<int ()> const&) (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x2f14e) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #13 0x7f47df79a237 in boost::execution_monitor::vexecute(boost::function<void ()> const&) (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x2f237) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #14 0x7f47df7b7e4e in boost::unit_test::unit_test_monitor_t::execute_and_translate(boost::function<void ()> const&, unsigned long) (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x4ce4e) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #15 0x7f47df7db9c9  (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x709c9) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #16 0x7f47df7dbd7a  (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x70d7a) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #17 0x7f47df7dbd7a  (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x70d7a) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #18 0x7f47df7dbd7a  (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x70d7a) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #19 0x7f47df7dbd7a  (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x70d7a) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #20 0x7f47df7a4768 in boost::unit_test::framework::run(unsigned long, bool) (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x39768) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #21 0x7f47df7b7783 in boost::unit_test::unit_test_main(bool (*)(), int, char**) (/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.83.0+0x4c783) (BuildId: 2c61160182c484a21dab791006ebbb07ebbfff3e)
      #22 0x55599b3c5620 in main /usr/include/boost/test/unit_test.hpp:64
      #23 0x7f47de42a1c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 4d9090d61bf70e6b3225d583f0f08193f54670b2)
      #24 0x7f47de42a28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 4d9090d61bf70e6b3225d583f0f08193f54670b2)
      #25 0x55599afed124 in _start (build/unit-tests-tools+0xb4124) (BuildId: 344b767e81157609943749c1acdc10e79aae32c5)

  SUMMARY: AddressSanitizer: double-free ../../../../src/libsanitizer/asan/asan_new_delete.cpp:164 in operator delete(void*, unsigned long)
  ==9866==ABORTING

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

NFD

Tags

Bug #5320

Potential double-free in Nfdc/TestCommandDefinition