Project

General

Profile

Bug #4495

Updated by Alex Afanasyev almost 7 years ago

The following snippet suppose to work without problems 

 test.cpp: 

 ``` 
 #include <iostream> 
 #include <sstream> 
 #include <unordered_map> 
 #include <memory> 

 #include <ndn-cxx/face.hpp> 
 #include <ndn-cxx/name.hpp> 
 #include <ndn-cxx/security/key-chain.hpp> 

 #include <ChronoSync/socket.hpp> 

 #include <boost/asio.hpp> 

 int 
 main() 
 { 
   using namespace ndn; 

   KeyChain keychain; 
   boost::asio::io_service io; 
   Face face(nullptr, io, keychain); 

   auto socket3 = std::make_shared<chronosync::Socket>("/test/sync2", "/test/user2", 
                             face, 
                             [] (const std::vector<chronosync::MissingDataInfo>& info) { 
                               std::cerr << "Update" << std::endl; 
                             }, 
                             Name("/hello"), 
                             nullptr, 
                             ndn::time::seconds(60)); 

   face.processEvents(); 
 } 

 ``` 

 ``` 
 g++ -std=c++11 `pkg-config --cflags libndn-cxx` `pkg-config --cflags ChronoSync` test.cpp `pkg-config --libs libndn-cxx` `pkg-config --libs ChronoSync` -fsanitize=address -fsanitizer=address test.cpp 
 ``` 

 However, when ndn-cxx compiled `--with-sanitizer=address`, it results in a stable crash 

 ``` 
 ./a.out 
 ``` 

 ``` 
 ==13619==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x620000001fe0 at pc 0x00011143d118 bp 0x7ffee0077310 sp 0x7ffee0076ac0 
 WRITE of size 64 at 0x620000001fe0 thread T0 
     #0 0x11143d117 in __asan_memset (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x51117) 
     #1 0x10fcfa7f1 in ndn::InMemoryStorage::InMemoryStorage(unsigned long) deque:1094 
     #2 0x10fcfa104 in ndn::InMemoryStoragePersistent::InMemoryStoragePersistent() in-memory-storage-persistent.cpp:27 
     #3 0x11129a72c in chronosync::Socket::Socket(ndn::Name const&, ndn::Name const&, ndn::Face&, std::__1::function<void (std::__1::vector<chronosync::MissingDataInfo, std::__1::allocator<chronosync::MissingDataInfo> > const&)> const&, ndn::Name const&, std::__1::shared_ptr<ndn::security::v2::Validator>, boost::chrono::duration<long long, boost::ratio<1l, 1000l> > const&) socket.cpp:36 
     #4 0x10fb9a9f7 in std::__1::shared_ptr<chronosync::Socket> std::__1::shared_ptr<chronosync::Socket>::make_shared<char const (&) [12], char const (&) [12], ndn::Face&, main::$_0, ndn::Name, std::nullptr_t, boost::chrono::duration<long long, boost::ratio<1l, 1l> > >(char const (&&&) [12], char const (&&&) [12], ndn::Face&&&, main::$_0&&, ndn::Name&&, std::nullptr_t&&, boost::chrono::duration<long long, boost::ratio<1l, 1l> >&&) (ndn-proxy:x86_64+0x1000159f7) 
     #5 0x10fb8c57a in main (ndn-proxy:x86_64+0x10000757a) 
     #6 0x7fff59c6f114 in start (libdyld.dylib:x86_64+0x1114) 

 0x620000001fe0 is located 0 bytes to the right of 3936-byte region [0x620000001080,0x620000001fe0) 
 allocated by thread T0 here: 
     #0 0x1114500ab in wrap__Znwm (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x640ab) 
     #1 0x10fb98d1f in std::__1::shared_ptr<chronosync::Socket> std::__1::shared_ptr<chronosync::Socket>::make_shared<char const (&) [12], char const (&) [12], ndn::Face&, main::$_0, ndn::Name, std::nullptr_t, boost::chrono::duration<long long, boost::ratio<1l, 1l> > >(char const (&&&) [12], char const (&&&) [12], ndn::Face&&&, main::$_0&&, ndn::Name&&, std::nullptr_t&&, boost::chrono::duration<long long, boost::ratio<1l, 1l> >&&) (ndn-proxy:x86_64+0x100013d1f) 
     #2 0x10fb8c57a in main (ndn-proxy:x86_64+0x10000757a) 
     #3 0x7fff59c6f114 in start (libdyld.dylib:x86_64+0x1114) 

 SUMMARY: AddressSanitizer: heap-buffer-overflow (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x51117) in __asan_memset 
 Shadow bytes around the buggy address: 
   0x1c40000003a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
   0x1c40000003b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
   0x1c40000003c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
   0x1c40000003d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
   0x1c40000003e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 =>0x1c40000003f0: 00 00 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa 
   0x1c4000000400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 
   0x1c4000000410: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 
   0x1c4000000420: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 
   0x1c4000000430: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 
   0x1c4000000440: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 
 Shadow byte legend (one shadow byte represents 8 application bytes): 
   Addressable:             00 
   Partially addressable: 01 02 03 04 05 06 07 
   Heap left redzone:         fa 
   Freed heap region:         fd 
   Stack left redzone:        f1 
   Stack mid redzone:         f2 
   Stack right redzone:       f3 
   Stack after return:        f5 
   Stack use after scope:     f8 
   Global redzone:            f9 
   Global init order:         f6 
   Poisoned by user:          f7 
   Container overflow:        fc 
   Array cookie:              ac 
   Intra object redzone:      bb 
   ASan internal:             fe 
   Left alloca redzone:       ca 
   Right alloca redzone:      cb 
 ==13619==ABORTING 
 Abort trap: 6 
 ``` 

 Changing std::deque to std::list/vector, resolves the problem, but I'm really puzzled of what is going on.

Back