Bug #4495
Updated by Alex Afanasyev almost 7 years ago
The following snippet suppose to work without problems test.cpp: ``` #include <iostream> #include <sstream> #include <unordered_map> #include <memory> #include <ndn-cxx/face.hpp> #include <ndn-cxx/name.hpp> #include <ndn-cxx/security/key-chain.hpp> #include <ChronoSync/socket.hpp> #include <boost/asio.hpp> int main() { using namespace ndn; KeyChain keychain; boost::asio::io_service io; Face face(nullptr, io, keychain); auto socket3 = std::make_shared<chronosync::Socket>("/test/sync2", "/test/user2", face, [] (const std::vector<chronosync::MissingDataInfo>& info) { std::cerr << "Update" << std::endl; }, Name("/hello"), nullptr, ndn::time::seconds(60)); face.processEvents(); } ``` ``` g++ -std=c++11 `pkg-config --cflags libndn-cxx` `pkg-config --cflags ChronoSync` test.cpp `pkg-config --libs libndn-cxx` `pkg-config --libs ChronoSync` -fsanitize=address -fsanitizer=address test.cpp ``` However, when ndn-cxx compiled `--with-sanitizer=address`, it results in a stable crash ``` ./a.out ``` ``` ==13619==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x620000001fe0 at pc 0x00011143d118 bp 0x7ffee0077310 sp 0x7ffee0076ac0 WRITE of size 64 at 0x620000001fe0 thread T0 #0 0x11143d117 in __asan_memset (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x51117) #1 0x10fcfa7f1 in ndn::InMemoryStorage::InMemoryStorage(unsigned long) deque:1094 #2 0x10fcfa104 in ndn::InMemoryStoragePersistent::InMemoryStoragePersistent() in-memory-storage-persistent.cpp:27 #3 0x11129a72c in chronosync::Socket::Socket(ndn::Name const&, ndn::Name const&, ndn::Face&, std::__1::function<void (std::__1::vector<chronosync::MissingDataInfo, std::__1::allocator<chronosync::MissingDataInfo> > const&)> const&, ndn::Name const&, std::__1::shared_ptr<ndn::security::v2::Validator>, boost::chrono::duration<long long, boost::ratio<1l, 1000l> > const&) socket.cpp:36 #4 0x10fb9a9f7 in std::__1::shared_ptr<chronosync::Socket> std::__1::shared_ptr<chronosync::Socket>::make_shared<char const (&) [12], char const (&) [12], ndn::Face&, main::$_0, ndn::Name, std::nullptr_t, boost::chrono::duration<long long, boost::ratio<1l, 1l> > >(char const (&&&) [12], char const (&&&) [12], ndn::Face&&&, main::$_0&&, ndn::Name&&, std::nullptr_t&&, boost::chrono::duration<long long, boost::ratio<1l, 1l> >&&) (ndn-proxy:x86_64+0x1000159f7) #5 0x10fb8c57a in main (ndn-proxy:x86_64+0x10000757a) #6 0x7fff59c6f114 in start (libdyld.dylib:x86_64+0x1114) 0x620000001fe0 is located 0 bytes to the right of 3936-byte region [0x620000001080,0x620000001fe0) allocated by thread T0 here: #0 0x1114500ab in wrap__Znwm (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x640ab) #1 0x10fb98d1f in std::__1::shared_ptr<chronosync::Socket> std::__1::shared_ptr<chronosync::Socket>::make_shared<char const (&) [12], char const (&) [12], ndn::Face&, main::$_0, ndn::Name, std::nullptr_t, boost::chrono::duration<long long, boost::ratio<1l, 1l> > >(char const (&&&) [12], char const (&&&) [12], ndn::Face&&&, main::$_0&&, ndn::Name&&, std::nullptr_t&&, boost::chrono::duration<long long, boost::ratio<1l, 1l> >&&) (ndn-proxy:x86_64+0x100013d1f) #2 0x10fb8c57a in main (ndn-proxy:x86_64+0x10000757a) #3 0x7fff59c6f114 in start (libdyld.dylib:x86_64+0x1114) SUMMARY: AddressSanitizer: heap-buffer-overflow (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x51117) in __asan_memset Shadow bytes around the buggy address: 0x1c40000003a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1c40000003b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1c40000003c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1c40000003d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1c40000003e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x1c40000003f0: 00 00 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa 0x1c4000000400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c4000000410: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c4000000420: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c4000000430: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c4000000440: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==13619==ABORTING Abort trap: 6 ``` Changing std::deque to std::list/vector, resolves the problem, but I'm really puzzled of what is going on.