Bug #5127: Wrong assertion in AccessStrategy::findPrefixMeasurements - NFD - NDN project issue tracking system

Bug #5127

Updated by Davide Pesavento over 3 years ago

[This assertion](https://github.com/named-data/NFD/blob/c1d4837b6f76a9f1bae73a5d3eb5e9514fe88d33/daemon/fw/access-strategy.cpp#L261) doesn't seem to be correct. If the code isn't prepared to handle a non-existing `MtInfo` (as the comment below that line says), it should have safe fallback but not crash. In fact, the calling code already handles the case `mi == nullptr` gracefully, so I'm not sure why the assert was added in the first place. 

 This bug was found by [NFDFuzz](https://doi.org/10.1145/3405656.3420234), an experimental fuzzer for NFD and ndn-cxx. 

 Stack trace of the failed assertion: 

 ``` 
 fuzzer: ../daemon/fw/access-strategy.cpp:261: std::tuple<Name, AccessStrategy::MtInfo *> nfd::fw::AccessStrategy::findPrefixMeasurements(const pit::Entry &): Assertion `mi != nullptr' failed. 
 ==5844== ERROR: libFuzzer: deadly signal 
     #0 0x5dbbc1 in __sanitizer_print_stack_trace (/home/gtorresz/nfdfuzzer/NFD/build/daemon/fuzzer/fuzzer+0x5dbbc1) 
     #1 0xe86e98 in fuzzer::PrintStackTrace() /home/gtorresz/nfdfuzzer/fuzzer/FuzzerUtil.cpp:210:5 
     #2 0xe720ee in fuzzer::Fuzzer::CrashCallback() /home/gtorresz/nfdfuzzer/fuzzer/FuzzerLoop.cpp:233:3 
     #3 0x7f6a2f1823bf    (/lib/x86_64-linux-gnu/libpthread.so.0+0x153bf) 
     #4 0x7f6a2ebe618a in raise (/lib/x86_64-linux-gnu/libc.so.6+0x4618a) 
     #5 0x7f6a2ebc5858 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x25858) 
     #6 0x7f6a2ebc5728    (/lib/x86_64-linux-gnu/libc.so.6+0x25728) 
     #7 0x7f6a2ebd6f35 in __assert_fail (/lib/x86_64-linux-gnu/libc.so.6+0x36f35) 
     #8 0x91dad2 in nfd::fw::AccessStrategy::findPrefixMeasurements(nfd::pit::Entry const&) /home/gtorresz/nfdfuzzer/NFD/build/../daemon/fw/access-strategy.cpp:261:3 
     #9 0x91c6ca in nfd::fw::AccessStrategy::afterReceiveNewInterest(nfd::FaceEndpoint const&, ndn::Interest const&, std::shared_ptr<nfd::pit::Entry> const&) /home/gtorresz/nfdfuzzer/NFD/build/../daemon/fw/access-strategy.cpp:82:32 
     #10 0x91c0b3 in nfd::fw::AccessStrategy::afterReceiveInterest(nfd::FaceEndpoint const&, ndn::Interest const&, std::shared_ptr<nfd::pit::Entry> const&) /home/gtorresz/nfdfuzzer/NFD/build/../daemon/fw/access-strategy.cpp:66:12 
     #11 0x99d73b in nfd::Forwarder::onContentStoreMiss(nfd::FaceEndpoint const&, std::shared_ptr<nfd::pit::Entry> const&, ndn::Interest const&)::$_5::operator()(nfd::fw::Strategy&) const /home/gtorresz/nfdfuzzer/NFD/build/../daemon/fw/forwarder.cpp:217:16 
     #12 0x991fd4 in void nfd::Forwarder::dispatchToStrategy<nfd::Forwarder::onContentStoreMiss(nfd::FaceEndpoint const&, std::shared_ptr<nfd::pit::Entry> const&, ndn::Interest const&)::$_5>(nfd::pit::Entry&, nfd::Forwarder::onContentStoreMiss(nfd::FaceEndpoint const&, std::shared_ptr<nfd::pit::Entry> const&, ndn::Interest const&)::$_5) /home/gtorresz/nfdfuzzer/NFD/build/../daemon/fw/forwarder.hpp:258:5 
     #13 0x990bbe in nfd::Forwarder::onContentStoreMiss(nfd::FaceEndpoint const&, std::shared_ptr<nfd::pit::Entry> const&, ndn::Interest const&) /home/gtorresz/nfdfuzzer/NFD/build/../daemon/fw/forwarder.cpp:215:9 
     #14 0x9b5d1b in void std::__invoke_impl<void, void (nfd::Forwarder::*&)(nfd::FaceEndpoint const&, std::shared_ptr<nfd::pit::Entry> const&, ndn::Interest const&), nfd::Forwarder*&, nfd::FaceEndpoint&, std::shared_ptr<nfd::pit::Entry>&, ndn::Interest const&>(std::__invoke_memfun_deref, void (nfd::Forwarder::*&)(nfd::FaceEndpoint const&, std::shared_ptr<nfd::pit::Entry> const&, ndn::Interest const&), nfd::Forwarder*&, nfd::FaceEndpoint&, std::shared_ptr<nfd::pit::Entry>&, ndn::Interest const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/invoke.h:73:14 
     #15 0x9b5a78 in std::__invoke_result<void (nfd::Forwarder::*&)(nfd::FaceEndpoint const&, std::shared_ptr<nfd::pit::Entry> const&, ndn::Interest const&), nfd::Forwarder*&, nfd::FaceEndpoint&, std::shared_ptr<nfd::pit::Entry>&, ndn::Interest const&>::type std::__invoke<void (nfd::Forwarder::*&)(nfd::FaceEndpoint const&, std::shared_ptr<nfd::pit::Entry> const&, ndn::Interest const&), nfd::Forwarder*&, nfd::FaceEndpoint&, std::shared_ptr<nfd::pit::Entry>&, ndn::Interest const&>(void (nfd::Forwarder::*&)(nfd::FaceEndpoint const&, std::shared_ptr<nfd::pit::Entry> const&, ndn::Interest const&), nfd::Forwarder*&, nfd::FaceEndpoint&, std::shared_ptr<nfd::pit::Entry>&, ndn::Interest const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/invoke.h:95:14 
     #16 0x9b5917 in void std::_Bind<void (nfd::Forwarder::* (nfd::Forwarder*, nfd::FaceEndpoint, std::shared_ptr<nfd::pit::Entry>, std::_Placeholder<1>))(nfd::FaceEndpoint const&, std::shared_ptr<nfd::pit::Entry> const&, ndn::Interest const&)>::__call<void, ndn::Interest const&, 0ul, 1ul, 2ul, 3ul>(std::tuple<ndn::Interest const&>&&, std::_Index_tuple<0ul, 1ul, 2ul, 3ul>) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/functional:400:11 
     #17 0x9b5443 in void std::_Bind<void (nfd::Forwarder::* (nfd::Forwarder*, nfd::FaceEndpoint, std::shared_ptr<nfd::pit::Entry>, std::_Placeholder<1>))(nfd::FaceEndpoint const&, std::shared_ptr<nfd::pit::Entry> const&, ndn::Interest const&)>::operator()<ndn::Interest const&, void>(ndn::Interest const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/functional:482:17 
     #18 0x9a4afa in void nfd::cs::Cs::find<std::_Bind<void (nfd::Forwarder::* (nfd::Forwarder*, nfd::FaceEndpoint, std::shared_ptr<nfd::pit::Entry>, std::_Placeholder<1>, std::_Placeholder<2>))(nfd::FaceEndpoint const&, std::shared_ptr<nfd::pit::Entry> const&, ndn::Interest const&, ndn::Data const&)>, std::_Bind<void (nfd::Forwarder::* (nfd::Forwarder*, nfd::FaceEndpoint, std::shared_ptr<nfd::pit::Entry>, std::_Placeholder<1>))(nfd::FaceEndpoint const&, std::shared_ptr<nfd::pit::Entry> const&, ndn::Interest const&)> >(ndn::Interest const&, std::_Bind<void (nfd::Forwarder::* (nfd::Forwarder*, nfd::FaceEndpoint, std::shared_ptr<nfd::pit::Entry>, std::_Placeholder<1>, std::_Placeholder<2>))(nfd::FaceEndpoint const&, std::shared_ptr<nfd::pit::Entry> const&, ndn::Interest const&, ndn::Data const&)>&&, std::_Bind<void (nfd::Forwarder::* (nfd::Forwarder*, nfd::FaceEndpoint, std::shared_ptr<nfd::pit::Entry>, std::_Placeholder<1>))(nfd::FaceEndpoint const&, std::shared_ptr<nfd::pit::Entry> const&, ndn::Interest const&)>&&) const /home/gtorresz/nfdfuzzer/NFD/build/../daemon/table/cs.hpp:85:7 
     #19 0x98e962 in nfd::Forwarder::onIncomingInterest(nfd::FaceEndpoint const&, ndn::Interest const&) /home/gtorresz/nfdfuzzer/NFD/build/../daemon/fw/forwarder.cpp:152:10 
     #20 0x9ac2f0 in nfd::Forwarder::startProcessInterest(nfd::FaceEndpoint const&, ndn::Interest const&) /home/gtorresz/nfdfuzzer/NFD/build/../daemon/fw/forwarder.hpp:87:11 
     #21 0x99bac3 in nfd::Forwarder::Forwarder(nfd::FaceTable&)::$_2::operator()(nfd::face::Face const&) const::'lambda'(ndn::Interest const&, unsigned long const&)::operator()(ndn::Interest const&, unsigned long const&) const /home/gtorresz/nfdfuzzer/NFD/build/../daemon/fw/forwarder.cpp:59:15 
     #22 0x99b7c0 in std::_Function_handler<void (ndn::Interest const&, unsigned long const&), nfd::Forwarder::Forwarder(nfd::FaceTable&)::$_2::operator()(nfd::face::Face const&) const::'lambda'(ndn::Interest const&, unsigned long const&)>::_M_invoke(std::_Any_data const&, ndn::Interest const&, unsigned long const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/std_function.h:300:2 
     #23 0x7896d3 in std::function<void (ndn::Interest const&, unsigned long const&)>::operator()(ndn::Interest const&, unsigned long const&) const /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/std_function.h:688:14 
     #24 0x786b2f in ndn::util::signal::Signal<nfd::face::LinkService, ndn::Interest, unsigned long>::operator()(ndn::Interest const&, unsigned long const&) /usr/local/include/ndn-cxx/util/signal/signal.hpp:232:7 
     #25 0x782c81 in nfd::face::LinkService::receiveInterest(ndn::Interest const&, unsigned long const&) /home/gtorresz/nfdfuzzer/NFD/build/../daemon/face/link-service.cpp:94:3 
     #26 0x72c8d9 in nfd::face::GenericLinkService::decodeInterest(ndn::Block const&, ndn::lp::Packet const&, unsigned long const&) /home/gtorresz/nfdfuzzer/NFD/build/../daemon/face/generic-link-service.cpp:411:9 
     #27 0x7291d9 in nfd::face::GenericLinkService::decodeNetPacket(ndn::Block const&, ndn::lp::Packet const&, unsigned long const&) /home/gtorresz/nfdfuzzer/NFD/build/../daemon/face/generic-link-service.cpp:340:17 
     #28 0x72801b in nfd::face::GenericLinkService::doReceivePacket(ndn::Block const&, unsigned long const&) /home/gtorresz/nfdfuzzer/NFD/build/../daemon/face/generic-link-service.cpp:320:13 
     #29 0x8b4494 in nfd::face::LinkService::receivePacket(ndn::Block const&, unsigned long const&) /home/gtorresz/nfdfuzzer/NFD/build/../daemon/face/link-service.hpp:240:3 
     #30 0x8af66a in nfd::face::Transport::receive(ndn::Block const&, unsigned long const&) /home/gtorresz/nfdfuzzer/NFD/build/../daemon/face/transport.cpp:122:14 
     #31 0xd3e781 in nfd::face::StreamTransport<boost::asio::local::stream_protocol>::handleReceive(boost::system::error_code const&, unsigned long) /home/gtorresz/nfdfuzzer/NFD/build/../daemon/face/stream-transport.hpp:258:11 
     #32 0xd3e0d8 in auto nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(auto&&...)::operator()<boost::system::error_code const&, unsigned long const&>(auto&&...) const /home/gtorresz/nfdfuzzer/NFD/build/../daemon/face/stream-transport.hpp:233:58 
     #33 0xd3e068 in boost::asio::detail::binder2<nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...), boost::system::error_code, unsigned long>::operator()() /usr/include/boost/asio/detail/bind_handler.hpp:164:5 
     #34 0xd3e030 in void boost::asio::asio_handler_invoke<boost::asio::detail::binder2<nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...), boost::system::error_code, unsigned long> >(boost::asio::local::stream_protocol&, ...) /usr/include/boost/asio/handler_invoke_hook.hpp:69:3 
     #35 0xd3e005 in void boost_asio_handler_invoke_helpers::invoke<boost::asio::detail::binder2<nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...), boost::system::error_code, unsigned long>, nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...)>(boost::asio::local::stream_protocol&, boost::asio::detail::binder2<nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...), boost::system::error_code, unsigned long>&) /usr/include/boost/asio/detail/handler_invoke_helpers.hpp:37:3 
     #36 0xd3df90 in void boost::asio::detail::asio_handler_invoke<boost::asio::detail::binder2<nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...), boost::system::error_code, unsigned long>, nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...), boost::system::error_code, unsigned long>(boost::asio::local::stream_protocol&, boost::asio::detail::binder2<boost::asio::detail::binder2<nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...), boost::system::error_code, unsigned long>, nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...), boost::system::error_code>*) /usr/include/boost/asio/detail/bind_handler.hpp:207:3 
     #37 0xd3dca3 in void boost_asio_handler_invoke_helpers::invoke<boost::asio::detail::binder2<nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...), boost::system::error_code, unsigned long>, boost::asio::detail::binder2<nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...), boost::system::error_code, unsigned long> >(boost::asio::local::stream_protocol&, boost::asio::detail::binder2<nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...), boost::system::error_code, unsigned long>&) /usr/include/boost/asio/detail/handler_invoke_helpers.hpp:37:3 
     #38 0xd3dc17 in void boost::asio::detail::io_object_executor<boost::asio::executor>::dispatch<boost::asio::detail::binder2<nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...), boost::system::error_code, unsigned long>, std::allocator<void> >(boost::asio::local::stream_protocol&&, boost::asio::detail::binder2<nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...), boost::system::error_code, unsigned long> const&) const /usr/include/boost/asio/detail/io_object_executor.hpp:119:9 
     #39 0xd3d996 in void boost::asio::detail::handler_work<nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...), boost::asio::detail::io_object_executor<boost::asio::executor>, boost::asio::detail::io_object_executor<boost::asio::executor> >::complete<boost::asio::detail::binder2<nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...), boost::system::error_code, unsigned long> >(boost::asio::detail::binder2<nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...), boost::system::error_code, unsigned long>&, nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...)&) /usr/include/boost/asio/detail/handler_work.hpp:72:15 
     #40 0xd3d1ed in boost::asio::detail::reactive_socket_recv_op<boost::asio::mutable_buffers_1, nfd::face::StreamTransport<boost::asio::local::stream_protocol>::startReceive()::'lambda'(boost::asio::local::stream_protocol&&...), boost::asio::detail::io_object_executor<boost::asio::executor> >::do_complete(void*, boost::asio::detail::scheduler_operation*, boost::system::error_code const&, unsigned long) /usr/include/boost/asio/detail/reactive_socket_recv_op.hpp:123:9 
     #41 0x62afc7 in boost::asio::detail::scheduler_operation::complete(void*, boost::system::error_code const&, unsigned long) /usr/include/boost/asio/detail/scheduler_operation.hpp:40:5 
     #42 0x664f1f in boost::asio::detail::epoll_reactor::descriptor_state::do_complete(void*, boost::asio::detail::scheduler_operation*, boost::system::error_code const&, unsigned long) /usr/include/boost/asio/detail/impl/epoll_reactor.ipp:776:11 
     #43 0x62afc7 in boost::asio::detail::scheduler_operation::complete(void*, boost::system::error_code const&, unsigned long) /usr/include/boost/asio/detail/scheduler_operation.hpp:40:5 
     #44 0x62898e in boost::asio::detail::scheduler::do_run_one(boost::asio::detail::conditionally_enabled_mutex::scoped_lock&, boost::asio::detail::scheduler_thread_info&, boost::system::error_code const&) /usr/include/boost/asio/detail/impl/scheduler.ipp:447:12 
     #45 0x627d89 in boost::asio::detail::scheduler::run(boost::system::error_code&) /usr/include/boost/asio/detail/impl/scheduler.ipp:200:10 
     #46 0x67470d in boost::asio::io_context::run() /usr/include/boost/asio/impl/io_context.ipp:63:24 
     #47 0x65ec9d in nfd::NfdRunner::run(std::mutex&, std::condition_variable&, bool&) /home/gtorresz/nfdfuzzer/NFD/build/../daemon/fuzzer/nfd_runner.hpp:201:15 
     #48 0x65dfdc in SetUp::$_3::operator()() const /home/gtorresz/nfdfuzzer/NFD/build/../daemon/fuzzer/fuzzer.cpp:171:20 
     #49 0x65de60 in int std::__invoke_impl<int, SetUp::$_3>(std::__invoke_other, SetUp::$_3&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/invoke.h:60:14 
     #50 0x65dd90 in std::__invoke_result<SetUp::$_3>::type std::__invoke<SetUp::$_3>(SetUp::$_3&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/invoke.h:95:14 
     #51 0x65dd48 in int std::thread::_Invoker<std::tuple<SetUp::$_3> >::_M_invoke<0ul>(std::_Index_tuple<0ul>) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/thread:244:13 
     #52 0x65dcf8 in std::thread::_Invoker<std::tuple<SetUp::$_3> >::operator()() /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/thread:251:11 
     #53 0x65db0c in std::thread::_State_impl<std::thread::_Invoker<std::tuple<SetUp::$_3> > >::_M_run() /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/thread:195:13 
     #54 0x7f6a2f006cb3    (/lib/x86_64-linux-gnu/libstdc++.so.6+0xd6cb3) 
     #55 0x7f6a2f176608 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x9608) 
     #56 0x7f6a2ecc2102 in clone (/lib/x86_64-linux-gnu/libc.so.6+0x122102) 
 ```

Back

Project

General

Profile

NFD

Bug #5127