AddressSanitizer: heap-buffer-overflow socket_test.c:104 in event_done
I found this while working on #707 (closed) and after some thinking about what I did wrong in the MR, I realised that I did nothing wrong and this is a bug hidden by small allocations allocator and it could be reproduced by CFLAGS="-fsanitize=address,undefined -DISC_MEM_USE_INTERNAL_MALLOC=0 -Os -g" ./configure --with-cmocka and running lib/isc/tests/socket_test.
One more reason why #707 (closed) will be useful.
=================================================================
==49218==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c0000002fc at pc 0x000109aa74f1 bp 0x7000089a8c90 sp 0x7000089a8c88
READ of size 4 at 0x60c0000002fc thread T21
#0 0x109aa74f0 in event_done socket_test.c:104
#1 0x109b27382 in dispatch task.c:1116
#2 0x109b1b340 in run task.c:1293
#3 0x7fff7b1b9338 in _pthread_body (libsystem_pthread.dylib:x86_64+0x3338)
#4 0x7fff7b1bc2a6 in _pthread_start (libsystem_pthread.dylib:x86_64+0x62a6)
#5 0x7fff7b1b8444 in thread_start (libsystem_pthread.dylib:x86_64+0x2444)
Address 0x60c0000002fc is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow socket_test.c:104 in event_done
Shadow bytes around the buggy address:
0x1c1800000000: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x1c1800000010: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
0x1c1800000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
0x1c1800000030: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x1c1800000040: 00 00 00 00 00 00 01 fa fa fa fa fa fa fa fa fa
=>0x1c1800000050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
0x1c1800000060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c1800000070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c1800000080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c1800000090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c18000000a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Thread T21 created by T0 here:
#0 0x109ec21cd in wrap_pthread_create (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x4f1cd)
#1 0x109b8af27 in isc_thread_create thread.c:65
#2 0x109b1a6ed in isc_taskmgr_create task.c:1380
#3 0x109aa859c in isc_test_begin isctest.c:89
#4 0x109aa2166 in _setup socket_test.c:51
#5 0x109e6ab17 in cmocka_run_one_test_or_fixture (libcmocka.0.dylib:x86_64+0x5b17)
#6 0x109e68ec2 in _cmocka_run_group_tests (libcmocka.0.dylib:x86_64+0x3ec2)
#7 0x7fff7afc708c in start (libdyld.dylib:x86_64+0x1708c)
==49218==ABORTING
Abort trap: 6Marking as confidential as I have no idea about the impact of this one (is the bug only in the test or in the library?), but it affects v9.10+ that have the test (version <= 9.9 doesn't have the test nor DSCP support).