AddressSanitizer reports stack-use-after-scope in PgSqlLeaseMgrTest.leaseStatsQuery4
https://jenkins.aws.isc.org/job/kea-dev/job/ut-asan/117/parsed_console/:
[2022-01-24T17:17:24.875Z] [ RUN ] PgSqlLeaseMgrTest.leaseStatsQuery4
[2022-01-24T17:17:25.130Z] =================================================================
[2022-01-24T17:17:25.130Z] ==11386==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffd2a6d6300 at pc 0x7f9df7bed550 bp 0x7ffd2a6d6020 sp 0x7ffd2a6d57d0
[2022-01-24T17:17:25.130Z] READ of size 4 at 0x7ffd2a6d6300 thread T0
[2022-01-24T17:17:26.139Z] #0 0x7f9df7bed54f (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xa854f)
[2022-01-24T17:17:26.139Z] #1 0x7f9df52264cc (/usr/lib/x86_64-linux-gnu/libpq.so.5+0x164cc)
[2022-01-24T17:17:26.139Z] #2 0x7f9df52267ad in PQsendQueryPrepared (/usr/lib/x86_64-linux-gnu/libpq.so.5+0x167ad)
[2022-01-24T17:17:26.139Z] #3 0x7f9df52278f5 in PQexecPrepared (/usr/lib/x86_64-linux-gnu/libpq.so.5+0x178f5)
[2022-01-24T17:17:26.139Z] #4 0x7f9df72f12b5 in isc::dhcp::PgSqlLeaseStatsQuery::start() /tmp/workspace/kea-dev/ut-asan/src/lib/dhcpsrv/pgsql_lease_mgr.cc:1088
[2022-01-24T17:17:26.139Z] #5 0x7f9df72e4be1 in isc::dhcp::PgSqlLeaseMgr::startSubnetRangeLeaseStatsQuery4(unsigned int const&, unsigned int const&) /tmp/workspace/kea-dev/ut-asan/src/lib/dhcpsrv/pgsql_lease_mgr.cc:2319
[2022-01-24T17:17:26.139Z] #6 0x55955eab064d in isc::dhcp::test::GenericLeaseMgrTest::testLeaseStatsQuery4() /tmp/workspace/kea-dev/ut-asan/src/lib/dhcpsrv/tests/generic_lease_mgr_unittest.cc:3623
[2022-01-24T17:17:26.139Z] #7 0x55955ecd8d87 in TestBody /tmp/workspace/kea-dev/ut-asan/src/lib/dhcpsrv/tests/pgsql_lease_mgr_unittest.cc:1001
[2022-01-24T17:17:26.139Z] #8 0x55955f3214a8 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/googletest/googletest/src/gtest.cc:2443
[2022-01-24T17:17:26.139Z] #9 0x55955f314301 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/googletest/googletest/src/gtest.cc:2479
[2022-01-24T17:17:26.139Z] #10 0x55955f2c2eaf in testing::Test::Run() /usr/src/googletest/googletest/src/gtest.cc:2517
[2022-01-24T17:17:26.139Z] #11 0x55955f2c42e2 in testing::TestInfo::Run() /usr/src/googletest/googletest/src/gtest.cc:2693
[2022-01-24T17:17:26.139Z] #12 0x55955f2c4eae in testing::TestCase::Run() /usr/src/googletest/googletest/src/gtest.cc:2813
[2022-01-24T17:17:26.139Z] #13 0x55955f2e0134 in testing::internal::UnitTestImpl::RunAllTests() /usr/src/googletest/googletest/src/gtest.cc:5179
[2022-01-24T17:17:26.139Z] #14 0x55955f3243ec in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/googletest/googletest/src/gtest.cc:2443
[2022-01-24T17:17:26.139Z] #15 0x55955f3165e1 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/googletest/googletest/src/gtest.cc:2479
[2022-01-24T17:17:26.139Z] #16 0x55955f2dcebf in testing::UnitTest::Run() /usr/src/googletest/googletest/src/gtest.cc:4788
[2022-01-24T17:17:26.139Z] #17 0x55955dd833fb in RUN_ALL_TESTS() /usr/src/googletest/googletest/include/gtest/gtest.h:2341
[2022-01-24T17:17:26.139Z] #18 0x55955dd8329c in main /tmp/workspace/kea-dev/ut-asan/src/lib/dhcpsrv/tests/run_unittests.cc:17
[2022-01-24T17:17:26.139Z] #19 0x7f9df3fa409a in __libc_start_main ../csu/libc-start.c:308
[2022-01-24T17:17:26.139Z] #20 0x55955dd830f9 in _start (/tmp/workspace/kea-dev/ut-asan/src/lib/dhcpsrv/tests/.libs/libdhcpsrv_unittests+0x9600f9)
[2022-01-24T17:17:26.139Z]
[2022-01-24T17:17:26.139Z] Address 0x7ffd2a6d6300 is located in stack of thread T0 at offset 368 in frame
[2022-01-24T17:17:26.139Z] #0 0x7f9df72f0d35 in isc::dhcp::PgSqlLeaseStatsQuery::start() /tmp/workspace/kea-dev/ut-asan/src/lib/dhcpsrv/pgsql_lease_mgr.cc:1066
[2022-01-24T17:17:26.139Z]
[2022-01-24T17:17:26.139Z] This frame has 5 object(s):
[2022-01-24T17:17:26.139Z] [32, 36) '<unknown>'
[2022-01-24T17:17:26.139Z] [96, 100) '<unknown>'
[2022-01-24T17:17:26.139Z] [160, 256) 'parms'
[2022-01-24T17:17:26.139Z] [288, 320) 'subnet_id_str'
[2022-01-24T17:17:26.139Z] [352, 384) 'subnet_id_str' <== Memory access at offset 368 is inside this variable
[2022-01-24T17:17:26.139Z] HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
[2022-01-24T17:17:26.139Z] (longjmp and C++ exceptions *are* supported)
[2022-01-24T17:17:26.139Z] SUMMARY: AddressSanitizer: stack-use-after-scope (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xa854f)
[2022-01-24T17:17:26.139Z] Shadow bytes around the buggy address:
[2022-01-24T17:17:26.139Z] 0x1000254d2c10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:17:26.139Z] 0x1000254d2c20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:17:26.139Z] 0x1000254d2c30: 00 00 f1 f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 f8 f2
[2022-01-24T17:17:26.139Z] 0x1000254d2c40: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:17:26.139Z] 0x1000254d2c50: 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 f8 f8
[2022-01-24T17:17:26.139Z] =>0x1000254d2c60:[f8]f8 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:17:26.139Z] 0x1000254d2c70: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2
[2022-01-24T17:17:26.139Z] 0x1000254d2c80: f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 00 f2
[2022-01-24T17:17:26.139Z] 0x1000254d2c90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:17:26.139Z] 0x1000254d2ca0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:17:26.139Z] 0x1000254d2cb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:17:26.139Z] Shadow byte legend (one shadow byte represents 8 application bytes):
[2022-01-24T17:17:26.139Z] Addressable: 00
[2022-01-24T17:17:26.139Z] Partially addressable: 01 02 03 04 05 06 07
[2022-01-24T17:17:26.139Z] Heap left redzone: fa
[2022-01-24T17:17:26.139Z] Freed heap region: fd
[2022-01-24T17:17:26.139Z] Stack left redzone: f1
[2022-01-24T17:17:26.139Z] Stack mid redzone: f2
[2022-01-24T17:17:26.139Z] Stack right redzone: f3
[2022-01-24T17:17:26.139Z] Stack after return: f5
[2022-01-24T17:17:26.139Z] Stack use after scope: f8
[2022-01-24T17:17:26.139Z] Global redzone: f9
[2022-01-24T17:17:26.139Z] Global init order: f6
[2022-01-24T17:17:26.139Z] Poisoned by user: f7
[2022-01-24T17:17:26.139Z] Container overflow: fc
[2022-01-24T17:17:26.139Z] Array cookie: ac
[2022-01-24T17:17:26.139Z] Intra object redzone: bb
[2022-01-24T17:17:26.139Z] ASan internal: fe
[2022-01-24T17:17:26.139Z] Left alloca redzone: ca
[2022-01-24T17:17:26.139Z] Right alloca redzone: cb
[2022-01-24T17:17:26.139Z] ==11386==ABORTING
[2022-01-24T17:17:26.139Z] FAIL: libdhcpsrv_unittests
[2022-01-24T17:17:26.139Z] ======================================
[2022-01-24T17:17:26.139Z] 1 of 1 test failed
[2022-01-24T17:17:26.139Z] Please report to kea-dev@lists.isc.orgI think it refers to this code:
// Add first_subnet_id used by both single and range.
std::string subnet_id_str = boost::lexical_cast<std::string>(getFirstSubnetID());
parms.add(subnet_id_str);
// Add last_subnet_id for range.
if (getSelectMode() == SUBNET_RANGE) {
// Add last_subnet_id used by range.
std::string subnet_id_str = boost::lexical_cast<std::string>(getLastSubnetID());
parms.add(subnet_id_str);
}This may be only a variable shadowing.
Edited by Andrei Pavel