Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Register
  • Sign in
  • Kea Kea
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Issues 595
    • Issues 595
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 62
    • Merge requests 62
  • Deployments
    • Deployments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
    • Model experiments
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • KeaKea
  • Issues
  • #2285
Closed
Open
Issue created Jan 25, 2022 by Andrei Pavel@andreiMaintainer

AddressSanitizer reports stack-use-after-scope in PgSqlLeaseMgrTest.leaseStatsQuery4

https://jenkins.aws.isc.org/job/kea-dev/job/ut-asan/117/parsed_console/:

[2022-01-24T17:17:24.875Z] [ RUN      ] PgSqlLeaseMgrTest.leaseStatsQuery4
[2022-01-24T17:17:25.130Z] =================================================================
[2022-01-24T17:17:25.130Z] ==11386==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffd2a6d6300 at pc 0x7f9df7bed550 bp 0x7ffd2a6d6020 sp 0x7ffd2a6d57d0
[2022-01-24T17:17:25.130Z] READ of size 4 at 0x7ffd2a6d6300 thread T0
[2022-01-24T17:17:26.139Z]     #0 0x7f9df7bed54f  (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xa854f)
[2022-01-24T17:17:26.139Z]     #1 0x7f9df52264cc  (/usr/lib/x86_64-linux-gnu/libpq.so.5+0x164cc)
[2022-01-24T17:17:26.139Z]     #2 0x7f9df52267ad in PQsendQueryPrepared (/usr/lib/x86_64-linux-gnu/libpq.so.5+0x167ad)
[2022-01-24T17:17:26.139Z]     #3 0x7f9df52278f5 in PQexecPrepared (/usr/lib/x86_64-linux-gnu/libpq.so.5+0x178f5)
[2022-01-24T17:17:26.139Z]     #4 0x7f9df72f12b5 in isc::dhcp::PgSqlLeaseStatsQuery::start() /tmp/workspace/kea-dev/ut-asan/src/lib/dhcpsrv/pgsql_lease_mgr.cc:1088
[2022-01-24T17:17:26.139Z]     #5 0x7f9df72e4be1 in isc::dhcp::PgSqlLeaseMgr::startSubnetRangeLeaseStatsQuery4(unsigned int const&, unsigned int const&) /tmp/workspace/kea-dev/ut-asan/src/lib/dhcpsrv/pgsql_lease_mgr.cc:2319
[2022-01-24T17:17:26.139Z]     #6 0x55955eab064d in isc::dhcp::test::GenericLeaseMgrTest::testLeaseStatsQuery4() /tmp/workspace/kea-dev/ut-asan/src/lib/dhcpsrv/tests/generic_lease_mgr_unittest.cc:3623
[2022-01-24T17:17:26.139Z]     #7 0x55955ecd8d87 in TestBody /tmp/workspace/kea-dev/ut-asan/src/lib/dhcpsrv/tests/pgsql_lease_mgr_unittest.cc:1001
[2022-01-24T17:17:26.139Z]     #8 0x55955f3214a8 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/googletest/googletest/src/gtest.cc:2443
[2022-01-24T17:17:26.139Z]     #9 0x55955f314301 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/googletest/googletest/src/gtest.cc:2479
[2022-01-24T17:17:26.139Z]     #10 0x55955f2c2eaf in testing::Test::Run() /usr/src/googletest/googletest/src/gtest.cc:2517
[2022-01-24T17:17:26.139Z]     #11 0x55955f2c42e2 in testing::TestInfo::Run() /usr/src/googletest/googletest/src/gtest.cc:2693
[2022-01-24T17:17:26.139Z]     #12 0x55955f2c4eae in testing::TestCase::Run() /usr/src/googletest/googletest/src/gtest.cc:2813
[2022-01-24T17:17:26.139Z]     #13 0x55955f2e0134 in testing::internal::UnitTestImpl::RunAllTests() /usr/src/googletest/googletest/src/gtest.cc:5179
[2022-01-24T17:17:26.139Z]     #14 0x55955f3243ec in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/googletest/googletest/src/gtest.cc:2443
[2022-01-24T17:17:26.139Z]     #15 0x55955f3165e1 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/googletest/googletest/src/gtest.cc:2479
[2022-01-24T17:17:26.139Z]     #16 0x55955f2dcebf in testing::UnitTest::Run() /usr/src/googletest/googletest/src/gtest.cc:4788
[2022-01-24T17:17:26.139Z]     #17 0x55955dd833fb in RUN_ALL_TESTS() /usr/src/googletest/googletest/include/gtest/gtest.h:2341
[2022-01-24T17:17:26.139Z]     #18 0x55955dd8329c in main /tmp/workspace/kea-dev/ut-asan/src/lib/dhcpsrv/tests/run_unittests.cc:17
[2022-01-24T17:17:26.139Z]     #19 0x7f9df3fa409a in __libc_start_main ../csu/libc-start.c:308
[2022-01-24T17:17:26.139Z]     #20 0x55955dd830f9 in _start (/tmp/workspace/kea-dev/ut-asan/src/lib/dhcpsrv/tests/.libs/libdhcpsrv_unittests+0x9600f9)
[2022-01-24T17:17:26.139Z] 
[2022-01-24T17:17:26.139Z] Address 0x7ffd2a6d6300 is located in stack of thread T0 at offset 368 in frame
[2022-01-24T17:17:26.139Z]     #0 0x7f9df72f0d35 in isc::dhcp::PgSqlLeaseStatsQuery::start() /tmp/workspace/kea-dev/ut-asan/src/lib/dhcpsrv/pgsql_lease_mgr.cc:1066
[2022-01-24T17:17:26.139Z] 
[2022-01-24T17:17:26.139Z]   This frame has 5 object(s):
[2022-01-24T17:17:26.139Z]     [32, 36) '<unknown>'
[2022-01-24T17:17:26.139Z]     [96, 100) '<unknown>'
[2022-01-24T17:17:26.139Z]     [160, 256) 'parms'
[2022-01-24T17:17:26.139Z]     [288, 320) 'subnet_id_str'
[2022-01-24T17:17:26.139Z]     [352, 384) 'subnet_id_str' <== Memory access at offset 368 is inside this variable
[2022-01-24T17:17:26.139Z] HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
[2022-01-24T17:17:26.139Z]       (longjmp and C++ exceptions *are* supported)
[2022-01-24T17:17:26.139Z] SUMMARY: AddressSanitizer: stack-use-after-scope (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xa854f) 
[2022-01-24T17:17:26.139Z] Shadow bytes around the buggy address:
[2022-01-24T17:17:26.139Z]   0x1000254d2c10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:17:26.139Z]   0x1000254d2c20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:17:26.139Z]   0x1000254d2c30: 00 00 f1 f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 f8 f2
[2022-01-24T17:17:26.139Z]   0x1000254d2c40: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:17:26.139Z]   0x1000254d2c50: 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 f8 f8
[2022-01-24T17:17:26.139Z] =>0x1000254d2c60:[f8]f8 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:17:26.139Z]   0x1000254d2c70: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2
[2022-01-24T17:17:26.139Z]   0x1000254d2c80: f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 00 f2
[2022-01-24T17:17:26.139Z]   0x1000254d2c90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:17:26.139Z]   0x1000254d2ca0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:17:26.139Z]   0x1000254d2cb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:17:26.139Z] Shadow byte legend (one shadow byte represents 8 application bytes):
[2022-01-24T17:17:26.139Z]   Addressable:           00
[2022-01-24T17:17:26.139Z]   Partially addressable: 01 02 03 04 05 06 07 
[2022-01-24T17:17:26.139Z]   Heap left redzone:       fa
[2022-01-24T17:17:26.139Z]   Freed heap region:       fd
[2022-01-24T17:17:26.139Z]   Stack left redzone:      f1
[2022-01-24T17:17:26.139Z]   Stack mid redzone:       f2
[2022-01-24T17:17:26.139Z]   Stack right redzone:     f3
[2022-01-24T17:17:26.139Z]   Stack after return:      f5
[2022-01-24T17:17:26.139Z]   Stack use after scope:   f8
[2022-01-24T17:17:26.139Z]   Global redzone:          f9
[2022-01-24T17:17:26.139Z]   Global init order:       f6
[2022-01-24T17:17:26.139Z]   Poisoned by user:        f7
[2022-01-24T17:17:26.139Z]   Container overflow:      fc
[2022-01-24T17:17:26.139Z]   Array cookie:            ac
[2022-01-24T17:17:26.139Z]   Intra object redzone:    bb
[2022-01-24T17:17:26.139Z]   ASan internal:           fe
[2022-01-24T17:17:26.139Z]   Left alloca redzone:     ca
[2022-01-24T17:17:26.139Z]   Right alloca redzone:    cb
[2022-01-24T17:17:26.139Z] ==11386==ABORTING

[2022-01-24T17:17:26.139Z] FAIL: libdhcpsrv_unittests
[2022-01-24T17:17:26.139Z] ======================================
[2022-01-24T17:17:26.139Z] 1 of 1 test failed
[2022-01-24T17:17:26.139Z] Please report to kea-dev@lists.isc.org

I think it refers to this code:

            // Add first_subnet_id used by both single and range.
            std::string subnet_id_str = boost::lexical_cast<std::string>(getFirstSubnetID());
            parms.add(subnet_id_str);

            // Add last_subnet_id for range.
            if (getSelectMode() == SUBNET_RANGE) {
                // Add last_subnet_id used by range.
                std::string subnet_id_str = boost::lexical_cast<std::string>(getLastSubnetID());
                parms.add(subnet_id_str);
            }

This may be only a variable shadowing.

Edited Jan 25, 2022 by Andrei Pavel
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking