AddressSanitizer reports stack-buffer-overflow in RotatingFileTest.nowString
https://jenkins.aws.isc.org/job/kea-dev/job/ut-asan/117/parsed_console/:
[2022-01-24T17:25:00.096Z] [ RUN ] RotatingFileTest.nowString
[2022-01-24T17:25:00.096Z] =================================================================
[2022-01-24T17:25:00.096Z] ==22451==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc57122ce0 at pc 0x7f6b36b43550 bp 0x7ffc57121ba0 sp 0x7ffc57121350
[2022-01-24T17:25:00.096Z] READ of size 263 at 0x7ffc57122ce0 thread T0
[2022-01-24T17:25:00.350Z] #0 0x7f6b36b4354f (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xa854f)
[2022-01-24T17:25:00.350Z] #1 0x55ce6e792754 in std::char_traits<char>::length(char const*) /usr/include/c++/8/bits/char_traits.h:322
[2022-01-24T17:25:00.350Z] #2 0x55ce6e797961 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::append(char const*) /usr/include/c++/8/bits/basic_string.h:1266
[2022-01-24T17:25:00.350Z] #3 0x55ce6e7971ba in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator+=(char const*) /usr/include/c++/8/bits/basic_string.h:1178
[2022-01-24T17:25:00.350Z] #4 0x55ce6e8e24a7 in TestBody /tmp/workspace/kea-dev/ut-asan/premium/src/hooks/dhcp/forensic_log/tests/rotating_file_unittests.cc:147
[2022-01-24T17:25:00.350Z] #5 0x55ce6eac4c10 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/googletest/googletest/src/gtest.cc:2443
[2022-01-24T17:25:00.350Z] #6 0x55ce6eab7307 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/googletest/googletest/src/gtest.cc:2479
[2022-01-24T17:25:00.350Z] #7 0x55ce6ea65913 in testing::Test::Run() /usr/src/googletest/googletest/src/gtest.cc:2517
[2022-01-24T17:25:00.350Z] #8 0x55ce6ea66d46 in testing::TestInfo::Run() /usr/src/googletest/googletest/src/gtest.cc:2693
[2022-01-24T17:25:00.350Z] #9 0x55ce6ea67912 in testing::TestCase::Run() /usr/src/googletest/googletest/src/gtest.cc:2813
[2022-01-24T17:25:00.350Z] #10 0x55ce6ea82b98 in testing::internal::UnitTestImpl::RunAllTests() /usr/src/googletest/googletest/src/gtest.cc:5179
[2022-01-24T17:25:00.350Z] #11 0x55ce6eac7c02 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/googletest/googletest/src/gtest.cc:2443
[2022-01-24T17:25:00.350Z] #12 0x55ce6eab94fd in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/googletest/googletest/src/gtest.cc:2479
[2022-01-24T17:25:00.350Z] #13 0x55ce6ea7f923 in testing::UnitTest::Run() /usr/src/googletest/googletest/src/gtest.cc:4788
[2022-01-24T17:25:00.350Z] #14 0x55ce6e77ffcb in RUN_ALL_TESTS() /usr/src/googletest/googletest/include/gtest/gtest.h:2341
[2022-01-24T17:25:00.350Z] #15 0x55ce6e77fe6c in main /tmp/workspace/kea-dev/ut-asan/premium/src/hooks/dhcp/forensic_log/tests/run_unittests.cc:17
[2022-01-24T17:25:00.350Z] #16 0x7f6b335d609a in __libc_start_main ../csu/libc-start.c:308
[2022-01-24T17:25:00.350Z] #17 0x55ce6e77fcc9 in _start (/tmp/workspace/kea-dev/ut-asan/premium/src/hooks/dhcp/forensic_log/tests/.libs/libdhcp_legal_log_unittests+0x18acc9)
[2022-01-24T17:25:00.350Z]
[2022-01-24T17:25:00.350Z] Address 0x7ffc57122ce0 is located in stack of thread T0 at offset 4224 in frame
[2022-01-24T17:25:00.350Z] #0 0x55ce6e8e0d43 in TestBody /tmp/workspace/kea-dev/ut-asan/premium/src/hooks/dhcp/forensic_log/tests/rotating_file_unittests.cc:124
[2022-01-24T17:25:00.350Z]
[2022-01-24T17:25:00.350Z] This frame has 62 object(s):
[2022-01-24T17:25:00.350Z] [32, 33) '<unknown>'
[2022-01-24T17:25:00.350Z] [96, 97) '<unknown>'
[2022-01-24T17:25:00.350Z] [160, 161) '<unknown>'
[2022-01-24T17:25:00.350Z] [224, 225) '<unknown>'
[2022-01-24T17:25:00.350Z] [288, 289) '<unknown>'
[2022-01-24T17:25:00.350Z] [352, 353) '<unknown>'
[2022-01-24T17:25:00.350Z] [416, 417) '<unknown>'
[2022-01-24T17:25:00.350Z] [480, 481) '<unknown>'
[2022-01-24T17:25:00.350Z] [544, 546) '<unknown>'
[2022-01-24T17:25:00.350Z] [608, 610) '<unknown>'
[2022-01-24T17:25:00.350Z] [672, 674) '<unknown>'
[2022-01-24T17:25:00.350Z] [736, 740) 'test_day'
[2022-01-24T17:25:00.350Z] [800, 808) '<unknown>'
[2022-01-24T17:25:00.350Z] [864, 872) '<unknown>'
[2022-01-24T17:25:00.350Z] [928, 936) '<unknown>'
[2022-01-24T17:25:00.350Z] [992, 1000) '<unknown>'
[2022-01-24T17:25:00.350Z] [1056, 1064) '<unknown>'
[2022-01-24T17:25:00.350Z] [1120, 1128) '<unknown>'
[2022-01-24T17:25:00.350Z] [1184, 1192) '<unknown>'
[2022-01-24T17:25:00.350Z] [1248, 1256) '<unknown>'
[2022-01-24T17:25:00.350Z] [1312, 1320) '<unknown>'
[2022-01-24T17:25:00.350Z] [1376, 1384) '<unknown>'
[2022-01-24T17:25:00.350Z] [1440, 1448) 'gtest_msg'
[2022-01-24T17:25:00.350Z] [1504, 1512) '<unknown>'
[2022-01-24T17:25:00.350Z] [1568, 1576) '<unknown>'
[2022-01-24T17:25:00.350Z] [1632, 1640) '<unknown>'
[2022-01-24T17:25:00.350Z] [1696, 1704) '<unknown>'
[2022-01-24T17:25:00.350Z] [1760, 1768) '<unknown>'
[2022-01-24T17:25:00.350Z] [1824, 1832) '<unknown>'
[2022-01-24T17:25:00.350Z] [1888, 1896) '<unknown>'
[2022-01-24T17:25:00.350Z] [1952, 1960) '<unknown>'
[2022-01-24T17:25:00.350Z] [2016, 2024) '<unknown>'
[2022-01-24T17:25:00.350Z] [2080, 2088) '<unknown>'
[2022-01-24T17:25:00.350Z] [2144, 2152) '<unknown>'
[2022-01-24T17:25:00.350Z] [2208, 2216) '<unknown>'
[2022-01-24T17:25:00.350Z] [2272, 2280) '<unknown>'
[2022-01-24T17:25:00.350Z] [2336, 2344) '<unknown>'
[2022-01-24T17:25:00.350Z] [2400, 2408) '<unknown>'
[2022-01-24T17:25:00.350Z] [2464, 2472) '<unknown>'
[2022-01-24T17:25:00.350Z] [2528, 2544) 'gtest_ar'
[2022-01-24T17:25:00.350Z] [2592, 2608) 'gtest_ar'
[2022-01-24T17:25:00.350Z] [2656, 2672) 'params'
[2022-01-24T17:25:00.350Z] [2720, 2736) '<unknown>'
[2022-01-24T17:25:00.350Z] [2784, 2800) '<unknown>'
[2022-01-24T17:25:00.350Z] [2848, 2864) '<unknown>'
[2022-01-24T17:25:00.350Z] [2912, 2928) 'gtest_ar'
[2022-01-24T17:25:00.350Z] [2976, 3032) '<unknown>'
[2022-01-24T17:25:00.350Z] [3072, 3104) '<unknown>'
[2022-01-24T17:25:00.350Z] [3136, 3168) '<unknown>'
[2022-01-24T17:25:00.350Z] [3200, 3232) '<unknown>'
[2022-01-24T17:25:00.350Z] [3264, 3296) 'expected_string'
[2022-01-24T17:25:00.350Z] [3328, 3360) '<unknown>'
[2022-01-24T17:25:00.350Z] [3392, 3424) '<unknown>'
[2022-01-24T17:25:00.350Z] [3456, 3488) 'now_string'
[2022-01-24T17:25:00.350Z] [3520, 3552) '<unknown>'
[2022-01-24T17:25:00.350Z] [3584, 3616) '<unknown>'
[2022-01-24T17:25:00.350Z] [3648, 3680) '<unknown>'
[2022-01-24T17:25:00.350Z] [3712, 3744) 'format'
[2022-01-24T17:25:00.350Z] [3776, 3808) '<unknown>'
[2022-01-24T17:25:00.350Z] [3840, 3872) '<unknown>'
[2022-01-24T17:25:00.350Z] [3904, 3936) '<unknown>'
[2022-01-24T17:25:00.350Z] [3968, 4224) 'buf' <== Memory access at offset 4224 overflows this variable
[2022-01-24T17:25:00.350Z] HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
[2022-01-24T17:25:00.350Z] (longjmp and C++ exceptions *are* supported)
[2022-01-24T17:25:00.350Z] SUMMARY: AddressSanitizer: stack-buffer-overflow (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xa854f)
[2022-01-24T17:25:00.350Z] Shadow bytes around the buggy address:
[2022-01-24T17:25:00.350Z] 0x10000ae1c540: f2 f2 f2 f2 f8 f8 f8 f8 f2 f2 f2 f2 f8 f8 f8 f8
[2022-01-24T17:25:00.350Z] 0x10000ae1c550: f2 f2 f2 f2 f8 f8 f8 f8 f2 f2 f2 f2 00 00 00 00
[2022-01-24T17:25:00.350Z] 0x10000ae1c560: f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00
[2022-01-24T17:25:00.350Z] 0x10000ae1c570: f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00
[2022-01-24T17:25:00.350Z] 0x10000ae1c580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:25:00.350Z] =>0x10000ae1c590: 00 00 00 00 00 00 00 00 00 00 00 00[f3]f3 f3 f3
[2022-01-24T17:25:00.350Z] 0x10000ae1c5a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:25:00.350Z] 0x10000ae1c5b0: f1 f1 f1 f1 00 00 f2 f2 00 00 00 00 00 00 00 00
[2022-01-24T17:25:00.350Z] 0x10000ae1c5c0: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00
[2022-01-24T17:25:00.350Z] 0x10000ae1c5d0: f2 f2 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00
[2022-01-24T17:25:00.350Z] 0x10000ae1c5e0: 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:25:00.350Z] Shadow byte legend (one shadow byte represents 8 application bytes):
[2022-01-24T17:25:00.350Z] Addressable: 00
[2022-01-24T17:25:00.350Z] Partially addressable: 01 02 03 04 05 06 07
[2022-01-24T17:25:00.350Z] Heap left redzone: fa
[2022-01-24T17:25:00.350Z] Freed heap region: fd
[2022-01-24T17:25:00.350Z] Stack left redzone: f1
[2022-01-24T17:25:00.350Z] Stack mid redzone: f2
[2022-01-24T17:25:00.350Z] Stack right redzone: f3
[2022-01-24T17:25:00.350Z] Stack after return: f5
[2022-01-24T17:25:00.350Z] Stack use after scope: f8
[2022-01-24T17:25:00.350Z] Global redzone: f9
[2022-01-24T17:25:00.350Z] Global init order: f6
[2022-01-24T17:25:00.350Z] Poisoned by user: f7
[2022-01-24T17:25:00.350Z] Container overflow: fc
[2022-01-24T17:25:00.350Z] Array cookie: ac
[2022-01-24T17:25:00.350Z] Intra object redzone: bb
[2022-01-24T17:25:00.350Z] ASan internal: fe
[2022-01-24T17:25:00.350Z] Left alloca redzone: ca
[2022-01-24T17:25:00.350Z] Right alloca redzone: cb
[2022-01-24T17:25:00.350Z] ==22451==ABORTING
[2022-01-24T17:25:00.350Z] FAIL: libdhcp_legal_log_unittests
[2022-01-24T17:25:00.350Z] ======================================
[2022-01-24T17:25:00.350Z] 1 of 1 test failed
[2022-01-24T17:25:00.350Z] Please report to kea-dev@lists.isc.org
[2022-01-24T17:25:00.350Z] ======================================
It refers to this code:
char buf[256];
memset(buf, '-', sizeof(buf));
std::string format("%Y%m%d");
format += buf;
It seems like buf
should be null-terminated.