Skip to content

heap-use-after-free and invalid vptr on Mgrs after IOThreadPool IOService/other-non-main-thread IOservice distruction

Replication steps:

  1. Start kea-dhcp4 built with address sanitizer and UB sanitizer with this configuration:

    {
  "Dhcp4": {
    "hooks-libraries": [
      {
        "library": "/opt/kea/lib/kea/hooks/libdhcp_ping_check.so",
        "parameters": {
        }
      }
    ]
  } 
}

  2. kill -SIGINT $(pidof kea-dhcp4) or clrl-C in the terminal.

3a. If Kea is built with code prior to merging of issue 3019, then you should observe this warning: #3190 (comment 423820)

3b. If Kea is built after merging of issue 3019, then you might observe a different warning:

INFO PING_CHECK_MGR_STOPPED channel operations have stopped
/usr/include/boost/asio/basic_deadline_timer.hpp:351:41: runtime error: member call on address 0x60b000015ac0 which does not point to an object of type 'boost::asio::detail::deadline_timer_service<boost::asio::time_traits<boost::posix_time::ptime>>'
0x60b000015ac0: note: object has invalid vptr
 00 00 00 00  00 0d 00 00 00 00 00 00  a8 6d b5 51 38 7f 00 00  00 00 00 00 00 00 00 00  10 5e 05 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              invalid vptr
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/include/boost/asio/basic_deadline_timer.hpp:351:41 in 
/usr/include/boost/asio/detail/io_object_impl.hpp:97:15: runtime error: member call on address 0x60b000015ac0 which does not point to an object of type 'boost::asio::detail::deadline_timer_service<boost::asio::time_traits<boost::posix_time::ptime>>'
0x60b000015ac0: note: object has invalid vptr
 00 00 00 00  00 0d 00 00 00 00 00 00  a8 6d b5 51 38 7f 00 00  00 00 00 00 00 00 00 00  10 5e 05 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              invalid vptr
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/include/boost/asio/detail/io_object_impl.hpp:97:15 in 
/usr/include/boost/asio/detail/deadline_timer_service.hpp:100:5: runtime error: member call on address 0x60b000015ac0 which does not point to an object of type 'boost::asio::detail::deadline_timer_service<boost::asio::time_traits<boost::posix_time::ptime>>'
0x60b000015ac0: note: object has invalid vptr
 00 00 00 00  00 0d 00 00 00 00 00 00  a8 6d b5 51 38 7f 00 00  00 00 00 00 00 00 00 00  10 5e 05 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              invalid vptr
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/include/boost/asio/detail/deadline_timer_service.hpp:100:5 in 
INFO PING_CHECK_UNLOAD Ping Check hooks library has been unloaded
Edited by Razvan Becheriu
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information