Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-28633

AddressSanitizer: stack-use-after-scope in ScanContext::manageSeparator

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 5.5.0
    • 5.5.0
    • couchbase-bucket
    • CentOS7, AddressSanitizer with GCC 7.2
    • Untriaged
    • Unknown

    Description

      AddressSantizer under GCC 7.2 identifies the following error:

      ==16708==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fffffff8d82 at pc 0x7ffff6e9f382 bp 0x7fffffff8850 sp 0x7fffffff8000
      		 
      READ of size 2 at 0x7fffffff8d82 thread T0
      		 
          #0 0x7ffff6e9f381  (/usr/local/lib64/libasan.so.4+0x76381)
      		 
          #1 0x7ffff0b598ad in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_replace(unsigned long, unsigned long, char const*, unsigned long) (/usr/local/lib64/libstdc++
      		 
      .so.6+0x11e8ad)
      		 
          #2 0x13eeb54 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::assign(char const*, unsigned long) /usr/local/include/c++/7.2.0/bits/basic_string.h:1371
      		 
          #3 0x13eeb54 in Collections::VB::ScanContext::manageSeparator(DocKey const&) /home/couchbase/server/kv_engine/engines/ep/src/collections/scan_context.cc:37
      		 
          #4 0x13473a7 in CouchKVStore::recordDbDump(_db*, _docinfo*, void*) /home/couchbase/server/kv_engine/engines/ep/src/couch-kvstore/couch-kvstore.cc:1750
      		 
          #5 0x1348ae7 in recordDbDumpC /home/couchbase/server/kv_engine/engines/ep/src/couch-kvstore/couch-kvstore.cc:61
      		 
      ...
      		 
      Address 0x7fffffff8d82 is located in stack of thread T0 at offset 1202 in frame
      		 
          #0 0x13edc5d in Collections::VB::ScanContext::manageSeparator(DocKey const&) /home/couchbase/server/kv_engine/engines/ep/src/collections/scan_context.cc:24
      		 
        This frame has 19 object(s):
      		 
          [32, 33) '<unknown>'
      		 
          [96, 97) '<unknown>'
      		 
          [160, 161) '<unknown>'
      		 
          [224, 232) '<unknown>'
      		 
          [288, 296) '<unknown>'
      		 
          [352, 368) '<unknown>'
      		 
          [416, 432) '<unknown>'
      		 
          [480, 496) '<unknown>'
      		 
          [544, 560) '<unknown>'
      		 
          [608, 624) '<unknown>'
      		 
          [672, 688) '<unknown>'
      		 
          [736, 752) '<unknown>'
      		 
          [800, 816) '<unknown>'
      		 
          [864, 880) '<unknown>'
      		 
          [928, 944) '<unknown>'
      		 
          [992, 1016) 'cKey'
      		 
          [1056, 1080) 'cKey2'
      		 
          [1120, 1144) '<unknown>'
      		 
          [1184, 1216) '<unknown>' <== Memory access at offset 1202 is inside this variable

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. MB-28639 Update Thread Sanitizer and Address Sanitizer Jenkins jobs to use GCC

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              drigby Dave Rigby (Inactive)
              drigby Dave Rigby (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty