Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-30189

ASan: object type mismatch in ConnHandler::addStats when called via KVBucket::snapshotStats

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • master
    • master
    • couchbase-bucket
    • None
    • Untriaged
    • Unknown

    Description

      As part of http://review.couchbase.org/95248 a ConnHandler's priority was included in the connection stats; this priority was fetched from the underlying Connection via it's cookie - c below:

      void ConnHandler::addStats(ADD_STAT add_stat, const void* c) {
      		 
          ...
      		 
          const auto priority = engine_.getDCPPriority(c);
      		 
          const char* priString = "<INVALID>";
      		 
          switch (priority) {
      		 
              ... Map priority to a string ...
      		 
          }
      		 
          addStat("priority", priString, add_stat, c);
      		 
      }

      However this is the wrong trousers^Wcookie; the cookie passed to ADD_STAT is not necessarily a memcached connection cookie; indeed in the case of KVBucket::snapshotStats() is is an instance of snapshot_stats_t.

      As a result, this triggers a crash under AddressSanitizer as we treat a snapshot_stats_t object as a memcached connection cookie and call cookie_get_priority on it - this in turn attempts to dereference as a Cookie object and reads garbage data.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            drigby Dave Rigby (Inactive)
            drigby Dave Rigby (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty