Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-47664

ASan: stack-buffer-overflow in exit_thread_helper

    XMLWordPrintable

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 7.1.0
    • Neo.next
    • view-engine
    • None
    • Untriaged
    • 1
    • Unknown

    Description

      As seen during kv-engine post-commit (make simple-test) with ASan enabled:

      stack-buffer-overflow on address 0x7ffcf60fe960 at pc 0x000000401de7 bp 0x7f78f90f7270 sp 0x7f78f90f7268
       
      READ of size 4 at 0x7ffcf60fe960 thread T1
          #0 0x401de6 in exit_thread_helper /home/couchbase/jenkins/workspace/kv_engine-post-commit-master/couchstore/src/views/bin/util.cc:47
          #1 0x7f79027f564a in CouchbaseThread::run() /home/couchbase/jenkins/workspace/kv_engine-post-commit-master/platform/src/cb_pthreads.cc:51
          #2 0x7f79027f564a in platform_thread_wrap /home/couchbase/jenkins/workspace/kv_engine-post-commit-master/platform/src/cb_pthreads.cc:64
          #3 0x7f7900f326da in start_thread /build/glibc-S9d2JN/glibc-2.27/nptl/pthread_create.c:463
          #4 0x7f78fcb6a71e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12171e)
       
      Address 0x7ffcf60fe960 is located in stack of thread T0 at offset 272 in frame
          #0 0x7f790274717f in init_terminator_thread() /home/couchbase/jenkins/workspace/kv_engine-post-commit-master/couchstore/src/views/mapreduce/mapreduce_c.cc:366
       
        This frame has 8 object(s):
          [32, 40) 'initGuard' (line 367)
          [64, 72) ''
          [96, 104) ''
          [128, 136) ''
          [160, 168) '__tmp'
          [192, 200) ''
          [224, 232) ''
          [256, 264) '' <== Memory access at offset 272 overflows this variable
      HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
            (longjmp and C++ exceptions *are* supported)
      SUMMARY: AddressSanitizer: stack-buffer-overflow /home/couchbase/jenkins/workspace/kv_engine-post-commit-master/couchstore/src/views/bin/util.cc:47 in exit_thread_helper
      Shadow bytes around the buggy address:
        0x10001ec17cd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x10001ec17ce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x10001ec17cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x10001ec17d00: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2
        0x10001ec17d10: f2 f2 f8 f2 f2 f2 00 f2 f2 f2 00 f2 f2 f2 00 f2
      =>0x10001ec17d20: f2 f2 00 f2 f2 f2 f8 f2 f2 f2 00 f3[f3]f3 00 00
        0x10001ec17d30: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2
        0x10001ec17d40: 00 f2 f2 f2 00 f2 f2 f2 00 00 00 f3 f3 f3 f3 f3
        0x10001ec17d50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x10001ec17d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x10001ec17d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      Shadow byte legend (one shadow byte represents 8 application bytes):
        Addressable:           00
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
        Freed heap region:       fd
        Stack left redzone:      f1
        Stack mid redzone:       f2
        Stack right redzone:     f3
        Stack after return:      f5
        Stack use after scope:   f8
        Global redzone:          f9
        Global init order:       f6
        Poisoned by user:        f7
        Container overflow:      fc
        Array cookie:            ac
        Intra object redzone:    bb
        ASan internal:           fe
        Left alloca redzone:     ca
        Right alloca redzone:    cb
        Shadow gap:              cc
      Thread T1 created by T0 here:
          #0 0x7f7903024822 in pthread_create (/opt/gcc-10.2.0/lib64/libasan.so.6+0x57822)
          #1 0x7f79027f50d3 in cb_create_named_thread(unsigned long*, void (*)(void*), void*, int, char const*) /home/couchbase/jenkins/workspace/kv_engine-post-commit-master/platform/src/cb_pthreads.cc:102
          #2 0x401e93 in start_exit_listener(unsigned long*, int) /home/couchbase/jenkins/workspace/kv_engine-post-commit-master/couchstore/src/views/bin/util.cc:64
          #3 0x401837 in main /home/couchbase/jenkins/workspace/kv_engine-post-commit-master/couchstore/src/views/bin/couch_view_group_cleanup.cc:64
          #4 0x7f78fca6abf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
      

      See: http://cv.jenkins.couchbase.com/job/kv_engine-post-commit-master/8457/AddressSanitizer/

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          There are no comments yet on this issue.

          People

            ankit.prabhu Ankit Prabhu
            drigby Dave Rigby
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty