使用ASAN工具检测会提示一些内存异常
InsightDev opened this issue · 0 comments
=================================================================
==7051==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c0000000bf at pc 0x7f6faac4466e bp 0x7f6fa6a739c0 sp 0x7f6fa6a73168
READ of size 2 at 0x60c0000000bf thread T1
#0 0x7f6faac4466d (/usr/lib/x86_64-linux-gnu/libasan.so.4.0.0+0x5166d)
#1 0x7f6faa772406 in std::__cxx11::basic_string<char, std::char_traits, std::allocator >::basic_string(char const*, std::allocator const&) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x127406)
#2 0x55edcc84f5a6 in xop::AmfDecoder::decodeObject(char const*, int, std::unordered_map<std::__cxx11::basic_string<char, std::char_traits, std::allocator >, xop::AmfObject, std::hash<std::__cxx11::basic_string<char, std::char_traits, std::allocator > >, std::equal_to<std::__cxx11::basic_string<char, std::char_traits, std::allocator > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits, std::allocator > const, xop::AmfObject> > >&) src/xop/amf.cpp:115
#3 0x55edcc84ec1d in xop::AmfDecoder::decode(char const*, int, int) src/xop/amf.cpp:34
#4 0x55edcc86fe34 in xop::RtmpConnection::HandleInvoke(xop::RtmpMessage&) src/xop/RtmpConnection.cpp:206
#5 0x55edcc86f861 in xop::RtmpConnection::HandleMessage(xop::RtmpMessage&) src/xop/RtmpConnection.cpp:146
#6 0x55edcc86f651 in xop::RtmpConnection::HandleChunk(xop::BufferReader&) src/xop/RtmpConnection.cpp:117
#7 0x55edcc86f218 in xop::RtmpConnection::OnRead(xop::BufferReader&) src/xop/RtmpConnection.cpp:68
#8 0x55edcc86e03e in operator() src/xop/RtmpConnection.cpp:51
#9 0x55edcc880ea0 in _M_invoke /usr/include/c++/7/bits/std_function.h:302
#10 0x55edcc8263a6 in std::function<bool (std::shared_ptrxop::TcpConnection, xop::BufferReader&)>::operator()(std::shared_ptrxop::TcpConnection, xop::BufferReader&) const /usr/include/c++/7/bits/std_function.h:706
#11 0x55edcc822c8b in xop::TcpConnection::HandleRead() src/net/TcpConnection.cpp:83
#12 0x55edcc8218cf in operator() src/net/TcpConnection.cpp:14
#13 0x55edcc823dfd in _M_invoke /usr/include/c++/7/bits/std_function.h:316
#14 0x55edcc829771 in std::function<void ()>::operator()() const /usr/include/c++/7/bits/std_function.h:706
#15 0x55edcc82e264 in xop::Channel::HandleEvent(int) src/net/Channel.h:76
#16 0x55edcc8351df in xop::EpollTaskScheduler::HandleEvent(int) src/net/EpollTaskScheduler.cpp:94
#17 0x55edcc82807e in xop::TaskScheduler::Start() src/net/TaskScheduler.cpp:50
#18 0x55edcc847b50 in void std::__invoke_impl<void, void (xop::TaskScheduler::)(), xop::TaskScheduler>(std::__invoke_memfun_deref, void (xop::TaskScheduler::&&)(), xop::TaskScheduler&&) /usr/include/c++/7/bits/invoke.h:73
#19 0x55edcc845ec0 in std::__invoke_result<void (xop::TaskScheduler::)(), xop::TaskScheduler>::type std::__invoke<void (xop::TaskScheduler::)(), xop::TaskScheduler>(void (xop::TaskScheduler::&&)(), xop::TaskScheduler&&) /usr/include/c++/7/bits/invoke.h:95
#20 0x55edcc84a8be in decltype (__invoke((_S_declval<0ul>)(), (_S_declval<1ul>)())) std::thread::_Invoker<std::tuple<void (xop::TaskScheduler::)(), xop::TaskScheduler> >::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) (/home/gzzhang/develop/CodingNet/StreamDev/android_msvoip/libraries/nexhome_rtmp/src/main/jni/NexHomeRtmpServer/rtmp_server_main+0x698be)
#21 0x55edcc84a829 in std::thread::_Invoker<std::tuple<void (xop::TaskScheduler::)(), xop::TaskScheduler> >::operator()() (/home/gzzhang/develop/CodingNet/StreamDev/android_msvoip/libraries/nexhome_rtmp/src/main/jni/NexHomeRtmpServer/rtmp_server_main+0x69829)
#22 0x55edcc84a78d in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (xop::TaskScheduler::)(), xop::TaskScheduler> > >::_M_run() (/home/gzzhang/develop/CodingNet/StreamDev/android_msvoip/libraries/nexhome_rtmp/src/main/jni/NexHomeRtmpServer/rtmp_server_main+0x6978d)
#23 0x7f6faa7086de (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xbd6de)
#24 0x7f6faa9db6da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
#25 0x7f6faa16361e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12161e)
0x60c0000000bf is located 0 bytes to the right of 127-byte region [0x60c000000040,0x60c0000000bf)
allocated by thread T1 here:
#0 0x7f6faacd3608 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4.0.0+0xe0608)
#1 0x55edcc89210f in xop::RtmpChunk::ParseChunkHeader(xop::BufferReader&) src/xop/RtmpChunk.cpp:101
#2 0x55edcc89181a in xop::RtmpChunk::Parse(xop::BufferReader&, xop::RtmpMessage&) src/xop/RtmpChunk.cpp:27
#3 0x55edcc86f61a in xop::RtmpConnection::HandleChunk(xop::BufferReader&) src/xop/RtmpConnection.cpp:114
#4 0x55edcc86f218 in xop::RtmpConnection::OnRead(xop::BufferReader&) src/xop/RtmpConnection.cpp:68
#5 0x55edcc86e03e in operator() src/xop/RtmpConnection.cpp:51
#6 0x55edcc880ea0 in _M_invoke /usr/include/c++/7/bits/std_function.h:302
#7 0x55edcc8263a6 in std::function<bool (std::shared_ptrxop::TcpConnection, xop::BufferReader&)>::operator()(std::shared_ptrxop::TcpConnection, xop::BufferReader&) const /usr/include/c++/7/bits/std_function.h:706
#8 0x55edcc822c8b in xop::TcpConnection::HandleRead() src/net/TcpConnection.cpp:83
#9 0x55edcc8218cf in operator() src/net/TcpConnection.cpp:14
#10 0x55edcc823dfd in _M_invoke /usr/include/c++/7/bits/std_function.h:316
#11 0x55edcc829771 in std::function<void ()>::operator()() const /usr/include/c++/7/bits/std_function.h:706
#12 0x55edcc82e264 in xop::Channel::HandleEvent(int) src/net/Channel.h:76
#13 0x55edcc8351df in xop::EpollTaskScheduler::HandleEvent(int) src/net/EpollTaskScheduler.cpp:94
#14 0x55edcc82807e in xop::TaskScheduler::Start() src/net/TaskScheduler.cpp:50
#15 0x55edcc847b50 in void std::__invoke_impl<void, void (xop::TaskScheduler::)(), xop::TaskScheduler>(std::__invoke_memfun_deref, void (xop::TaskScheduler::&&)(), xop::TaskScheduler&&) /usr/include/c++/7/bits/invoke.h:73
#16 0x55edcc845ec0 in std::__invoke_result<void (xop::TaskScheduler::)(), xop::TaskScheduler>::type std::__invoke<void (xop::TaskScheduler::)(), xop::TaskScheduler>(void (xop::TaskScheduler::&&)(), xop::TaskScheduler&&) /usr/include/c++/7/bits/invoke.h:95
#17 0x55edcc84a8be in decltype (__invoke((_S_declval<0ul>)(), (_S_declval<1ul>)())) std::thread::_Invoker<std::tuple<void (xop::TaskScheduler::)(), xop::TaskScheduler> >::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) (/home/gzzhang/develop/CodingNet/StreamDev/android_msvoip/libraries/nexhome_rtmp/src/main/jni/NexHomeRtmpServer/rtmp_server_main+0x698be)
#18 0x55edcc84a829 in std::thread::_Invoker<std::tuple<void (xop::TaskScheduler::)(), xop::TaskScheduler> >::operator()() (/home/gzzhang/develop/CodingNet/StreamDev/android_msvoip/libraries/nexhome_rtmp/src/main/jni/NexHomeRtmpServer/rtmp_server_main+0x69829)
#19 0x55edcc84a78d in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (xop::TaskScheduler::)(), xop::TaskScheduler> > >::_M_run() (/home/gzzhang/develop/CodingNet/StreamDev/android_msvoip/libraries/nexhome_rtmp/src/main/jni/NexHomeRtmpServer/rtmp_server_main+0x6978d)
#20 0x7f6faa7086de (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xbd6de)
Thread T1 created by T0 here:
#0 0x7f6faac2ad2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4.0.0+0x37d2f)
#1 0x7f6faa708994 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_deletestd::thread::_State >, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xbd994)
#2 0x55edcc8440b7 in xop::EventLoop::Loop() src/net/EventLoop.cpp:67
#3 0x55edcc843960 in xop::EventLoop::EventLoop(unsigned int) src/net/EventLoop.cpp:25
#4 0x55edcc808eb8 in NexHomeRtmpServer::NexHomeRtmpServer(int) /home/gzzhang/develop/CodingNet/StreamDev/android_msvoip/libraries/nexhome_rtmp/src/main/jni/NexHomeRtmpServer/rtmp_server_core.cpp:38
#5 0x55edcc8094f4 in rtmp_server_create /home/gzzhang/develop/CodingNet/StreamDev/android_msvoip/libraries/nexhome_rtmp/src/main/jni/NexHomeRtmpServer/rtmp_server_core.cpp:63
#6 0x55edcc808863 in main /home/gzzhang/develop/CodingNet/StreamDev/android_msvoip/libraries/nexhome_rtmp/src/main/jni/NexHomeRtmpServer/rtmp_server_main.c:40
#7 0x7f6faa063c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: heap-buffer-overflow (/usr/lib/x86_64-linux-gnu/libasan.so.4.0.0+0x5166d)
Shadow bytes around the buggy address:
0x0c187fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c187fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c187fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c187fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c187fff8000: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
=>0x0c187fff8010: 00 00 00 00 00 00 00[07]fa fa fa fa fa fa fa fa
0x0c187fff8020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07
0x0c187fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c187fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c187fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c187fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==7051==ABORTING