Memory violation in coap
mkmik opened this issue · 0 comments
mkmik commented
make -C test test_asan TEST_FILTER=coap
CC unit_test_asan
RUN unit_test_asan coap
=================================================================
==15382==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff5ab81fc3 at pc 0x000105144d93 bp 0x7fff5ab80c70 sp 0x7fff5ab80c68
READ of size 1 at 0x7fff5ab81fc3 thread T0
#0 0x105144d92 in coap_get_options /Users/mkm/Projects/cesanta/fossa/test/src/coap.c:246:3
#1 0x105142b54 in ns_coap_parse /Users/mkm/Projects/cesanta/fossa/test/src/coap.c:348:14
#2 0x1050a79e9 in test_coap /Users/mkm/Projects/cesanta/fossa/test/unit_test.c:2212:9
#3 0x105083348 in run_tests /Users/mkm/Projects/cesanta/fossa/test/unit_test.c:2487:3
#4 0x10507df16 in main /Users/mkm/Projects/cesanta/fossa/test/unit_test.c:2497:14
#5 0x7fff8eda65fc in start (/usr/lib/system/libdyld.dylib+0x35fc)
#6 0x1 (<unknown module>)
Address 0x7fff5ab81fc3 is located in stack of thread T0 at offset 323 in frame
#0 0x1050a549f in test_coap /Users/mkm/Projects/cesanta/fossa/test/unit_test.c:2115
This frame has 24 object(s):
[32, 40) 'retval'
[64, 88) 'packet_in'
[128, 152) 'packet_out'
[192, 256) 'cm'
[288, 292) 'res'
[304, 323) 'coap_packet_1' <== Memory access at offset 323 overflows this variable
[368, 372) 'coap_packet_2'
[384, 513) 'coap_packet_3'
[592, 596) 'coap_packet_4'
[608, 638) 'coap_packet_5'
[672, 676) 'coap_packet_6'
[688, 718) 'coap_packet_7'
[752, 756) 'coap_packet_2_broken'
[768, 772) 'coap_packet_2_broken1098'
[784, 786) 'value16'
[800, 832) 'mgr'
[864, 872) 'nc'
[896, 904) 'address'
[928, 936) 'res1488'
[960, 992) 'mgr1489'
[1024, 1032) 'nc1'
[1056, 1064) 'nc2'
[1088, 1096) 'address1490'
[1120, 1124) 'i'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /Users/mkm/Projects/cesanta/fossa/test/src/coap.c:246 coap_get_options
Shadow bytes around the buggy address:
0x1fffeb5703a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1fffeb5703b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1fffeb5703c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1fffeb5703d0: f1 f1 f1 f1 00 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2
0x1fffeb5703e0: 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00
=>0x1fffeb5703f0: f2 f2 f2 f2 04 f2 00 00[03]f2 f2 f2 f2 f2 04 f2
0x1fffeb570400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1fffeb570410: 01 f2 f2 f2 f2 f2 f2 f2 f2 f2 04 f2 00 00 00 06
0x1fffeb570420: f2 f2 f2 f2 04 f2 00 00 00 06 f2 f2 f2 f2 04 f2
0x1fffeb570430: 04 f2 02 f2 00 00 00 00 f2 f2 f2 f2 00 f2 f2 f2
0x1fffeb570440: 00 f2 f2 f2 00 f2 f2 f2 00 00 00 00 f2 f2 f2 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
ASan internal: fe
==15382==ABORTING
make: *** [test_asan] Error 1