current devel: tests/progs/slapd_bind use after free
erthink opened this issue · 0 comments
erthink commented
=================================================================
==26976==ERROR: AddressSanitizer: heap-use-after-free on address 0x6040000009b0 at pc 0x556c7be7caa3 bp 0x7ffc0dcc7900 sp 0x7ffc0dcc70a8
READ of size 7 at 0x6040000009b0 thread T0
#0 0x556c7be7caa2 in __interceptor_memcpy.part.234 (/home/ly/Projects/reopenldap.git/@ci-buzz.pool/@8.devel/src/tests/progs/slapd_bind+0x8baa2)
#1 0x556c7bf41b3a in ber_write /home/ly/Projects/reopenldap.git/@ci-buzz.pool/@8.devel/src/libraries/libreldap/io.c:110
#2 0x556c7bf2e690 in ber_put_ostring /home/ly/Projects/reopenldap.git/@ci-buzz.pool/@8.devel/src/libraries/libreldap/encode.c:233
#3 0x556c7bf2f94d in ber_printf /home/ly/Projects/reopenldap.git/@ci-buzz.pool/@8.devel/src/libraries/libreldap/encode.c:559
#4 0x556c7bf627f8 in ldap_build_bind_req /home/ly/Projects/reopenldap.git/@ci-buzz.pool/@8.devel/src/libraries/libreldap/sasl.c:83
#5 0x556c7bf62ad7 in ldap_sasl_bind /home/ly/Projects/reopenldap.git/@ci-buzz.pool/@8.devel/src/libraries/libreldap/sasl.c:159
#6 0x556c7bf6368f in ldap_sasl_bind_s /home/ly/Projects/reopenldap.git/@ci-buzz.pool/@8.devel/src/libraries/libreldap/sasl.c:198
#7 0x556c7bf24a0a in tester_init_ld /home/ly/Projects/reopenldap.git/@ci-buzz.pool/@8.devel/src/tests/progs/slapd-common.c:538
#8 0x556c7be203d2 in do_base /home/ly/Projects/reopenldap.git/@ci-buzz.pool/@8.devel/src/tests/progs/slapd-bind.c:383
#9 0x556c7be203d2 in main /home/ly/Projects/reopenldap.git/@ci-buzz.pool/@8.devel/src/tests/progs/slapd-bind.c:187
#10 0x7fbcac1171c0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x211c0)
#11 0x556c7be240b9 in _start (/home/ly/Projects/reopenldap.git/@ci-buzz.pool/@8.devel/src/tests/progs/slapd_bind+0x330b9)
0x6040000009b0 is located 32 bytes inside of 48-byte region [0x604000000990,0x6040000009c0)
freed by thread T0 here:
#0 0x556c7bee1b08 in __interceptor_free (/home/ly/Projects/reopenldap.git/@ci-buzz.pool/@8.devel/src/tests/progs/slapd_bind+0xf0b08)
#1 0x556c7be20991 in do_base /home/ly/Projects/reopenldap.git/@ci-buzz.pool/@8.devel/src/tests/progs/slapd-bind.c:505
#2 0x556c7be20991 in main /home/ly/Projects/reopenldap.git/@ci-buzz.pool/@8.devel/src/tests/progs/slapd-bind.c:187
previously allocated by thread T0 here:
#0 0x556c7bee1ea0 in __interceptor_malloc (/home/ly/Projects/reopenldap.git/@ci-buzz.pool/@8.devel/src/tests/progs/slapd_bind+0xf0ea0)
#1 0x556c7bf47885 in ber_memalloc_x /home/ly/Projects/reopenldap.git/@ci-buzz.pool/@8.devel/src/libraries/libreldap/memory.c:124
#2 0x60400000092f (<unknown module>)
SUMMARY: AddressSanitizer: heap-use-after-free (/home/ly/Projects/reopenldap.git/@ci-buzz.pool/@8.devel/src/tests/progs/slapd_bind+0x8baa2) in __interceptor_memcpy.part.234
Shadow bytes around the buggy address:
0x0c087fff80e0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
0x0c087fff80f0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fff8100: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fff8110: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fff8120: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
=>0x0c087fff8130: fa fa fd fd fd fd[fd]fd fa fa fd fd fd fd fd fd
0x0c087fff8140: fa fa fd fd fd fd fd fd fa fa f7 f7 f7 f7 05 f7
0x0c087fff8150: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8160: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8170: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8180: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==26976==ABORTING
commit 096d09faf6d4ba197fa716625463bca1ea0fcc00
Author: Leo Yuriev <leo@yuriev.ru>
Date: 2018-02-01 19:13:05 +0300
syncprov: fixes for delta-syncrepl with empty accesslog (ITS#8100).
Update syncprov contextCSNs when context entry is added.
Fix accesslog to properly tag Add op when adding context entry.
Note: This commit differs significantly from Howard's ca7f697e14087234e44c96fb7edd81cfb14183dc.