adios_select_method: heap-use-after-free

Question

adios_select_method: heap-use-after-free

Closed this issue 6 years ago · 1 comments

The parameters * argument in adios_select_method causes a heap-use-after-free when run in parallel with MPI_AGGREGATE.

When used as:

const char c[] = "num_aggregators=2;have_metadata_file=1";
adios_select_method(group, "MPI_AGGREGATE", c, "");
// anti-test:
// adios_select_method(group, "MPI_AGGREGATE", "", "");

Tested with ADIOS 1.13.1, mpirun -np 2.

Detectable, e.g. with clang-6 -fsantize-address and

export ASAN_OPTIONS=detect_stack_use_after_return=1:detect_leaks=0:check_initialization_order=true:strict_init_order=true:detect_stack_use_after_scope=1=

mpirun -np 2 someTest

Likely root issue:

The parameters are passed to adios_common_select_method_by_group_id which evaluates the params in get_and_preprocess_params. That in turn calls a2s_text_to_name_value_pairs, where the original pointer is aliased in item which is then modified instead of its copy here.

cc @pnorbert

Answer 1 · 2019-01-07T23:40:10.000Z

Ah no, it's on our side.
We are passing a temporary C++ sstream as a string as a c pointer. One temporary too much, sorry for the noise!

(~~The non-copy modification in a2s_text_to_name_value_pairs still looks a bit odd, but maybe I miss something there.~~ ah no, just a pointer re-assignment)