search

NTAP / quant

QUIC implementation for POSIX and IoT platforms
BSD 2-Clause "Simplified" License
289 stars 35 forks source link

memory error in rx_pkts #26

Closed kenmcmil closed 5 years ago

kenmcmil commented 5 years ago

Here is a report of what looks like a use after free.


0.032   q_init quic.c:507 quant/socket 0.0.16/e2c7fbf with libev/epoll 4.22 ready
        q_init quic.c:508 submit bug reports at https://github.com/NTAP/quant/issues
0.034   q_init quic.c:527 debug build, storing fuzzer corpus data
        q_bind quic.c:362 binding serv socket on port 4443
        init_rec recovery.c:558 in_flight=0 (+0), cwnd=12000 (+12000), ssthresh=0 (+0), srtt=0.000000 (+0.000000), rttvar=0.000000 (+0.000000)
        new_conn conn.c:1311 serv conn ? on port 4443 created
        new_conn conn.c:1313 serv conn ? state conn_clsd -> conn_idle
        q_bind quic.c:364 bound serv socket on port 4443
        main server.c:239 server waiting on lo port 4443
0.209   rx_pkts conn.c:918 new serv conn on port 4443 from 127.0.0.1:4988 w/cid=0:000000000000000b
        init_rec recovery.c:558 in_flight=0 (+0), cwnd=12000 (+0), ssthresh=0 (+0), srtt=0.000000 (+0.000000), rttvar=0.000000 (+0.000000)
        new_conn conn.c:1311 serv conn 0:000000000000000b on port 4443 created
        new_conn conn.c:1313 serv conn 0:000000000000000b state conn_clsd -> conn_idle
0.209   log_pkt pkt.c:123 RX from=127.0.0.1:4988 len=1216 0xff=Initial vers=0xff00000f dcid=000000000000000b scid=000000000000000d tok= len=1207 nr=0
        rx_pkt conn.c:680 supporting clnt-requested vers 0xff00000f
        log_stream_or_crypto_frame frame.c:118 CRYPTO 0x18 off=0 len=243 [seq]
        dec_frames frame.c:895 PADDING len=939
        rx_pkt conn.c:705 serv conn 0:000000000000000b state conn_idle -> conn_opng
        update_act_scid conn.c:503 hshk switch to scid 0:542619f7e8a06585 for serv conn (was 0:000000000000000b)
        on_ch tls.c:306     SNI = 
        on_ch tls.c:309     ALPN = 
        chk_tp tls.c:471    initial_max_stream_data_bidi_local = 8192
        chk_tp tls.c:483    initial_max_data = 16384
        chk_tp tls.c:500    idle_timeout = 60
        chk_tp tls.c:478    initial_max_stream_data_bidi_remote = 8192
        chk_tp tls.c:465    initial_max_stream_data_uni = 8192
0.212   rx_crypto conn.c:583 serv conn 0:542619f7e8a06585 state conn_opng -> conn_estb
        tx conn.c:429 data TX on serv conn 0:542619f7e8a06585 strm -4 w/1 pkt in queue
        enc_pkt pkt.c:395 hshk switch to scid 0:d742b82a422c0a61 for serv conn (was 0:542619f7e8a06585)
        update_act_scid conn.c:503 hshk switch to scid 0:d742b82a422c0a61 for serv conn (was 0:542619f7e8a06585)
0.213   log_pkt pkt.c:176 TX to=127.0.0.1:4988 0xff=Initial vers=0xff00000f dcid=000000000000000d scid=d742b82a422c0a61 tok=5e8e4adf5a6b0923c72e8fe9ed20b2d1deaf979cb96c34bbc70f6deb8a6322cb542619f7e8a06585 len=0 nr=0
        enc_ack_frame frame.c:1171 ACK lg=0 delay=0 (0 usec) cnt=0 block=0 [0]
        enc_padding_frame frame.c:1099 PADDING len=97
        log_stream_or_crypto_frame frame.c:118 CRYPTO 0x18 off=0 len=155 
        on_pkt_sent recovery.c:311 in_flight=299 (+299), cwnd=12000 (+0), ssthresh=0 (+0), srtt=0.000000 (+0.000000), rttvar=0.000000 (+0.000000)
        set_ld_timer recovery.c:134 crypto RTX alarm in 0.200000 sec on serv conn 0:d742b82a422c0a61
        log_sent_pkts conn.c:229 epoch 0 unacked: *0 
        tx conn.c:429 data TX on serv conn 0:d742b82a422c0a61 strm -2 w/2 pkts in queue
0.213   log_pkt pkt.c:186 TX to=127.0.0.1:4988 0xfd=Handshake vers=0xff00000f dcid=000000000000000d scid=d742b82a422c0a61 len=0 nr=0
        enc_padding_frame frame.c:1099 PADDING len=103
        log_stream_or_crypto_frame frame.c:118 CRYPTO 0x18 off=0 len=1108 
        on_pkt_sent recovery.c:311 in_flight=1551 (+1252), cwnd=12000 (+0), ssthresh=0 (+0), srtt=0.000000 (+0.000000), rttvar=0.000000 (+0.000000)
        set_ld_timer recovery.c:134 crypto RTX alarm in 0.200000 sec on serv conn 0:d742b82a422c0a61
0.213   log_pkt pkt.c:186 TX to=127.0.0.1:4988 0xfd=Handshake vers=0xff00000f dcid=000000000000000d scid=d742b82a422c0a61 len=0 nr=1
        enc_padding_frame frame.c:1099 PADDING len=103
        log_stream_or_crypto_frame frame.c:118 CRYPTO 0x18 off=1108 len=292 
        on_pkt_sent recovery.c:311 in_flight=1987 (+436), cwnd=12000 (+0), ssthresh=0 (+0), srtt=0.000000 (+0.000000), rttvar=0.000000 (+0.000000)
        set_ld_timer recovery.c:134 crypto RTX alarm in 0.200000 sec on serv conn 0:d742b82a422c0a61
        log_sent_pkts conn.c:229 epoch 0 unacked: *0 
        log_sent_pkts conn.c:229 epoch 2 unacked: *0 *1 
        coalesce pkt.c:225 coalescing 0xfd len 436 behind 0xff len 299
0.387   log_pkt pkt.c:141 RX from=127.0.0.1:4988 len=50 0x30=Short kyph=0 dcid=d742b82a422c0a61 nr=0
        rx_pkts conn.c:998 received invalid 50-byte 0x30-type pkt, ignoring
0.409   on_ld_alarm recovery.c:226 crypto RTX #1 on serv conn 0:d742b82a422c0a61
        detect_lost_pkts recovery.c:171 pkt 0 considered lost
        detect_lost_pkts recovery.c:210 in_flight=1688 (-299), cwnd=12000 (+0), ssthresh=0 (+0), srtt=0.000000 (+0.000000), rttvar=0.000000 (+0.000000)
        detect_lost_pkts recovery.c:171 pkt 0 considered lost
        detect_lost_pkts recovery.c:171 pkt 1 considered lost
        detect_lost_pkts recovery.c:210 in_flight=0 (-1688), cwnd=6000 (-6000), ssthresh=6000 (+6000), srtt=0.000000 (+0.000000), rttvar=0.000000 (+0.000000)
        tx conn.c:429 data TX on serv conn 0:d742b82a422c0a61 strm -4 w/1 pkt in queue
0.409   log_pkt pkt.c:176 TX to=127.0.0.1:4988 0xff=Initial vers=0xff00000f dcid=000000000000000d scid=d742b82a422c0a61 tok=5e8e4adf5a6b0923c72e8fe9ed20b2d1deaf979cb96c34bbc70f6deb8a6322cb542619f7e8a06585 len=274 nr=1
        enc_padding_frame frame.c:1099 PADDING len=98
        log_stream_or_crypto_frame frame.c:118 CRYPTO 0x18 off=0 len=155 [RTX] 
        on_pkt_sent recovery.c:311 in_flight=299 (+299), cwnd=6000 (+0), ssthresh=6000 (+0), srtt=0.000000 (+0.000000), rttvar=0.000000 (+0.000000)
        set_ld_timer recovery.c:134 crypto RTX alarm in 0.400000 sec on serv conn 0:d742b82a422c0a61
        log_sent_pkts conn.c:229 epoch 0 unacked: *0 *1 
        log_sent_pkts conn.c:229 epoch 2 unacked: *0 *1 
        tx conn.c:429 data TX on serv conn 0:d742b82a422c0a61 strm -2 w/2 pkts in queue
0.410   log_pkt pkt.c:186 TX to=127.0.0.1:4988 0xfd=Handshake vers=0xff00000f dcid=000000000000000d scid=d742b82a422c0a61 len=1228 nr=2
        enc_padding_frame frame.c:1099 PADDING len=99
        log_stream_or_crypto_frame frame.c:118 CRYPTO 0x18 off=0 len=1108 [RTX] 
        on_pkt_sent recovery.c:311 in_flight=1551 (+1252), cwnd=6000 (+0), ssthresh=6000 (+0), srtt=0.000000 (+0.000000), rttvar=0.000000 (+0.000000)
        set_ld_timer recovery.c:134 crypto RTX alarm in 0.400000 sec on serv conn 0:d742b82a422c0a61
0.410   log_pkt pkt.c:186 TX to=127.0.0.1:4988 0xfd=Handshake vers=0xff00000f dcid=000000000000000d scid=d742b82a422c0a61 len=412 nr=3
        enc_padding_frame frame.c:1099 PADDING len=98
        log_stream_or_crypto_frame frame.c:118 CRYPTO 0x18 off=1108 len=292 [RTX] 
        on_pkt_sent recovery.c:311 in_flight=1987 (+436), cwnd=6000 (+0), ssthresh=6000 (+0), srtt=0.000000 (+0.000000), rttvar=0.000000 (+0.000000)
        set_ld_timer recovery.c:134 crypto RTX alarm in 0.400000 sec on serv conn 0:d742b82a422c0a61
        log_sent_pkts conn.c:229 epoch 0 unacked: *0 *1 
        log_sent_pkts conn.c:229 epoch 2 unacked: *0 *1 *2 *3 
        coalesce pkt.c:225 coalescing 0xfd len 436 behind 0xff len 299
0.726   rx_pkts conn.c:952 pkt came from new peer 127.0.0.1:4987, probing
0.727   log_pkt pkt.c:141 RX from=127.0.0.1:4987 len=76 0x30=Short kyph=0 dcid=d742b82a422c0a61 nr=0
        rx_pkts conn.c:998 received invalid 76-byte 0x30-type pkt, ignoring
0.810   on_ld_alarm recovery.c:226 crypto RTX #2 on serv conn 0:d742b82a422c0a61
        detect_lost_pkts recovery.c:171 pkt 1 considered lost
        detect_lost_pkts recovery.c:210 in_flight=1688 (-299), cwnd=6000 (+0), ssthresh=6000 (+0), srtt=0.000000 (+0.000000), rttvar=0.000000 (+0.000000)
        detect_lost_pkts recovery.c:171 pkt 2 considered lost
        detect_lost_pkts recovery.c:171 pkt 3 considered lost
        detect_lost_pkts recovery.c:210 in_flight=0 (-1688), cwnd=3000 (-3000), ssthresh=3000 (-3000), srtt=0.000000 (+0.000000), rttvar=0.000000 (+0.000000)
        tx conn.c:429 data TX on serv conn 0:d742b82a422c0a61 strm -4 w/1 pkt in queue
0.810   log_pkt pkt.c:176 TX to=127.0.0.1:4987 0xff=Initial vers=0xff00000f dcid=000000000000000d scid=d742b82a422c0a61 tok=5e8e4adf5a6b0923c72e8fe9ed20b2d1deaf979cb96c34bbc70f6deb8a6322cb542619f7e8a06585 len=274 nr=2
        enc_padding_frame frame.c:1099 PADDING len=98
        log_stream_or_crypto_frame frame.c:118 CRYPTO 0x18 off=0 len=155 [RTX] 
        on_pkt_sent recovery.c:311 in_flight=299 (+299), cwnd=3000 (+0), ssthresh=3000 (+0), srtt=0.000000 (+0.000000), rttvar=0.000000 (+0.000000)
        set_ld_timer recovery.c:134 crypto RTX alarm in 0.800000 sec on serv conn 0:d742b82a422c0a61
        log_sent_pkts conn.c:229 epoch 0 unacked: *0 *1 *2 
        log_sent_pkts conn.c:229 epoch 2 unacked: *0 *1 *2 *3 
        tx conn.c:429 data TX on serv conn 0:d742b82a422c0a61 strm -2 w/2 pkts in queue
0.810   log_pkt pkt.c:186 TX to=127.0.0.1:4987 0xfd=Handshake vers=0xff00000f dcid=000000000000000d scid=d742b82a422c0a61 len=1228 nr=4
        enc_padding_frame frame.c:1099 PADDING len=99
        log_stream_or_crypto_frame frame.c:118 CRYPTO 0x18 off=0 len=1108 [RTX] 
        on_pkt_sent recovery.c:311 in_flight=1551 (+1252), cwnd=3000 (+0), ssthresh=3000 (+0), srtt=0.000000 (+0.000000), rttvar=0.000000 (+0.000000)
        set_ld_timer recovery.c:134 crypto RTX alarm in 0.800000 sec on serv conn 0:d742b82a422c0a61
        tx_stream_data conn.c:324 cwnd limit reached at in_flight 1551 + 2020 > 3000
        log_sent_pkts conn.c:229 epoch 0 unacked: *0 *1 *2 
        log_sent_pkts conn.c:229 epoch 2 unacked: *0 *1 *2 *3 *4 
0.897   log_pkt pkt.c:141 RX from=127.0.0.1:4987 len=57 0x30=Short kyph=0 dcid=d742b82a422c0a61 nr=0
        rx_pkts conn.c:998 received invalid 57-byte 0x30-type pkt, ignoring
1.280   rx_pkts conn.c:952 pkt came from new peer 127.0.0.1:4988, probing
1.280   log_pkt pkt.c:123 RX from=127.0.0.1:4988 len=1216 0xff=Initial vers=0xff00000f dcid=d742b82a422c0a61 scid=000000000000000d tok=9a10 len=1205 nr=2
        dec_ack_frame frame.c:391 ACK lg=0 delay=0 (0 usec) cnt=0 block=0 [0]
        on_pkt_acked recovery.c:493 0 was RTX'ed as 2
        detect_lost_pkts recovery.c:210 in_flight=1551 (+0), cwnd=3000 (+0), ssthresh=3000 (+0), srtt=1.071270 (+1.071270), rttvar=0.535635 (+0.535635)
        set_ld_timer recovery.c:134 crypto RTX alarm in 1.672209 sec on serv conn 0:d742b82a422c0a61
        dec_ack_frame frame.c:391 ACK lg=1 delay=0 (0 usec) cnt=0 block=0 [1]
        on_pkt_acked recovery.c:493 1 was RTX'ed as 2
        detect_lost_pkts recovery.c:210 in_flight=1551 (+0), cwnd=3000 (+0), ssthresh=3000 (+0), srtt=1.046230 (-0.025040), rttvar=0.451806 (-0.083829)
        set_ld_timer recovery.c:134 crypto RTX alarm in 1.622129 sec on serv conn 0:d742b82a422c0a61
        dec_ack_frame frame.c:391 ACK lg=2 delay=0 (0 usec) cnt=0 block=0 [2]
        on_pkt_acked recovery.c:506 stream -4 fully acked
        detect_lost_pkts recovery.c:210 in_flight=1252 (-299), cwnd=3000 (+0), ssthresh=3000 (+0), srtt=0.974243 (-0.071987), rttvar=0.482829 (+0.031023)
        set_ld_timer recovery.c:134 crypto RTX alarm in 1.478154 sec on serv conn 0:d742b82a422c0a61
        dec_frames frame.c:895 PADDING len=1169
1.423   log_pkt pkt.c:133 RX from=127.0.0.1:4988 len=99 0xfd=Handshake vers=0xff00000f dcid=d742b82a422c0a61 scid=000000000000000d len=91 nr=0
        log_stream_or_crypto_frame frame.c:118 CRYPTO 0x18 off=0 len=52 [seq]
        dec_frames frame.c:895 PADDING len=15
1.448   ack_alarm pn.c:56 ACK timer fired on serv conn 0:d742b82a422c0a61 epoch 2
1.448   log_pkt pkt.c:186 TX to=127.0.0.1:4988 0xfd=Handshake vers=0xff00000f dcid=000000000000000d scid=d742b82a422c0a61 len=0 nr=5
        enc_ack_frame frame.c:1171 ACK lg=0 delay=3181 (25448 usec) cnt=0 block=0 [0]
1.543   log_pkt pkt.c:141 RX from=127.0.0.1:4988 len=50 0x30=Short kyph=0 dcid=d742b82a422c0a61 nr=9
        new_stream stream.c:101 serv conn 0:d742b82a422c0a61 strm 4 (bidir, clnt) state strm_idle -> strm_open
        log_stream_or_crypto_frame frame.c:113 STREAM 0x16=LEN|OFF id=4/20 off=15/65535 len=17 coff=17/393210 [ooo]
        dec_frames frame.c:895 PADDING len=15
1.569   ack_alarm pn.c:56 ACK timer fired on serv conn 0:d742b82a422c0a61 epoch 3
1.569   log_pkt pkt.c:194 TX to=127.0.0.1:4988 0x31=Short kyph=0 dcid=000000000000000d nr=0
        enc_ack_frame frame.c:1171 ACK lg=9 delay=3182 (25456 usec) cnt=0 block=0 [9]
        enc_new_token_frame frame.c:1498 NEW_TOKEN len=40 tok=5e8e4adf5a6b0923c72e8fe9ed20b2d1deaf979cb96c34bbc70f6deb8a6322cb542619f7e8a06585
        enc_path_challenge_frame frame.c:1448 PATH_CHALLENGE data=fd732cf72b532b8c
        enc_new_cid_frame frame.c:1477 NEW_CONNECTION_ID seq=1 len=8 cid=1:af22b77425c5414c tok=5fe56b195ab8371f9e0d8034f9358acf
        on_pkt_sent recovery.c:311 in_flight=1362 (+110), cwnd=3000 (+0), ssthresh=3000 (+0), srtt=0.974243 (+0.000000), rttvar=0.482829 (+0.000000)
        set_ld_timer recovery.c:134 crypto RTX alarm in 1.189695 sec on serv conn 0:d742b82a422c0a61
1.749   log_pkt pkt.c:141 RX from=127.0.0.1:4988 len=34 0x30=Short kyph=0 dcid=d742b82a422c0a61 nr=5
        dec_rst_stream_frame frame.c:800 RST_STREAM sid=4 err=0x963d off=32
        dec_rst_stream_frame frame.c:806 serv conn 0:d742b82a422c0a61 strm 4 (bidir, clnt) state strm_open -> strm_clsd
        dec_frames frame.c:895 PADDING len=15
1.774   ack_alarm pn.c:56 ACK timer fired on serv conn 0:d742b82a422c0a61 epoch 3
1.774   log_pkt pkt.c:194 TX to=127.0.0.1:4988 0x30=Short kyph=0 dcid=000000000000000d nr=1
        enc_ack_frame frame.c:1171 ACK lg=9 delay=28893 (231144 usec) cnt=1 block=0 [9]
        enc_ack_frame frame.c:1164 ACK gap=2 block=0 [5]
        enc_path_challenge_frame frame.c:1448 PATH_CHALLENGE data=fd732cf72b532b8c
        on_pkt_sent recovery.c:311 in_flight=1407 (+45), cwnd=3000 (+0), ssthresh=3000 (+0), srtt=0.974243 (+0.000000), rttvar=0.482829 (+0.000000)
        set_ld_timer recovery.c:134 crypto RTX alarm in 0.984002 sec on serv conn 0:d742b82a422c0a61
2.226   rx_pkts conn.c:952 pkt came from new peer 127.0.0.1:4987, probing
2.226   log_pkt pkt.c:141 RX from=127.0.0.1:4987 len=78 0x30=Short kyph=0 dcid=d742b82a422c0a61 nr=3
        dec_ack_frame frame.c:391 ACK lg=0 delay=0 (0 usec) cnt=0 block=0 [0]
        detect_lost_pkts recovery.c:210 in_flight=1297 (-110), cwnd=3000 (+0), ssthresh=3000 (+0), srtt=0.934653 (-0.039589), rttvar=0.441300 (-0.041529)
        set_ld_timer recovery.c:134 crypto RTX alarm in 0.452987 sec on serv conn 0:d742b82a422c0a61
        log_stream_or_crypto_frame frame.c:113 STREAM 0x16=LEN|OFF id=4/20 off=32/65535 len=8 coff=25/393210 [ooo]
        dec_rst_stream_frame frame.c:800 RST_STREAM sid=4 err=0x661b off=40
        dec_rst_stream_frame frame.c:806 useless transition: serv conn 0:d742b82a422c0a61 strm 4 (bidir, clnt) state strm_clsd -> strm_clsd
        dec_ack_frame frame.c:391 ACK lg=1 delay=0 (0 usec) cnt=0 block=0 [1]
        detect_lost_pkts recovery.c:210 in_flight=1252 (-45), cwnd=3000 (+0), ssthresh=3000 (+0), srtt=0.874301 (-0.060352), rttvar=0.451679 (+0.010379)
        set_ld_timer recovery.c:134 crypto RTX alarm in 0.332283 sec on serv conn 0:d742b82a422c0a61
        dec_frames frame.c:907 addtl stream or crypto frame at pos 40, copy
        log_stream_or_crypto_frame frame.c:113 STREAM 0x16=LEN|OFF id=4/20 off=40/65535 len=8 coff=33/393210 [ooo]
        dec_rst_stream_frame frame.c:800 RST_STREAM sid=4 err=0x7b6a off=48
        dec_rst_stream_frame frame.c:806 useless transition: serv conn 0:d742b82a422c0a61 strm 4 (bidir, clnt) state strm_clsd -> strm_clsd
        dec_rst_stream_frame frame.c:800 RST_STREAM sid=4 err=0x15ed off=48
        dec_rst_stream_frame frame.c:806 useless transition: serv conn 0:d742b82a422c0a61 strm 4 (bidir, clnt) state strm_clsd -> strm_clsd
        dec_frames frame.c:895 PADDING len=15
        free_stream stream.c:133 freeing strm 4 on serv conn 0:d742b82a422c0a61
=================================================================
==17541==ERROR: AddressSanitizer: use-after-poison on address 0x7f1d85afade0 at pc 0x559285d6d5af bp 0x7ffee0b6a100 sp 0x7ffee0b6a0f0
READ of size 8 at 0x7f1d85afade0 thread T0
    #0 0x559285d6d5ae in pm_free /home/mcmillan/projects/quant/lib/src/quic.c:125
    #1 0x559285dcd221 in rx_pkts /home/mcmillan/projects/quant/lib/src/conn.c:1022
    #2 0x559285dcd9c9 in rx /home/mcmillan/projects/quant/lib/src/conn.c:1041
    #3 0x7f1d968ebd72 in ev_invoke_pending (/usr/lib/x86_64-linux-gnu/libev.so.4+0x3d72)
    #4 0x7f1d968ef3dd in ev_run (/usr/lib/x86_64-linux-gnu/libev.so.4+0x73dd)
    #5 0x559285d88066 in q_rx_ready /home/mcmillan/projects/quant/lib/src/quic.c:660
    #6 0x559285d696b4 in main /home/mcmillan/projects/quant/bin/server.c:246
    #7 0x7f1d955e2b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #8 0x559285d67159 in _start (/home/mcmillan/projects/quant/Debug/bin/server+0x1ac159)

0x7f1d85afade0 is located 34387424 bytes inside of 34400344-byte region [0x7f1d83a2f800,0x7f1d85afe058)
allocated by thread T0 here:
    #0 0x7f1d977f9d38 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded38)
    #1 0x559285d81153 in q_init /home/mcmillan/projects/quant/lib/src/quic.c:489
    #2 0x559285d69118 in main /home/mcmillan/projects/quant/bin/server.c:234
    #3 0x7f1d955e2b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

SUMMARY: AddressSanitizer: use-after-poison /home/mcmillan/projects/quant/lib/src/quic.c:125 in pm_free
Shadow bytes around the buggy address:
  0x0fe430b57560: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0fe430b57570: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0fe430b57580: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0fe430b57590: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0fe430b575a0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
=>0x0fe430b575b0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7[f7]f7 f7 f7
  0x0fe430b575c0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0fe430b575d0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0fe430b575e0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0fe430b575f0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0fe430b57600: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==17541==ABORTING
mcmillan@kenmcmil-z420:~/projects/ivy/doc/examples/quic$
larseggert commented 5 years ago

What client did you use? I never had anyone send me a RST_STREAM before, so I am not surprised at all there are issues in that code path.

larseggert commented 5 years ago

I think I may have committed a fix, but since I have no way to reproduce, I'll leave this open

kenmcmil commented 5 years ago

I am not seeing this now, so I am closing and will re-open if I see it again.

By the way, if there are any frames types or other features which you think are not well tested, let me know. I can pretty easily cook up a test that targets a particular frame type.