larseggert
commented
4 years ago Thanks for the report. I think I just fixed this, could you try the latest version?
Closed piano-man closed 4 years ago
larseggert
commented
4 years ago Thanks for the report. I think I just fixed this, could you try the latest version?
piano-man
commented
4 years ago Yes, that does seem to fix it!
I ran into this error when testing commit 93d6363dac63fd37da52e7370d83fd81a634b9d4 of the implementation. I haven't been able to test it for the latest version of the implementation as I was using a custom client which doesn't support the latest version yet.
==1956==ERROR: AddressSanitizer: heap-use-after-free on address 0x60f000004460 at pc 0x55fcfa59b1d9 bp 0x7fffa77c3700 sp 0x7fffa77c36f0 READ of size 4 at 0x60f000004460 thread T0 $0 0x55fcfa59b1d8 in q_is_stream_closed /home/quant/lib/src/quic.c:935 $1 0x55fcfa58cdd0 in main /home/quant/bin/server.c:461 $2 0x7fdc719a1b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) $3 0x55fcfa5895b9 in _start (/home/quant/Debug/bin/server+0x1165b9)
0x60f000004460 is located 160 bytes inside of 168-byte region [0x60f0000043c0,0x60f000004468) freed by thread T0 here: $0 0x7fdc734487a8 in interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8) $1 0x55fcfa5a316b in free_stream /home/quant/lib/src/stream.c:163 $2 0x55fcfa5c080e in free_conn /home/quant/lib/src/conn.c:1946 $3 0x55fcfa5953a8 in q_close /home/quant/lib/src/quic.c:833 $4 0x55fcfa589d28 in send_err /home/quant/bin/server.c:133 $5 0x55fcfa58f50e in main /home/quant/bin/server.c:453 $6 0x7fdc719a1b96 in libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
previously allocated by thread T0 here: $0 0x7fdc73448d28 in interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) $1 0x55fcfa5a52d2 in new_stream /home/quant/lib/src/stream.c:99 $2 0x55fcfa622617 in dec_stream_or_crypto_frame /home/quant/lib/src/frame.c:321 $3 0x55fcfa626c02 in dec_frames /home/quant/lib/src/frame.c:1283 $4 0x55fcfa5bb613 in rx_pkt /home/quant/lib/src/conn.c:1072 $5 0x55fcfa5c83fe in rx_pkts /home/quant/lib/src/conn.c:1414 $6 0x55fcfa5c98be in rx /home/quant/lib/src/conn.c:1518 $7 0x55fcfa601f21 in loop_run /home/quant/lib/src/loop.c:103 $8 0x55fcfa5909e9 in q_ready /home/quant/lib/src/quic.c:983 $9 0x55fcfa58c9eb in main /home/quant/bin/server.c:375 $10 0x7fdc719a1b96 in libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
SUMMARY: AddressSanitizer: heap-use-after-free /home/quant/lib/src/quic.c:935 in q_is_stream_closed Shadow bytes around the buggy address: 0x0c1e7fff8830: fd fd fd fa fa fa fa fa fa fa fa fa fd fd fd fd 0x0c1e7fff8840: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c1e7fff8850: fd fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd 0x0c1e7fff8860: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1e7fff8870: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd =>0x0c1e7fff8880: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa fa fa 0x0c1e7fff8890: fa fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd 0x0c1e7fff88a0: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa 0x0c1e7fff88b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1e7fff88c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1e7fff88d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==1956==ABORTING