search

grobian / carbon-c-relay

Enhanced C implementation of Carbon relay, aggregator and rewriter
Apache License 2.0
380 stars 107 forks source link

fix udp.srcaddr after connections realloc #362

Closed msaf1980 closed 5 years ago

msaf1980 commented 5 years ago

Fix for https://github.com/grobian/carbon-c-relay/issues/346

msaf1980 commented 5 years ago

Trace with ASAN ==11648==ERROR: AddressSanitizer: heap-use-after-free on address 0x7f16b52e9811 at pc 0x00000040f9d6 bp 0x7f16b3ae39d0 sp 0x7f16b3ae39c0 WRITE of size 1 at 0x7f16b52e9811 thread T4

0 0x40f9d5 in udpsockread /data/git/carbon-c-relay/dispatcher.c:163

1 0x413154 in dispatch_connection /data/git/carbon-c-relay/dispatcher.c:859

2 0x4152c4 in dispatch_runner /data/git/carbon-c-relay/dispatcher.c:1137

3 0x7f16bcca8593 in start_thread (/lib64/libpthread.so.0+0x7593)

4 0x7f16bc9dbe6e in clone (/lib64/libc.so.6+0xf9e6e)

0x7f16b52e9811 is located 17 bytes inside of 68247552-byte region [0x7f16b52e9800,0x7f16b93ff800) freed by thread T1 here:

0 0x7f16be05f448 in __interceptor_realloc (/lib64/libasan.so.5+0xef448)

1 0x411126 in dispatch_addconnection /data/git/carbon-c-relay/dispatcher.c:600

2 0x414dd0 in dispatch_runner /data/git/carbon-c-relay/dispatcher.c:1100

3 0x7f16bcca8593 in start_thread (/lib64/libpthread.so.0+0x7593)

Realloc of connections is a root cause of segfault https://github.com/grobian/carbon-c-relay/blob/master/dispatcher.c#L600