Open matthewtlam opened 1 month ago
I assume that the issue is somewhere in insert_prefix
, but the code was inlined and we cannot pin point which line is problematic based on this.
The issue is likely to be here: https://github.com/p4lang/behavioral-model/blob/9979ce251df26e39734e5a225be7febdea36073c/src/bf_lpm_trie/bf_lpm_trie.c#L207-L210
I believe it is possible for a
to be equal to prefixes->size - 1
at that point, which means the new element needs to be inserted at the very end of the array, but the array does not need to be grown.
In this case, we try to move the contents of prefixes->prefixes[a]
to prefixes->prefixes[a+1]
, which is outside of the allocated array, and that could be the issue.
It may be that this calculation is off-by-one: size_t size = (prefixes->size - a) * sizeof(*prefixes->prefixes);
If someone fixes it, it would be great to add a unit test to https://github.com/p4lang/behavioral-model/blob/main/tests/test_tables.cpp which triggers this behavior.
After running the ASAN (Address Sanitizer) tool on our tests with a simple grpc service that installs many table entries, I noticed that it resulted in a heap_buffer_overflow error.
The ASAN tool detects out-of-bound accesses to heap, stack and globals; use after free and use after return errors. Usually ASAN errors indicate some type of double free or accessing an uninitialized variable (garbage).
This is where ASAN is complaining about it.
Here is a mostly complete ASAN report but omits redundant info with the "...".
@smolkaj , @jonathan-dilorenzo for visibility.