search

ros-navigation / navigation2

ROS 2 Navigation Framework and System
https://nav2.org/
Other
2.52k stars 1.28k forks source link

heap-use-after-free in nav2_costmap_2d_core #3883

Closed Rrooach closed 11 months ago

Rrooach commented 1 year ago

Bug report

Required Info:

Steps to reproduce issue

Basically, I installed ros-humble on a remote server, compiled it with AddressSanitizer, And when I start to boot the Navigator2 system and try to fuzz testing it, I get the following ASAN report (https://pastebin.com/DLyEGk9x).

Expected behavior

The program run without any problem

Actual behavior

Crashed with ASAN report

Additional information

So, I compile the project using 

CC=clang CXX=clang++  colcon build --parallel-workers 32  --cmake-args -DCMAKE_C_FLAGS=" -g  -w  -fsanitize=address " -DCMAKE_CXX_FLAGS="  -g  -w -fsanitize=address "  -DBUILD_TESTING=OFF

I start the fuzzing process, and I get the error report: https://pastebin.com/DLyEGk9x

It seems that there is an incorrect def-use chain between test_planner_is_path_valid (freed here )and libnav2_costmap_2d_core (allocated here). It would be so nice of you to review this bug report. Thank you again for taking the time. Any suggestions or feedback you can provide would be very helpful.

SteveMacenski commented 1 year ago

I'm a little preoccupied with ROSCon this week, mind opening a PR to resolve any issues that these bring up? That would be an appreciate contribution! Luckily the thing causing the issue is a unit test, not a production system, so that's good news at least that this isn't a 5-alarm fire issue :sweat_smile:

Steve

SteveMacenski commented 11 months ago

https://github.com/ros-planning/navigation2/pull/3910 Resolved!