I have run a test with the V6.2 CPP_Demo under linux with address sanitizer, and got the following error:
==12==ERROR: AddressSanitizer: heap-use-after-free on address 0x61c000000b68 at pc 0x7fe7da0b5703 bp 0x7ffcafb91330 sp 0x7ffcafb91320
READ of size 8 at 0x61c000000b68 thread T0:
#0 0x7fe7da0b5702 in socketGetLocalAddr
#1 0x7fe7da0ba3ca in XcpEthTlInit
#2 0x7fe7da0b71f3 in XcpEthServerInit
freed by thread T0 here:
#0 0x55891661292f in __interceptor_free
#1 0x7fe7da0b567a in socketGetLocalAddr
#2 0x7fe7da0ba3ca in XcpEthTlInit
#3 0x7fe7da0b71f3 in XcpEthServerInit
previously allocated by thread T0 here:
#0 0x558916612f26 in __interceptor_calloc
#1 0x7fe7d92c4122 (/lib/x86_64-linux-gnu/libc.so.6+0x141122)
#2 0x7fe7d92c4c07 in getifaddrs (/lib/x86_64-linux-gnu/libc.so.6+0x141c07)
#3 0x7fe7da0b5121 in socketGetLocalAddr
#4 0x7fe7da0ba3ca in XcpEthTlInit
#5 0x7fe7da0b71f3 in XcpEthServerInit
SUMMARY: AddressSanitizer: heap-use-after-free in socketGetLocalAddr
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
Hello,
I have run a test with the V6.2 CPP_Demo under linux with address sanitizer, and got the following error:
==12==ERROR: AddressSanitizer: heap-use-after-free on address 0x61c000000b68 at pc 0x7fe7da0b5703 bp 0x7ffcafb91330 sp 0x7ffcafb91320
READ of size 8 at 0x61c000000b68 thread T0:
freed by thread T0 here:
previously allocated by thread T0 here:
SUMMARY: AddressSanitizer: heap-use-after-free in socketGetLocalAddr
Shadow bytes around the buggy address: 0x0c387fff8110: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c387fff8120: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c387fff8130: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c387fff8140: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c387fff8150: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c387fff8160: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd 0x0c387fff8170: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c387fff8180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c387fff8190: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c387fff81a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c387fff81b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc
==12==ABORTING================================================================================
Looks like the function socketGetLocalAddr() tried to read memory that is already be freed.