Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Minor - P4
Fix Version/s: WT2.9.0, 3.3.9
Affects Version/s: WT2.8.0
Component/s: None
Labels:
None

Hi! I compiled WT with asan and got next asan output when WT_SESSION::open_cursor return error.

==3381==ERROR: AddressSanitizer: heap-use-after-free on address 0x61300000b640 at pc 0x7f8095ba351d bp 0x7fff60fd8660 sp 0x7fff60fd8658
READ of size 8 at 0x61300000b640 thread T0
    #0 0x7f8095ba351c in __curtable_close /wiredtiger/2.8.0/src/src/cursor/cur_table.c:716:2
    #1 0x7f8095b9f25e in __wt_curtable_open /wiredtiger/2.8.0/src/src/cursor/cur_table.c:978:3
    #2 0x7f8095c4c2b0 in __session_open_cursor_int /wiredtiger/2.8.0/src/src/session/session_api.c:288:4
    #3 0x7f8095c4f3f1 in __session_open_cursor /wiredtiger/2.8.0/src/src/session/session_api.c:423:2

0x61300000b640 is located 0 bytes inside of 368-byte region [0x61300000b640,0x61300000b7b0)
freed by thread T0 here:
    #0 0x4aa83b in __interceptor_free (/home/dshkirja/git/tb_1/build_asan.x86_64-unknown-linux/platform/bin64/tbdbdump+0x4aa83b)
    #1 0x7f8095bf1b9a in __wt_free_int /wiredtiger/2.8.0/src/src/os_posix/os_alloc.c:307:2
    #2 0x7f8095b970a6 in __wt_cursor_close /wiredtiger/2.8.0/src/src/cursor/cur_std.c:559:2
    #3 0x7f8095b9f217 in __wt_curtable_open /wiredtiger/2.8.0/src/src/cursor/cur_table.c:975:4
    #4 0x7f8095c4c2b0 in __session_open_cursor_int /wiredtiger/2.8.0/src/src/session/session_api.c:288:4
    #5 0x7f8095c4f3f1 in __session_open_cursor /wiredtiger/2.8.0/src/src/session/session_api.c:423:2

previously allocated by thread T0 here:
    #0 0x4aaca4 in calloc (/home/dshkirja/git/tb_1/build_asan.x86_64-unknown-linux/platform/bin64/tbdbdump+0x4aaca4)
    #1 0x7f8095bf10ec in __wt_calloc /wiredtiger/2.8.0/src/src/os_posix/os_alloc.c:51:11
    #2 0x7f8095b9eabf in __wt_curtable_open /wiredtiger/2.8.0/src/src/cursor/cur_table.c:894:2
    #3 0x7f8095c4c2b0 in __session_open_cursor_int /wiredtiger/2.8.0/src/src/session/session_api.c:288:4
    #4 0x7f8095c4f3f1 in __session_open_cursor /wiredtiger/2.8.0/src/src/session/session_api.c:423:2

SUMMARY: AddressSanitizer: heap-use-after-free /wiredtiger/2.8.0/src/src/cursor/cur_table.c:716:2 in __curtable_close
Shadow bytes around the buggy address:
  0x0c267fff9670: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c267fff9680: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c267fff9690: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c267fff96a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c267fff96b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c267fff96c0: fa fa fa fa fa fa fa fa[fd]fd fd fd fd fd fd fd
  0x0c267fff96d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c267fff96e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c267fff96f0: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa
  0x0c267fff9700: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c267fff9710: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==3381==ABORTING

Assignee:: Unassigned

Reporter:: Denis Shkirya

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: Jun 06 2016 10:36:13 AM UTC

Updated:: Jul 28 2016 04:11:40 PM UTC

Resolved:: Jun 07 2016 12:33:36 AM UTC

Details

Description

Attachments

Activity

People

Dates