Skip to content

ASAN (Windows): heap-use-after-free in get_interface_index #576

New issue
New issue
Open
Open
ASAN (Windows): heap-use-after-free in get_interface_index#576
Labels
apibugSomething isn't workingwindowsissue on windows
@Danielius1922

Description

@Danielius1922
Danielius1922
opened on Dec 1, 2023

Replication steps:

  1. build on MSYS2 with clang and address sanitizer enabled
  2. run unit tests
==6404==ERROR: AddressSanitizer: heap-use-after-free on address 0x11aec85a1448 at pc 0x7ff67f28378b bp 0x007a0f59c4e0 sp 0x007a0f59c528
1: READ of size 4 at 0x11aec85a1448 thread T0
1:     #0 0x7ff67f28378a in get_interface_index D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:152:23
1:     #1 0x7ff67f280c75 in add_new_session_locked D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:216:19
1:     #2 0x7ff67f26074b in initiate_new_session_locked D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:365:7
1:     #3 0x7ff67f25cff3 in oc_tcp_send_buffer D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:393:22
1:     #4 0x7ff67edd102f in oc_send_buffer D:/a/iotivity-lite/iotivity-lite/port/windows/ipadapter.c:1140:12
1:     #5 0x7ff67eba6dbf in handle_outbound_network_event D:/a/iotivity-lite/iotivity-lite/api/oc_message_buffer.c:151:7
1:     #6 0x7ff67eba2186 in process_thread_oc_message_buffer_handler D:/a/iotivity-lite/iotivity-lite/api/oc_message_buffer.c:182:7
1:     #7 0x7ff67eafd8ac in call_process D:/a/iotivity-lite/iotivity-lite/util/oc_process.c:224:16
1:     #8 0x7ff67eafc0a4 in do_event D:/a/iotivity-lite/iotivity-lite/util/oc_process.c:341:5
1:     #9 0x7ff67eafb82e in oc_process_run D:/a/iotivity-lite/iotivity-lite/util/oc_process.c:354:3
1:     #10 0x7ff67eb9cd2f in oc_main_poll_v1 D:/a/iotivity-lite/iotivity-lite/api/oc_main.c:389:10
1:     #11 0x7ff67e3cf8f3 in oc::Device::PoolEventsMs(unsigned long long, bool) D:/a/iotivity-lite/iotivity-lite/tests/gtest/Device.cpp:221:34
1:     #12 0x7ff67e3d6493 in oc::TestDevice::PoolEventsMsV1(std::__1::chrono::duration<long long, std::__1::ratio<1ll, 1000ll>>, bool) D:/a/iotivity-lite/iotivity-lite/tests/gtest/Device.h:161:12
1:     #13 0x7ff67eaa05d1 in TestResourceWithDevice_BaselineInterfaceProperties_Test::TestBody() D:/a/iotivity-lite/iotivity-lite/api/unittest/resourcetest.cpp:648:3
1:     #14 0x7ff67f13ba49 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2078:10
1:     #15 0x7ff67f0f71bc in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2114:14
1:     #16 0x7ff67f099a7b in testing::Test::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2150:5
1:     #17 0x7ff67f09ccc5 in testing::TestInfo::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2326:11
1:     #18 0x7ff67f09f0ff in testing::TestCase::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2444:28
1:     #19 0x7ff67f0bf50a in testing::internal::UnitTestImpl::RunAllTests() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:4315:43
1:     #20 0x7ff67f159a99 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2078:10
1:     #21 0x7ff67f10149c in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2114:14
1:     #22 0x7ff67f0bd451 in testing::UnitTest::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:3926:10
1:     #23 0x7ff67efb3f22 in RUN_ALL_TESTS() D:/a/iotivity-lite/iotivity-lite/deps/gtest/include/gtest/gtest.h:2288:46
1:     #24 0x7ff67efb3db2 in main D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest_main.cc:37:10
1:     #25 0x7ff67e361314 in __tmainCRTStartup C:/M/B/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:[267](https://github.com/iotivity/iotivity-lite/actions/runs/7050231085/job/19190453935#step:5:268):15
1:     #26 0x7ff67e361365 in .l_start C:/M/B/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:188:9
1:     #27 0x7ff8a11d4ddf  (C:\Windows\System32\KERNEL32.DLL+0x180014ddf)
1:     #28 0x7ff8a315ed9a  (C:\Windows\SYSTEM32\ntdll.dll+0x18007ed9a)
1: 
1: 0x11aec85a1448 is located 136 bytes inside of 144-byte region [0x11aec85a13c0,0x11aec85a1450)
1: freed by thread T0 here:
1:     #0 0x7ff86f4d3ef1 in free (D:\a\_temp\msys64\clang64\bin\libclang_rt.asan_dynamic-x86_64.dll+0x180043ef1)
1:     #1 0x7ff67f29fd3f in free_network_addresses D:/a/iotivity-lite/iotivity-lite/port/windows/network_addresses.c:184:5
1:     #2 0x7ff67f2836c1 in get_interface_index D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:151:9
1:     #3 0x7ff67f[280](https://github.com/iotivity/iotivity-lite/actions/runs/7050231085/job/19190453935#step:5:281)c75 in add_new_session_locked D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:216:19
1:     #4 0x7ff67f26074b in initiate_new_session_locked D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:365:7
1:     #5 0x7ff67f25cff3 in oc_tcp_send_buffer D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:393:22
1:     #6 0x7ff67edd102f in oc_send_buffer D:/a/iotivity-lite/iotivity-lite/port/windows/ipadapter.c:1140:12
1:     #7 0x7ff67eba6dbf in handle_outbound_network_event D:/a/iotivity-lite/iotivity-lite/api/oc_message_buffer.c:151:7
1:     #8 0x7ff67eba2186 in process_thread_oc_message_buffer_handler D:/a/iotivity-lite/iotivity-lite/api/oc_message_buffer.c:182:7
1:     #9 0x7ff67eafd8ac in call_process D:/a/iotivity-lite/iotivity-lite/util/oc_process.c:224:16
1:     #10 0x7ff67eafc0a4 in do_event D:/a/iotivity-lite/iotivity-lite/util/oc_process.c:341:5
1:     #11 0x7ff67eafb82e in oc_process_run D:/a/iotivity-lite/iotivity-lite/util/oc_process.c:354:3
1:     #12 0x7ff67eb9cd2f in oc_main_poll_v1 D:/a/iotivity-lite/iotivity-lite/api/oc_main.c:389:10
1:     #13 0x7ff67e3cf8f3 in oc::Device::PoolEventsMs(unsigned long long, bool) D:/a/iotivity-lite/iotivity-lite/tests/gtest/Device.cpp:221:34
1:     #14 0x7ff67e3d6493 in oc::TestDevice::PoolEventsMsV1(std::__1::chrono::duration<long long, std::__1::ratio<1ll, 1000ll>>, bool) D:/a/iotivity-lite/iotivity-lite/tests/gtest/Device.h:161:12
1:     #15 0x7ff67eaa05d1 in TestResourceWithDevice_BaselineInterfaceProperties_Test::TestBody() D:/a/iotivity-lite/iotivity-lite/api/unittest/resourcetest.cpp:648:3
1:     #16 0x7ff67f13ba49 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2078:10
1:     #17 0x7ff67f0f71bc in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2114:14
1:     #18 0x7ff67f099a7b in testing::Test::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2150:5
1:     #19 0x7ff67f09ccc5 in testing::TestInfo::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2326:11
1:     #20 0x7ff67f09f0ff in testing::TestCase::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2444:28
1:     #21 0x7ff67f0bf50a in testing::internal::UnitTestImpl::RunAllTests() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:4315:43
1:     #22 0x7ff67f159a99 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2078:10
1:     #23 0x7ff67f10149c in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2114:14
1:     #24 0x7ff67f0bd451 in testing::UnitTest::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:3926:10
1:     #25 0x7ff67efb3f22 in RUN_ALL_TESTS() D:/a/iotivity-lite/iotivity-lite/deps/gtest/include/gtest/gtest.h:2288:46
1:     #26 0x7ff67efb3db2 in main D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest_main.cc:37:10
1:     #27 0x7ff67e361314 in __tmainCRTStartup C:/M/B/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:267:15
1: 
1: previously allocated by thread T0 here:
1:     #0 0x7ff86f4d4126 in calloc (D:\a\_temp\msys64\clang64\bin\libclang_rt.asan_dynamic-x86_64.dll+0x180044126)
1:     #1 0x7ff67f29ce6a in get_network_addresses D:/a/iotivity-lite/iotivity-lite/port/windows/network_addresses.c:96:18
1:     #2 0x7ff67f[282](https://github.com/iotivity/iotivity-lite/actions/runs/7050231085/job/19190453935#step:5:283)d9f in get_interface_index D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:133:27
1:     #3 0x7ff67f280c75 in add_new_session_locked D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:216:19
1:     #4 0x7ff67f26074b in initiate_new_session_locked D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:365:7
1:     #5 0x7ff67f25cff3 in oc_tcp_send_buffer D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:393:22
1:     #6 0x7ff67edd102f in oc_send_buffer D:/a/iotivity-lite/iotivity-lite/port/windows/ipadapter.c:1140:12
1:     #7 0x7ff67eba6dbf in handle_outbound_network_event D:/a/iotivity-lite/iotivity-lite/api/oc_message_buffer.c:151:7
1:     #8 0x7ff67eba2186 in process_thread_oc_message_buffer_handler D:/a/iotivity-lite/iotivity-lite/api/oc_message_buffer.c:182:7
1:     #9 0x7ff67eafd8ac in call_process D:/a/iotivity-lite/iotivity-lite/util/oc_process.c:224:16
1:     #10 0x7ff67eafc0a4 in do_event D:/a/iotivity-lite/iotivity-lite/util/oc_process.c:341:5
1:     #11 0x7ff67eafb82e in oc_process_run D:/a/iotivity-lite/iotivity-lite/util/oc_process.c:354:3
1:     #12 0x7ff67eb9cd2f in oc_main_poll_v1 D:/a/iotivity-lite/iotivity-lite/api/oc_main.c:389:10
1:     #13 0x7ff67e3cf8f3 in oc::Device::PoolEventsMs(unsigned long long, bool) D:/a/iotivity-lite/iotivity-lite/tests/gtest/Device.cpp:221:34
1:     #14 0x7ff67e3d6493 in oc::TestDevice::PoolEventsMsV1(std::__1::chrono::duration<long long, std::__1::ratio<1ll, 1000ll>>, bool) D:/a/iotivity-lite/iotivity-lite/tests/gtest/Device.h:161:12
1:     #15 0x7ff67eaa05d1 in TestResourceWithDevice_BaselineInterfaceProperties_Test::TestBody() D:/a/iotivity-lite/iotivity-lite/api/unittest/resourcetest.cpp:648:3
1:     #16 0x7ff67f13ba49 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2078:10
1:     #17 0x7ff67f0f71bc in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2114:14
1:     #18 0x7ff67f099a7b in testing::Test::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2150:5
1:     #19 0x7ff67f09ccc5 in testing::TestInfo::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2326:11
1:     #20 0x7ff67f09f0ff in testing::TestCase::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2444:28
1:     #21 0x7ff67f0bf50a in testing::internal::UnitTestImpl::RunAllTests() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:4315:43
1:     #22 0x7ff67f159a99 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2078:10
1:     #23 0x7ff67f10149c in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:2114:14
1:     #24 0x7ff67f0bd451 in testing::UnitTest::Run() D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest.cc:3926:10
1:     #25 0x7ff67efb3f22 in RUN_ALL_TESTS() D:/a/iotivity-lite/iotivity-lite/deps/gtest/include/gtest/gtest.h:2[288](https://github.com/iotivity/iotivity-lite/actions/runs/7050231085/job/19190453935#step:5:289):46
1:     #26 0x7ff67efb3db2 in main D:/a/iotivity-lite/iotivity-lite/deps/gtest/src/gtest_main.cc:37:10
1:     #27 0x7ff67e361[314](https://github.com/iotivity/iotivity-lite/actions/runs/7050231085/job/19190453935#step:5:315) in __tmainCRTStartup C:/M/B/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:267:15
1: 
1: SUMMARY: AddressSanitizer: heap-use-after-free D:/a/iotivity-lite/iotivity-lite/port/windows/tcpadapter.c:152:23 in get_interface_index

Metadata

Metadata

Assignees

No one assigned

    Labels

    apibugSomething isn't workingwindowsissue on windows

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions