Attachment 15131 Details for Bug 13935 – ASAN error report

ASAN error report

asan_010.txt (text/plain), 4.29 KB, created by Gary Lockyer on 2019-05-08 22:20:16 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Gary Lockyer

Created: 2019-05-08 22:20:16 UTC

Size: 4.29 KB

patch

obsolete

>==27165==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffc12312b10 at pc 0x7f5f2219512b bp 0x7ffc123126e0 sp 0x7ffc123126d0
>READ of size 4 at 0x7ffc12312b10 thread T0
>    #0 0x7f5f2219512a in ndr_push_spoolss_SetPrinterInfo8 librpc/gen_ndr/ndr_spoolss.c:8466
>    #1 0x7f5f2219512a in ndr_push_spoolss_SetPrinterInfo librpc/gen_ndr/ndr_spoolss.c:8639
>    #2 0x7f5f221c782a in ndr_push_spoolss_SetPrinterInfoCtr librpc/gen_ndr/ndr_spoolss.c:9002
>    #3 0x7f5f221c7920 in ndr_push_spoolss_SetPrinter librpc/gen_ndr/ndr_spoolss.c:26360
>    #4 0x7f5f29408c97 in dcerpc_binding_handle_call_send ../../librpc/rpc/binding_handle.c:416
>    #5 0x7f5f2940929a in dcerpc_binding_handle_call ../../librpc/rpc/binding_handle.c:553
>    #6 0x7f5f24f591d0 in dcerpc_spoolss_SetPrinter_r librpc/gen_ndr/ndr_spoolss_c.c:1722
>    #7 0x55e0acb3dd50 in test_SetPrinter ../../source4/torture/rpc/spoolss.c:1293
>    #8 0x55e0acb6c9d7 in test_devmode_set_level ../../source4/torture/rpc/spoolss.c:2126
>    #9 0x55e0acb8db83 in test_PrinterInfo_DevModes ../../source4/torture/rpc/spoolss.c:2344
>    #10 0x55e0acb8db83 in test_PrinterInfo_DevMode ../../source4/torture/rpc/spoolss.c:2489
>    #11 0x55e0acb8db83 in test_printer_dm ../../source4/torture/rpc/spoolss.c:8883
>    #12 0x7f5f260eef7e in wrap_test_with_simple_test ../../lib/torture/torture.c:732
>    #13 0x7f5f260f095a in internal_torture_run_test ../../lib/torture/torture.c:442
>    #14 0x7f5f260f1048 in torture_run_tcase_restricted ../../lib/torture/torture.c:507
>    #15 0x7f5f260f1417 in torture_run_suite_restricted ../../lib/torture/torture.c:357
>    #16 0x7f5f260f1644 in torture_run_suite ../../lib/torture/torture.c:339
>    #17 0x55e0acd40d0e in run_matching ../../source4/torture/smbtorture.c:93
>    #18 0x55e0acd40c58 in run_matching ../../source4/torture/smbtorture.c:95
>    #19 0x55e0acd40c58 in run_matching ../../source4/torture/smbtorture.c:95
>    #20 0x55e0acd41bc4 in torture_run_named_tests ../../source4/torture/smbtorture.c:143
>    #21 0x55e0acd44e61 in main ../../source4/torture/smbtorture.c:691
>    #22 0x7f5f20a45b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
>    #23 0x55e0ac7999f9 in _start (/home/gary/projects/samba04/bin/default/source4/torture/smbtorture+0x4249f9)
>
>Address 0x7ffc12312b10 is located in stack of thread T0 at offset 32 in frame
>    #0 0x55e0acb6c5b5 in test_devmode_set_level ../../source4/torture/rpc/spoolss.c:2090
>
>  This frame has 6 object(s):
>    [32, 36) 'info8' <== Memory access at offset 32 is inside this variable
>    [96, 104) 'sinfo'
>    [160, 176) 'info_ctr'
>    [224, 240) 'devmode_ctr'
>    [288, 304) 'secdesc_ctr'
>    [352, 488) 'info'
>HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
>      (longjmp and C++ exceptions *are* supported)
>SUMMARY: AddressSanitizer: stack-use-after-scope librpc/gen_ndr/ndr_spoolss.c:8466 in ndr_push_spoolss_SetPrinterInfo8
>Shadow bytes around the buggy address:
>  0x10000245a510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>  0x10000245a520: 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 00 00 00 00
>  0x10000245a530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>  0x10000245a540: f1 f1 f1 f1 00 00 00 00 00 00 f2 f2 00 00 00 00
>  0x10000245a550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
>=>0x10000245a560: f1 f1[f8]f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2
>  0x10000245a570: f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2
>  0x10000245a580: f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00
>  0x10000245a590: 00 00 00 00 00 00 00 00 00 00 00 f2 f2 f2 00 00
>  0x10000245a5a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>  0x10000245a5b0: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00
>Shadow byte legend (one shadow byte represents 8 application bytes):
>  Addressable:           00
>  Partially addressable: 01 02 03 04 05 06 07 
>  Heap left redzone:       fa
>  Freed heap region:       fd
>  Stack left redzone:      f1
>  Stack mid redzone:       f2
>  Stack right redzone:     f3
>  Stack after return:      f5
>  Stack use after scope:   f8
>  Global redzone:          f9
>  Global init order:       f6
>  Poisoned by user:        f7
>  Container overflow:      fc
>  Array cookie:            ac
>  Intra object redzone:    bb
>  ASan internal:           fe
>  Left alloca redzone:     ca
>  Right alloca redzone:    cb
>
>Reproducer:
>  make TESTS="samba3.rpc.spoolss.printer" test
>

Actions: View

Attachments on bug 13935: 15131