The Samba-Bugzilla – Attachment 15131 Details for
Bug 13935
AddressSanitizer: stack-use-after-scope in ndr_push_spoolss_SetPrinterInfo8
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
ASAN error report
asan_010.txt (text/plain), 4.29 KB, created by
Gary Lockyer
on 2019-05-08 22:20:16 UTC
(
hide
)
Description:
ASAN error report
Filename:
MIME Type:
Creator:
Gary Lockyer
Created:
2019-05-08 22:20:16 UTC
Size:
4.29 KB
patch
obsolete
>==27165==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffc12312b10 at pc 0x7f5f2219512b bp 0x7ffc123126e0 sp 0x7ffc123126d0 >READ of size 4 at 0x7ffc12312b10 thread T0 > #0 0x7f5f2219512a in ndr_push_spoolss_SetPrinterInfo8 librpc/gen_ndr/ndr_spoolss.c:8466 > #1 0x7f5f2219512a in ndr_push_spoolss_SetPrinterInfo librpc/gen_ndr/ndr_spoolss.c:8639 > #2 0x7f5f221c782a in ndr_push_spoolss_SetPrinterInfoCtr librpc/gen_ndr/ndr_spoolss.c:9002 > #3 0x7f5f221c7920 in ndr_push_spoolss_SetPrinter librpc/gen_ndr/ndr_spoolss.c:26360 > #4 0x7f5f29408c97 in dcerpc_binding_handle_call_send ../../librpc/rpc/binding_handle.c:416 > #5 0x7f5f2940929a in dcerpc_binding_handle_call ../../librpc/rpc/binding_handle.c:553 > #6 0x7f5f24f591d0 in dcerpc_spoolss_SetPrinter_r librpc/gen_ndr/ndr_spoolss_c.c:1722 > #7 0x55e0acb3dd50 in test_SetPrinter ../../source4/torture/rpc/spoolss.c:1293 > #8 0x55e0acb6c9d7 in test_devmode_set_level ../../source4/torture/rpc/spoolss.c:2126 > #9 0x55e0acb8db83 in test_PrinterInfo_DevModes ../../source4/torture/rpc/spoolss.c:2344 > #10 0x55e0acb8db83 in test_PrinterInfo_DevMode ../../source4/torture/rpc/spoolss.c:2489 > #11 0x55e0acb8db83 in test_printer_dm ../../source4/torture/rpc/spoolss.c:8883 > #12 0x7f5f260eef7e in wrap_test_with_simple_test ../../lib/torture/torture.c:732 > #13 0x7f5f260f095a in internal_torture_run_test ../../lib/torture/torture.c:442 > #14 0x7f5f260f1048 in torture_run_tcase_restricted ../../lib/torture/torture.c:507 > #15 0x7f5f260f1417 in torture_run_suite_restricted ../../lib/torture/torture.c:357 > #16 0x7f5f260f1644 in torture_run_suite ../../lib/torture/torture.c:339 > #17 0x55e0acd40d0e in run_matching ../../source4/torture/smbtorture.c:93 > #18 0x55e0acd40c58 in run_matching ../../source4/torture/smbtorture.c:95 > #19 0x55e0acd40c58 in run_matching ../../source4/torture/smbtorture.c:95 > #20 0x55e0acd41bc4 in torture_run_named_tests ../../source4/torture/smbtorture.c:143 > #21 0x55e0acd44e61 in main ../../source4/torture/smbtorture.c:691 > #22 0x7f5f20a45b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) > #23 0x55e0ac7999f9 in _start (/home/gary/projects/samba04/bin/default/source4/torture/smbtorture+0x4249f9) > >Address 0x7ffc12312b10 is located in stack of thread T0 at offset 32 in frame > #0 0x55e0acb6c5b5 in test_devmode_set_level ../../source4/torture/rpc/spoolss.c:2090 > > This frame has 6 object(s): > [32, 36) 'info8' <== Memory access at offset 32 is inside this variable > [96, 104) 'sinfo' > [160, 176) 'info_ctr' > [224, 240) 'devmode_ctr' > [288, 304) 'secdesc_ctr' > [352, 488) 'info' >HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext > (longjmp and C++ exceptions *are* supported) >SUMMARY: AddressSanitizer: stack-use-after-scope librpc/gen_ndr/ndr_spoolss.c:8466 in ndr_push_spoolss_SetPrinterInfo8 >Shadow bytes around the buggy address: > 0x10000245a510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x10000245a520: 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 00 00 00 00 > 0x10000245a530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x10000245a540: f1 f1 f1 f1 00 00 00 00 00 00 f2 f2 00 00 00 00 > 0x10000245a550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 >=>0x10000245a560: f1 f1[f8]f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 > 0x10000245a570: f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2 > 0x10000245a580: f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 > 0x10000245a590: 00 00 00 00 00 00 00 00 00 00 00 f2 f2 f2 00 00 > 0x10000245a5a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x10000245a5b0: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 >Shadow byte legend (one shadow byte represents 8 application bytes): > Addressable: 00 > Partially addressable: 01 02 03 04 05 06 07 > Heap left redzone: fa > Freed heap region: fd > Stack left redzone: f1 > Stack mid redzone: f2 > Stack right redzone: f3 > Stack after return: f5 > Stack use after scope: f8 > Global redzone: f9 > Global init order: f6 > Poisoned by user: f7 > Container overflow: fc > Array cookie: ac > Intra object redzone: bb > ASan internal: fe > Left alloca redzone: ca > Right alloca redzone: cb > >Reproducer: > make TESTS="samba3.rpc.spoolss.printer" test >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13935
: 15131