#2 Stored map can lead to invalid read

Open
opened 6 years ago by yannweb · 2 comments
yannweb commented 6 years ago

Valgrind shows invalid read when loading some map.

Valgrind shows invalid read when loading some map.
yannweb commented 6 years ago
Owner

Server side :

# Reply PUT_EXT_MAP to 10.140.77.79
==4152== Thread 15:
==4152== Syscall param socketcall.sendto(msg) points to uninitialised byte(s)
==4152==    at 0x50CB61F: send (send.c:26)
==4152==    by 0x10EC01: inet_send (inet.c:1054)
==4152==    by 0x116219: pkt_send (pkts.c:383)
==4152==    by 0x116F61: send_rq (pkts.c:707)
==4152==    by 0x11D1B1: put_ext_map (hook.c:482)
==4152==    by 0x11764B: pkt_exec (pkts.c:891)
==4152==    by 0x128752: tcp_recv_loop (daemon.c:319)
==4152==    by 0x50C2493: start_thread (pthread_create.c:333)
==4152==  Address 0x5f4644c is 156 bytes inside a block of size 11,330 alloc'd
==4152==    at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
==4152==    by 0x155BEF: xmalloc (xmalloc.c:52)
==4152==    by 0x115CFA: pkt_pack (pkts.c:249)
==4152==    by 0x116027: pkt_send (pkts.c:357)
==4152==    by 0x116F61: send_rq (pkts.c:707)
==4152==    by 0x11D1B1: put_ext_map (hook.c:482)
==4152==    by 0x11764B: pkt_exec (pkts.c:891)
==4152==    by 0x128752: tcp_recv_loop (daemon.c:319)
==4152==    by 0x50C2493: start_thread (pthread_create.c:333)
==4152== 
# Reply PUT_INT_MAP to 10.140.77.79

Client side

# Quest GET_EXT_MAP to 10.140.77.98
# Receiving reply for the GET_EXT_MAP request (id 0x288d14b2)
==8679== Invalid read of size 4
==8679==    at 0x110A2A: store_rnode_block (map.c:547)
==8679==    by 0x113ABD: gmap_store_rblock (gmap.c:1231)
==8679==    by 0x113C07: extmap_store_rblock (gmap.c:1281)
==8679==    by 0x1143AD: unpack_extmap (gmap.c:1487)
==8679==    by 0x11D319: get_ext_map (hook.c:520)
==8679==    by 0x11F00D: hook_get_ext_map (hook.c:1334)
==8679==    by 0x11FB87: netsukuku_hook (hook.c:1664)
==8679==    by 0x155AFD: main (netsukuku.c:896)
==8679==  Address 0x5f290f9 is 0 bytes after a block of size 11,305 alloc'd
==8679==    at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
==8679==    by 0x155C14: xmalloc (xmalloc.c:52)
==8679==    by 0x115E64: pkt_uncompress (pkts.c:299)
==8679==    by 0x115F82: pkt_unpack (pkts.c:330)
==8679==    by 0x1167FA: pkt_recv (pkts.c:516)
==8679==    by 0x11717C: send_rq (pkts.c:748)
==8679==    by 0x118E56: rnl_send_rq (radar.c:535)
==8679==    by 0x11D2E1: get_ext_map (hook.c:512)
==8679==    by 0x11F00D: hook_get_ext_map (hook.c:1334)
==8679==    by 0x11FB87: netsukuku_hook (hook.c:1664)
==8679==    by 0x155AFD: main (netsukuku.c:896)
==8679== 
Server side : <pre> # Reply PUT_EXT_MAP to 10.140.77.79 ==4152== Thread 15: ==4152== Syscall param socketcall.sendto(msg) points to uninitialised byte(s) ==4152== at 0x50CB61F: send (send.c:26) ==4152== by 0x10EC01: inet_send (inet.c:1054) ==4152== by 0x116219: pkt_send (pkts.c:383) ==4152== by 0x116F61: send_rq (pkts.c:707) ==4152== by 0x11D1B1: put_ext_map (hook.c:482) ==4152== by 0x11764B: pkt_exec (pkts.c:891) ==4152== by 0x128752: tcp_recv_loop (daemon.c:319) ==4152== by 0x50C2493: start_thread (pthread_create.c:333) ==4152== Address 0x5f4644c is 156 bytes inside a block of size 11,330 alloc'd ==4152== at 0x4C2BBAF: malloc (vg_replace_malloc.c:299) ==4152== by 0x155BEF: xmalloc (xmalloc.c:52) ==4152== by 0x115CFA: pkt_pack (pkts.c:249) ==4152== by 0x116027: pkt_send (pkts.c:357) ==4152== by 0x116F61: send_rq (pkts.c:707) ==4152== by 0x11D1B1: put_ext_map (hook.c:482) ==4152== by 0x11764B: pkt_exec (pkts.c:891) ==4152== by 0x128752: tcp_recv_loop (daemon.c:319) ==4152== by 0x50C2493: start_thread (pthread_create.c:333) ==4152== # Reply PUT_INT_MAP to 10.140.77.79 </pre> Client side <pre> # Quest GET_EXT_MAP to 10.140.77.98 # Receiving reply for the GET_EXT_MAP request (id 0x288d14b2) ==8679== Invalid read of size 4 ==8679== at 0x110A2A: store_rnode_block (map.c:547) ==8679== by 0x113ABD: gmap_store_rblock (gmap.c:1231) ==8679== by 0x113C07: extmap_store_rblock (gmap.c:1281) ==8679== by 0x1143AD: unpack_extmap (gmap.c:1487) ==8679== by 0x11D319: get_ext_map (hook.c:520) ==8679== by 0x11F00D: hook_get_ext_map (hook.c:1334) ==8679== by 0x11FB87: netsukuku_hook (hook.c:1664) ==8679== by 0x155AFD: main (netsukuku.c:896) ==8679== Address 0x5f290f9 is 0 bytes after a block of size 11,305 alloc'd ==8679== at 0x4C2BBAF: malloc (vg_replace_malloc.c:299) ==8679== by 0x155C14: xmalloc (xmalloc.c:52) ==8679== by 0x115E64: pkt_uncompress (pkts.c:299) ==8679== by 0x115F82: pkt_unpack (pkts.c:330) ==8679== by 0x1167FA: pkt_recv (pkts.c:516) ==8679== by 0x11717C: send_rq (pkts.c:748) ==8679== by 0x118E56: rnl_send_rq (radar.c:535) ==8679== by 0x11D2E1: get_ext_map (hook.c:512) ==8679== by 0x11F00D: hook_get_ext_map (hook.c:1334) ==8679== by 0x11FB87: netsukuku_hook (hook.c:1664) ==8679== by 0x155AFD: main (netsukuku.c:896) ==8679== </pre>
yannweb commented 6 years ago
Owner

Seems to append during map write after a sigterm is received :

^C# Saving the internal map
==9167== Invalid write of size 4
==9167==    at 0x1107A6: get_rnode_block (map.c:480)
==9167==    by 0x110911: map_get_rblock (map.c:516)
==9167==    by 0x110CCE: pack_map (map.c:663)
==9167==    by 0x111091: save_map (map.c:772)
==9167==    by 0x153756: ntk_save_maps (netsukuku.c:134)
==9167==    by 0x155617: destroy_netsukuku (netsukuku.c:722)
==9167==    by 0x1556A0: sigterm_handler (netsukuku.c:747)
==9167==    by 0x598905F: ??? (in /lib/x86_64-linux-gnu/libc-2.24.so)
==9167==    by 0x5A0E28C: ??? (syscall-template.S:84)
==9167==    by 0x5A37B83: usleep (usleep.c:32)
==9167==    by 0x156C6D: xtimer (misc.c:290)
==9167==    by 0x11B6A8: radar_scan (radar.c:1493)
==9167==  Address 0x5f441f8 is 0 bytes after a block of size 24 alloc’d
==9167==    at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
==9167==    by 0x155BF8: xmalloc (xmalloc.c:52)
==9167==    by 0x1108D3: map_get_rblock (map.c:513)
==9167==    by 0x110CCE: pack_map (map.c:663)
==9167==    by 0x111091: save_map (map.c:772)
==9167==    by 0x153756: ntk_save_maps (netsukuku.c:134)
==9167==    by 0x155617: destroy_netsukuku (netsukuku.c:722)
==9167==    by 0x1556A0: sigterm_handler (netsukuku.c:747)
==9167==    by 0x598905F: ??? (in /lib/x86_64-linux-gnu/libc-2.24.so)
==9167==    by 0x5A0E28C: ??? (syscall-template.S:84)
==9167==    by 0x5A37B83: usleep (usleep.c:32)
==9167==    by 0x156C6D: xtimer (misc.c:290)

Seems to append during map write after a sigterm is received : <pre> ^C# Saving the internal map ==9167== Invalid write of size 4 ==9167== at 0x1107A6: get_rnode_block (map.c:480) ==9167== by 0x110911: map_get_rblock (map.c:516) ==9167== by 0x110CCE: pack_map (map.c:663) ==9167== by 0x111091: save_map (map.c:772) ==9167== by 0x153756: ntk_save_maps (netsukuku.c:134) ==9167== by 0x155617: destroy_netsukuku (netsukuku.c:722) ==9167== by 0x1556A0: sigterm_handler (netsukuku.c:747) ==9167== by 0x598905F: ??? (in /lib/x86_64-linux-gnu/libc-2.24.so) ==9167== by 0x5A0E28C: ??? (syscall-template.S:84) ==9167== by 0x5A37B83: usleep (usleep.c:32) ==9167== by 0x156C6D: xtimer (misc.c:290) ==9167== by 0x11B6A8: radar_scan (radar.c:1493) ==9167== Address 0x5f441f8 is 0 bytes after a block of size 24 alloc'd ==9167== at 0x4C2BBAF: malloc (vg_replace_malloc.c:299) ==9167== by 0x155BF8: xmalloc (xmalloc.c:52) ==9167== by 0x1108D3: map_get_rblock (map.c:513) ==9167== by 0x110CCE: pack_map (map.c:663) ==9167== by 0x111091: save_map (map.c:772) ==9167== by 0x153756: ntk_save_maps (netsukuku.c:134) ==9167== by 0x155617: destroy_netsukuku (netsukuku.c:722) ==9167== by 0x1556A0: sigterm_handler (netsukuku.c:747) ==9167== by 0x598905F: ??? (in /lib/x86_64-linux-gnu/libc-2.24.so) ==9167== by 0x5A0E28C: ??? (syscall-template.S:84) ==9167== by 0x5A37B83: usleep (usleep.c:32) ==9167== by 0x156C6D: xtimer (misc.c:290) </pre>
Sign in to join this conversation.
No Milestone
No Assignees
1 Participants
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
Cancel
Save
There is no content yet.