laumann/ani - Discussion #16 - make check2: AddressSanitizer: heap-use-after-free on address 0x618000000140

#16 make check2: AddressSanitizer: heap-use-after-free on address 0x618000000140

Opened by laumann on June 15, 2024

laumann on June 15, 2024

Running make check2 today produced the following output:

==20701==ERROR: AddressSanitizer: heap-use-after-free on address 0x618000000140 at pc 0x55a5c4173512 bp 0x7ffca43d7bd0 sp 0x7ffca43d7bc0
READ of size 8 at 0x618000000140 thread T0
    #0 0x55a5c4173511 in print_change ../change.c:797
    #1 0x55a5c4173bc8 in change ../change.c:1185
    #2 0x55a5c4173d81 in cmd_change ../change.c:1246
    #3 0x55a5c416e7c5 in cmd_main ../ani.c:84
    #4 0x55a5c416e933 in main ../ani.c:96
    #5 0x7fac05e92f49 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #6 0x7fac05e93004 in __libc_start_main_impl ../csu/libc-start.c:360
    #7 0x55a5c416e560 in _start (/home/t/sources/pijul/ani/build/ani+0x5560)

0x618000000140 is located 192 bytes inside of 864-byte region [0x618000000080,0x6180000003e0)
freed by thread T0 here:
    #0 0x7fac061f5a50  (/usr/lib/gcc/x86_64-pc-linux-gnu/13/libasan.so.8+0xdba50)
    #1 0x55a5c416f546 in xrealloc ../scaffold.c:62

previously allocated by thread T0 here:
    #0 0x7fac061f6c3f in __interceptor_malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/13/libasan.so.8+0xdcc3f)
    #1 0x55a5c416f50b in xmalloc ../scaffold.c:49

SUMMARY: AddressSanitizer: heap-use-after-free ../change.c:797 in print_change
Shadow bytes around the buggy address:
  0x617ffffffe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x617fffffff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x617fffffff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x618000000000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x618000000080: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x618000000100: fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd
  0x618000000180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x618000000200: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x618000000280: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x618000000300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x618000000380: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==20701==ABORTING
make: *** [Makefile:30: check2] Error 1

laumann added a change on July 18, 2024

change: fix potential heap use-after-free created on July 17, 2024

PYNIQ644Z3Y3ADNE642GCJUJLUQRYZKHZ7ERKVDVLRTBPZPHQWMQC