-
Notifications
You must be signed in to change notification settings - Fork 525
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
macOS test error #2297
Comments
D: 24-08-08 15:56:39 zloop: call PAIR socket handler
OK
* zmsg: OK
* zpoller: OK
* zsock:
=================================================================
==48564==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ff7bfefe3f0 at pc 0x00010030f578 bp 0x7ff7bfefdb90 sp 0x7ff7bfefdb88
READ of size 4 at 0x7ff7bfefe3f0 thread T0
#0 0x10030f577 in zmq::socket_base_t::check_tag() const+0x57 (tests_net_zmq.exe:x86_64+0x10030f577)
#1 0x100350987 in as_socket_base_t(void*)+0x27 (tests_net_zmq.exe:x86_64+0x100350987)
#2 0x100350aaf in zmq_getsockopt+0x1f (tests_net_zmq.exe:x86_64+0x100350aaf)
#3 0x100145b9a in zsock_resolve+0x21a (tests_net_zmq.exe:x86_64+0x100145b9a)
#4 0x10017b903 in zsock_test+0x1003 (tests_net_zmq.exe:x86_64+0x10017b903)
#5 0x10006fa45 in main+0xb5 (tests_net_zmq.exe:x86_64+0x10006fa45)
#6 0x7ff8117e141e in start+0x76e (dyld:x86_64+0xfffffffffff6e41e)
Address 0x7ff7bfefe3f0 is located in stack of thread T0 at offset 1584 in frame
#0 0x10017a90f in zsock_test+0xf (tests_net_zmq.exe:x86_64+0x10017a90f)
This frame has 55 object(s):
[32, 40) 'writer' (line 1898)
[64, 104) 'endpoint' (line 1919)
[144, 152) 'reader' (line 1924)
[176, 184) 'msg' (line 1933)
[208, 216) 'string' (line 1935)
[240, 248) 'resolve' (line 1954)
[272, 276) 'fd' (line 1960)
[288, 296) 'dealer' (line 1983)
[320, 321) 'number1' (line 2012)
[336, 338) 'number2' (line 2013)
[352, 356) 'number4' (line 2014)
[368, 372) 'number4_MAX' (line 2016)
[384, 392) 'number8' (line 2017)
[416, 424) 'number8_MAX' (line 2020)
[448, 456) 'chunk' (line 2022)
[480, 488) 'frame' (line 2024)
[512, 520) 'hash' (line 2026)
[544, 552) 'uuid' (line 2032)
[576, 580) 'integer' (line 2069)
[592, 600) 'data' (line 2070)
[624, 632) 'size' (line 2071)
[656, 664) 'pointer' (line 2072)
[688, 696) 'longstr' (line 2187)
[720, 728) 'streamrecv' (line 2206)
[752, 760) 'streamsender' (line 2211)
[784, 792) 'connectmsg' (line 2216)
[816, 824) 'id' (line 2217)
[848, 856) 'empty' (line 2221)
[880, 888) 'connectmsg2' (line 2228)
[912, 920) 'id2' (line 2229)
[944, 952) 'empty2' (line 2233)
[976, 1232) 'rid' (line 2241)
[1296, 1304) 'rid_size' (line 2242)
[1328, 1336) 'request' (line 2245)
[1360, 1368) 'recvreq' (line 2255)
[1392, 1400) 'ridframe' (line 2257)
[1424, 1432) 'httpreq' (line 2260)
[1456, 1515) 'http_response' (line 2266)
[1552, 1560) 'httpmsg' (line 2279)
[1584, 1592) 'httpid' (line 2281) <== Memory access at offset 1584 is inside this variable
[1616, 1624) 'httpresp' (line 2283)
[1648, 1656) 'disconnectmsg' (line 2291)
[1680, 1688) 'id3' (line 2292)
[1712, 1720) 'empty3' (line 2295)
[1744, 1752) 'server' (line 2310)
[1776, 1784) 'client' (line 2314)
[1808, 1816) 'gather' (line 2390)
[1840, 1848) 'scatter' (line 2392)
[1872, 1880) 'message' (line 2398)
[1904, 1912) 'gossip' (line 2442)
[1936, 1944) 'dgramr' (line 2452)
[1968, 1976) 'dgrams' (line 2456)
[2000, 2008) 'dmessage' (line 2467)
[2032, 2040) 'addr' (line 2467)
[2064, 2072) 'dmsg' (line 2469)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope (tests_net_zmq.exe:x86_64+0x10030f577) in zmq::socket_base_t::check_tag() const+0x57
Shadow bytes around the buggy address:
0x7ff7bfefe100: f2 f2 f8 f2 f2 f2 f8 f2 f2 f2 f8 f2 f2 f2 f8 f2
0x7ff7bfefe180: f2 f2 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
0x7ff7bfefe200: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
0x7ff7bfefe280: f8 f8 f2 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f8 f2
0x7ff7bfefe300: f2 f2 f8 f2 f2 f2 f8 f2 f2 f2 f8 f2 f2 f2 f8 f8
=>0x7ff7bfefe380: f8 f8 f8 f8 f8 f8 f2 f2 f2 f2 f8 f2 f2 f2[f8]f2
0x7ff7bfefe400: f2 f2 f8 f2 f2 f2 f8 f2 f2 f2 f8 f2 f2 f2 f8 f2
0x7ff7bfefe480: f2 f2 f8 f2 f2 f2 f8 f2 f2 f2 f8 f2 f2 f2 f8 f2
0x7ff7bfefe500: f2 f2 f8 f2 f2 f2 f8 f2 f2 f2 f8 f2 f2 f2 f8 f2
0x7ff7bfefe580: f2 f2 f8 f2 f2 f2 f8 f2 f2 f2 f8 f3 f3 f3 f3 f3
0x7ff7bfefe600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==48564==ABORTING
|
this patch fix it: diff --git a/src/zchunk.c b/src/zchunk.c
index e53fb258..7ac01310 100644
--- a/src/zchunk.c
+++ b/src/zchunk.c
@@ -62,6 +62,10 @@ zchunk_new (const void *data, size_t size)
if (data) {
self->size = size;
memcpy (self->data, data, self->size);
+ } else {
+ if( size > 0 ) {
+ self->data[0] = 0;
+ }
}
}
return self;
@@ -181,6 +185,9 @@ zchunk_data (zchunk_t *self)
{
assert (self);
assert (zchunk_is (self));
+ if( self->size < 1 ) {
+ return NULL;
+ }
return self->data;
} |
Can you create a PR? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
test commit it: 349564d
test with zmq v4.3.5, and zeromq/libzmq@b95d949
The text was updated successfully, but these errors were encountered: