]> git.puffer.fish Git - mirror/frr.git/commit
projects / mirror / frr.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8d8f73e) | patch
bgpd: bmp, fix address sanitizer issue
authorPhilippe Guibert <philippe.guibert@6wind.com>
Tue, 29 Oct 2024 21:24:47 +0000 (22:24 +0100)
committerPhilippe Guibert <philippe.guibert@6wind.com>
Mon, 30 Dec 2024 14:13:37 +0000 (15:13 +0100)
commit9e940d4de35debfe0bb135492dc5448312ba0a2f
treef826e6c4e878b11cb02de9ce808b16288c0be721tree | snapshot
parent8d8f73eed0eae111eb7823c129fdd8ece22b48b6commit | diff
bgpd: bmp, fix address sanitizer issue

The following ASAN error can be seen.

> ERROR: AddressSanitizer: attempting to call malloc_usable_size() for pointer which is not owned: 0x608000036c20
>     #0 0x7f3d7a4b5425 in __interceptor_malloc_usable_size ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:198
>     #1 0x7f3d7a426a16 in __sanitizer::BufferedStackTrace::Unwind(unsigned long, unsigned long, void*, bool, unsigned int) ../../../../src/libsanitizer/sanitizer_common
> /sanitizer_stacktrace.h:122
>     #2 0x7f3d7a426a16 in __asan::asan_malloc_usable_size(void const*, unsigned long, unsigned long) ../../../../src/libsanitizer/asan/asan_allocator.cpp:1074
>     #3 0x7f3d7a03f330 in mt_count_free lib/memory.c:78
>     #4 0x7f3d7a03f330 in qfree lib/memory.c:130
>     #5 0x7f3d76ccf89b in bmp_peer_status_changed bgpd/bgp_bmp.c:982
>     #6 0x560ae2aa6a94 in hook_call_peer_status_changed bgpd/bgp_fsm.c:47
>     #7 0x560ae2aa6a94 in bgp_fsm_change_status bgpd/bgp_fsm.c:1287
>     #8 0x560ae2c4f2e5 in peer_delete bgpd/bgpd.c:2777
>     #9 0x560ae2c58d24 in bgp_delete bgpd/bgpd.c:4140
>     #10 0x560ae2bbb47e in no_router_bgp bgpd/bgp_vty.c:1764
>     #11 0x7f3d79fb74ed in cmd_execute_command_real lib/command.c:1003
>     #12 0x7f3d79fb78a3 in cmd_execute_command lib/command.c:1062
>     #13 0x7f3d79fb7e03 in cmd_execute lib/command.c:1228
>     #14 0x7f3d7a107b53 in vty_command lib/vty.c:625
>     #15 0x7f3d7a109902 in vty_execute lib/vty.c:1388
>     #16 0x7f3d7a10cc32 in vtysh_read lib/vty.c:2400
>     #17 0x7f3d7a0f848b in event_call lib/event.c:2019
>     #18 0x7f3d7a01e627 in frr_run lib/libfrr.c:1232
>     #19 0x560ae29e0037 in main bgpd/bgp_main.c:555
>     #20 0x7f3d79a29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
>     #21 0x7f3d79a29e3f in __libc_start_main_impl ../csu/libc-start.c:392
>     #22 0x560ae29e4ef4 in _start (/usr/lib/frr/bgpd+0x2eeef4)
>
> 0x608000036c20 is located 0 bytes inside of 81-byte region [0x608000036c20,0x608000036c71)
> freed by thread T0 here:
>     #0 0x7f3d7a4b4537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
>     #1 0x7f3d76ccf85f in bmp_peer_status_changed bgpd/bgp_bmp.c:981
>     #2 0x560ae2aa6a94 in hook_call_peer_status_changed bgpd/bgp_fsm.c:47
>     #3 0x560ae2aa6a94 in bgp_fsm_change_status bgpd/bgp_fsm.c:1287
>     #4 0x560ae2c4f2e5 in peer_delete bgpd/bgpd.c:2777
>     #5 0x560ae2c58d24 in bgp_delete bgpd/bgpd.c:4140
>     #6 0x560ae2bbb47e in no_router_bgp bgpd/bgp_vty.c:1764
>     #7 0x7f3d79fb74ed in cmd_execute_command_real lib/command.c:1003
>     #8 0x7f3d79fb78a3 in cmd_execute_command lib/command.c:1062
>     #9 0x7f3d79fb7e03 in cmd_execute lib/command.c:1228
>     #10 0x7f3d7a107b53 in vty_command lib/vty.c:625
>     #11 0x7f3d7a109902 in vty_execute lib/vty.c:1388
>     #12 0x7f3d7a10cc32 in vtysh_read lib/vty.c:2400
>     #13 0x7f3d7a0f848b in event_call lib/event.c:2019
>     #14 0x7f3d7a01e627 in frr_run lib/libfrr.c:1232
>     #15 0x560ae29e0037 in main bgpd/bgp_main.c:555
>     #16 0x7f3d79a29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
>
> previously allocated by thread T0 here:
>     #0 0x7f3d7a4b4887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
>     #1 0x7f3d7a03f0e9 in qmalloc lib/memory.c:101
>     #2 0x7f3d76cd0166 in bmp_bgp_peer_vrf bgpd/bgp_bmp.c:2194
>     #3 0x7f3d76cd0166 in bmp_bgp_update_vrf_status bgpd/bgp_bmp.c:2236
>     #4 0x7f3d76cd29b8 in bmp_vrf_state_changed bgpd/bgp_bmp.c:3479
>     #5 0x560ae2c45b34 in hook_call_bgp_instance_state bgpd/bgpd.c:88
>     #6 0x560ae2c4d158 in bgp_instance_up bgpd/bgpd.c:3936
>     #7 0x560ae29e5ed1 in bgp_vrf_enable bgpd/bgp_main.c:299
>     #8 0x7f3d7a0ff8b1 in vrf_enable lib/vrf.c:286
>     #9 0x7f3d7a0ff8b1 in vrf_enable lib/vrf.c:275
>     #10 0x7f3d7a12ab66 in zclient_vrf_add lib/zclient.c:2561
>     #11 0x7f3d7a12eb43 in zclient_read lib/zclient.c:4624
>     #12 0x7f3d7a0f848b in event_call lib/event.c:2019
>     #13 0x7f3d7a01e627 in frr_run lib/libfrr.c:1232
>     #14 0x560ae29e0037 in main bgpd/bgp_main.c:555
>     #15 0x7f3d79a29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
bgpd/bgp_bmp.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.