Mir

Overflow in mir::client::rpc::MirSocketRpcChannel::receive_file_descriptors as reported by address sanitizer

Bug #1320821 reported by Jussi Pakkanen
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mir
Fix Released
High
Alexandros Frantzis
Mir 0.2.0
mir (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

When compiling Mir with trunk Clang and using the address sanitizer, it reports the following issue:

---------

[==========] Running 8 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 8 tests from BespokeDisplayServerTestFixture
[ RUN ] BespokeDisplayServerTestFixture.sessions_creating_surface_receive_focus
=================================================================
==20349==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6030000046a4 at pc 0x776ea7 bp 0x7feb75ffada0 sp 0x7feb75ffa560
WRITE of size 24 at 0x6030000046a4 thread T3
    #0 0x776ea6 in write_msghdr sanitizer_common_interceptors.inc:1888
    #1 0x777403 in __interceptor_recvmsg sanitizer_common_interceptors.inc:1899
    #2 0x7feb8462f491 in mir::client::rpc::MirSocketRpcChannel::receive_file_descriptors(std::vector<int, std::allocator<int> >&) mir_socket_rpc_channel.cpp:258 (discriminator 2)
    #3 0x7feb8462dc04 in mir::client::rpc::MirSocketRpcChannel::receive_file_descriptors(google::protobuf::Message*, google::protobuf::Closure*) mir_socket_rpc_channel.cpp:200
    #4 0x7feb8466a6b9 in google::protobuf::internal::MethodClosure2<mir::client::rpc::MirSocketRpcChannel, google::protobuf::Message*, google::protobuf::Closure*>::Run() common.h:987 (discriminator 4)
    #5 0x7feb846c9eab in mir::client::rpc::detail::PendingCallCache::complete_response(mir::protobuf::wire::Result&) mir_basic_rpc_channel.cpp:68
    #6 0x7feb84632dca in mir::client::rpc::MirSocketRpcChannel::read_message() mir_socket_rpc_channel.cpp:377
    #7 0x7feb84631ee3 in mir::client::rpc::MirSocketRpcChannel::on_header_read(boost::system::error_code const&) mir_socket_rpc_channel.cpp:340
    #8 0x7feb8468d0eb in boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>::operator()(mir::client::rpc::MirSocketRpcChannel*, boost::system::error_code const&) const mem_fn_template.hpp:165 (discriminator 4)
    #9 0x7feb8468cbc1 in void boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()>::operator()<boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::system::error_code const&, unsigned long const&> >(boost::_bi::type<void>, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>&, boost::_bi::list2<boost::system::error_code const&, unsigned long const&>&, int) bind.hpp:313
    #10 0x7feb8468c5dc in void boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> >::operator()<boost::system::error_code, unsigned long>(boost::system::error_code const&, unsigned long const&) bind_template.hpp:102
    #11 0x7feb8468bc9b in boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >::operator()(boost::system::error_code const&, unsigned long, int) read.hpp:282
    #12 0x7feb8469b010 in boost::asio::detail::binder2<boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >, boost::system::error_code, unsigned long>::operator()() bind_handler.hpp:127
    #13 0x7feb8469ae52 in void boost::asio::asio_handler_invoke<boost::asio::detail::binder2<boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >, boost::system::error_code, unsigned long> >(boost::asio::detail::binder2<boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >, boost::system::error_code, unsigned long>&, ...) handler_invoke_hook.hpp:69
    #14 0x7feb8469abc4 in void boost_asio_handler_invoke_helpers::invoke<boost::asio::detail::binder2<boost::asio::detail::read_op<boost::asio::basic_stream_so
cket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >, boost::system::error_code, unsigned long>, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >(boost::asio::detail::binder2<boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >, boost::system::error_code, unsigned long>&, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> >&) handler_invoke_helpers.hpp:37
    #15 0x7feb8469a9d4 in void boost::asio::detail::asio_handler_invoke<boost::asio::detail::binder2<boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >, boost::system::error_code, unsigned long>, boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >(boost::asio::detail::binder2<boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >, boost::system::error_code, unsigned long>&, boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >*) read.hpp:502
    #16 0x7feb8469a552 in void boost_asio_handler_invoke_helpers::invoke<boost::asio::detail::binder2<boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >, boost::system::error_code, unsigned long>, boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > > >(boost::asio::detail::binder2<boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >, boost::system::error_code, unsigned long>&, boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >&) handler_invoke_helpers.hpp:37
    #17 0x7feb84697173 in boost::asio::detail::reactive_socket_recv_op<boost::asio::mutable_buffers_1, boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > > >::do_complete(boost::asio::detail::task_io_service*, boost::asio::detail::task_io_service_operation*, boost::system::error_code const&, unsigned long) reactive_socket_recv_op.hpp:110
    #18 0x7feb85062d58 in boost::asio::detail::task_io_service_operation::complete(boost::asio::detail::task_io_service&, boost::system::error_code const&, unsigned long) task_io_service_operation.hpp:38
    #19 0x7feb8506127e in boost::asio::detail::epoll_reactor::descriptor_state::do_complete(boost::asio::detail::task_io_service*, boost::asio::detail::task_io
_service_operation*, boost::system::error_code const&, unsigned long) epoll_reactor.ipp:651
    #20 0x7feb85062d58 in boost::asio::detail::task_io_service_operation::complete(boost::asio::detail::task_io_service&, boost::system::error_code const&, unsigned long) task_io_service_operation.hpp:38
    #21 0x7feb8508e113 in boost::asio::detail::task_io_service::do_run_one(boost::asio::detail::scoped_lock<boost::asio::detail::posix_mutex>&, boost::asio::detail::task_io_service_thread_info&, boost::system::error_code const&) task_io_service.ipp:384
    #22 0x7feb8508b359 in boost::asio::detail::task_io_service::run(boost::system::error_code&) task_io_service.ipp:153
    #23 0x7feb850101e1 in boost::asio::io_service::run() io_service.ipp:59
    #24 0x7feb8463fec6 in mir::client::rpc::MirSocketRpcChannel::init()::$_0::operator()() const mir_socket_rpc_channel.cpp:118
    #25 0x7feb8463f242 in void std::_Bind_simple<mir::client::rpc::MirSocketRpcChannel::init()::$_0 ()>::_M_invoke<>(std::_Index_tuple<>) functional:1731
    #26 0x7feb8463f0c2 in std::_Bind_simple<mir::client::rpc::MirSocketRpcChannel::init()::$_0 ()>::operator()() functional:1720
    #27 0x7feb8463ef52 in std::thread::_Impl<std::_Bind_simple<mir::client::rpc::MirSocketRpcChannel::init()::$_0 ()> >::_M_run() thread:115
    #28 0x7feb80e2346f in std::this_thread::__sleep_for(std::chrono::duration<long, std::ratio<1l, 1l> >, std::chrono::duration<long, std::ratio<1l, 1000000000l> >) ??:?
    #29 0x7feb8158e181 in start_thread pthread_create.c:312 (discriminator 2)
    #30 0x7feb8088a30c in clone clone.S:111

0x6030000046a4 is located 0 bytes to the right of 20-byte region [0x603000004690,0x6030000046a4)
allocated by thread T3 here:
    #0 0x7317c1 in operator new(unsigned long) _asan_rtl_
    #1 0x7feb853755f6 in __gnu_cxx::new_allocator<char>::allocate(unsigned long, void const*) new_allocator.h:104
    #2 0x7feb85375340 in std::_Vector_base<char, std::allocator<char> >::_M_allocate(unsigned long) stl_vector.h:168 (discriminator 1)
    #3 0x7feb85374fdd in std::_Vector_base<char, std::allocator<char> >::_M_create_storage(unsigned long) stl_vector.h:181
    #4 0x7feb85373583 in std::_Vector_base<char, std::allocator<char> >::_Vector_base(unsigned long, std::allocator<char> const&) stl_vector.h:136
    #5 0x7feb8537035b in std::vector<char, std::allocator<char> >::vector(unsigned long, std::allocator<char> const&) stl_vector.h:271
    #6 0x7feb8462eec1 in mir::client::rpc::MirSocketRpcChannel::receive_file_descriptors(std::vector<int, std::allocator<int> >&) mir_socket_rpc_channel.cpp:237
    #7 0x7feb8462dc04 in mir::client::rpc::MirSocketRpcChannel::receive_file_descriptors(google::protobuf::Message*, google::protobuf::Closure*) mir_socket_rpc_channel.cpp:200
    #8 0x7feb8466a6b9 in google::protobuf::internal::MethodClosure2<mir::client::rpc::MirSocketRpcChannel, google::protobuf::Message*, google::protobuf::Closure*>::Run() common.h:987 (discriminator 4)
    #9 0x7feb846c9eab in mir::client::rpc::detail::PendingCallCache::complete_response(mir::protobuf::wire::Result&) mir_basic_rpc_channel.cpp:68
    #10 0x7feb84632dca in mir::client::rpc::MirSocketRpcChannel::read_message() mir_socket_rpc_channel.cpp:377
    #11 0x7feb84631ee3 in mir::client::rpc::MirSocketRpcChannel::on_header_read(boost::system::error_code const&) mir_socket_rpc_channel.cpp:340
    #12 0x7feb8468d0eb in boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>::operator()(mir::client::rpc::MirSocketRpcChannel*, boost::system::error_code const&) const mem_fn_template.hpp:165 (discriminator 4)
    #13 0x7feb8468cbc1 in void boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()>::operator()<boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::system::error_code const&, unsigned long const&> >(boost::_bi::type<void>, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>&, boost::_bi::list2<boost::system::error_code const&, unsigned long const&>&, int) bind.hpp:313
    #14 0x7feb8468c5dc in void boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> >::operator()<boost::system::error_code, unsigned long>(boost::system::error_code const&, unsigned long const&) bind_template.hpp:102
    #15 0x7feb8468bc9b in boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service
<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<voi
d, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >::operator()(boost::system::error_code const&, unsigned long, int) read.hpp:282
    #16 0x7feb8469b010 in boost::asio::detail::binder2<boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >, boost::system::error_code, unsigned long>::operator()() bind_handler.hpp:127
    #17 0x7feb8469ae52 in void boost::asio::asio_handler_invoke<boost::asio::detail::binder2<boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >, boost::system::error_code, unsigned long> >(boost::asio::detail::binder2<boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >, boost::system::error_code, unsigned long>&, ...) handler_invoke_hook.hpp:69
    #18 0x7feb8469abc4 in void boost_asio_handler_invoke_helpers::invoke<boost::asio::detail::binder2<boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >, boost::system::error_code, unsigned long>, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >(boost::asio::detail::binder2<boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >, boost::system::error_code, unsigned long>&, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> >&) handler_invoke_helpers.hpp:37
    #19 0x7feb8469a9d4 in void boost::asio::detail::asio_handler_invoke<boost::asio::detail::binder2<boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >, boost::system::error_code, unsigned long>, boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >(boost::asio::detail::binder2<boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >, boost::system::error_code, unsigned long>&, boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >*) read.hpp:502
    #20 0x7feb8469a552 in void boost_asio_handler_invoke_helpers::invoke<boost::asio::detail::binder2<boost::asio::detail::read_op<boost::asio::basic_stream_so
cket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asi
o::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost:
:_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >, boost::system::error_code, unsigned long>, boost::asio::detail
::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boos
t::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boo
st::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > > >(boost::asio::detail::binder2<boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >, boost::system::error_code, unsigned long>&, boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > >&) handler_invoke_helpers.hpp:37
    #21 0x7feb84697173 in boost::asio::detail::reactive_socket_recv_op<boost::asio::mutable_buffers_1, boost::asio::detail::read_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::mutable_buffers_1, boost::asio::detail::transfer_exactly_t, boost::_bi::bind_t<void, boost::_mfi::mf1<void, mir::client::rpc::MirSocketRpcChannel, boost::system::error_code const&>, boost::_bi::list2<boost::_bi::value<mir::client::rpc::MirSocketRpcChannel*>, boost::arg<1> (*)()> > > >::do_complete(boost::asio::detail::task_io_service*, boost::asio::detail::task_io_service_operation*, boost::system::error_code const&, unsigned long) reactive_socket_recv_op.hpp:110
    #22 0x7feb85062d58 in boost::asio::detail::task_io_service_operation::complete(boost::asio::detail::task_io_service&, boost::system::error_code const&, unsigned long) task_io_service_operation.hpp:38
    #23 0x7feb8506127e in boost::asio::detail::epoll_reactor::descriptor_state::do_complete(boost::asio::detail::task_io_service*, boost::asio::detail::task_io_service_operation*, boost::system::error_code const&, unsigned long) epoll_reactor.ipp:651
    #24 0x7feb85062d58 in boost::asio::detail::task_io_service_operation::complete(boost::asio::detail::task_io_service&, boost::system::error_code const&, unsigned long) task_io_service_operation.hpp:38
    #25 0x7feb8508e113 in boost::asio::detail::task_io_service::do_run_one(boost::asio::detail::scoped_lock<boost::asio::detail::posix_mutex>&, boost::asio::detail::task_io_service_thread_info&, boost::system::error_code const&) task_io_service.ipp:384
    #26 0x7feb8508b359 in boost::asio::detail::task_io_service::run(boost::system::error_code&) task_io_service.ipp:153
    #27 0x7feb850101e1 in boost::asio::io_service::run() io_service.ipp:59
    #28 0x7feb8463fec6 in mir::client::rpc::MirSocketRpcChannel::init()::$_0::operator()() const mir_socket_rpc_channel.cpp:118
    #29 0x7feb8463f242 in void std::_Bind_simple<mir::client::rpc::MirSocketRpcChannel::init()::$_0 ()>::_M_invoke<>(std::_Index_tuple<>) functional:1731

Thread T3 created by T0 here:
    #0 0x74cece in __interceptor_pthread_create _asan_rtl_ (discriminator 2)
    #1 0x7feb80e23580 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>) ??:?
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 ??
Shadow bytes around the buggy address:
  0x0c067fff8880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff8890: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff88a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff88b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff88c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c067fff88d0: fa fa 00 00[04]fa fa fa 00 00 00 00 fa fa 00 00
  0x0c067fff88e0: 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa
  0x0c067fff88f0: 00 00 00 00 fa fa 00 00 00 00 fa fa fd fd fd fd
  0x0c067fff8900: fa fa 00 00 00 06 fa fa 00 00 00 00 fa fa fd fd
  0x0c067fff8910: fd fd fa fa 00 00 00 00 fa fa fd fd fd fd fa fa
  0x0c067fff8920: 00 00 00 00 fa fa fd fd fd fd fa fa 00 00 00 04
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Heap right redzone: fb
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack partial redzone: f4
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  Container overflow: fc
  ASan internal: fe
==20349==ABORTING

------

This issue happens on almost every Mir test which makes asan testing on Mir all but impossible.

This issue either needs to be fixed or, if this is a bug in asan or false positive, reported to upstream and a suppression needs to be added. Instructions on how to do that is here: http://clang.llvm.org/docs/AddressSanitizer.html

Related branches

lp:~afrantzis/mir/correct-cmsg-storage-1320821
PS Jenkins bot (community): Approve (continuous-integration)
Alberto Aguirre (community): Approve
Alan Griffiths: Approve
Diff: 128 lines (+36/-23)
2 files modified
src/client/rpc/mir_socket_rpc_channel.cpp (+24/-16)
src/server/frontend/socket_messenger.cpp (+12/-7)
lp:ubuntu/utopic-proposed/mir
Alexandros Frantzis (afrantzis)
Changed in mir:
status: New → In Progress
importance: Undecided → High
assignee: nobody → Alexandros Frantzis (afrantzis)
Daniel van Vugt (vanvugt)
Changed in mir:
milestone: none → 0.2.0
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

Fix committed into lp:mir/devel at revision None, scheduled for release in mir, milestone Unknown

Changed in mir:
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (7.2 KiB)

This bug was fixed in the package mir - 0.2.0+14.10.20140605-0ubuntu1

---------------
mir (0.2.0+14.10.20140605-0ubuntu1) utopic; urgency=medium

  [ Daniel van Vugt ]
  * New upstream release 0.2.0 (https://launchpad.net/mir/+milestone/0.2.0)
    - mirclient ABI unchanged, still at 7. Clients do not need rebuilding.
    - mirserver ABI bumped to 20. Shells need rebuilding.
      . Cursor::set_image() parameters changed.
      . Display::the_cursor() renamed to Display::create_hardware_cursor()
      . Platform::create_display() requires a new parameter; gl_program_factory
      . Renderable::buffer() no longer accepts any parameter at all. Multi-
        monitor frame sync is guaranteed in other ways now.
      . Scene::generate_renderable_list() renamed to renderable_list_for(id)
        where id is an opaque compositor ID of your choosing.
      . Scene::set_change_callback() replaced by the more generic:
        add_observer() and remove_observer() functions.
      . Added default implementation for SceneObserver.
      . SessionCreator renamed to ConnectionCreator.
      . ConnectedSessions renamed to Connections.
      . ProtobufSessionCreator renamed to ProtobufConnectionCreator.
      . SessionAuthorizer: pid_t parameters replaced by SessionCredentials.
      . Massive architectural changes to Input-everything.
      . Surface no longer implements Renderable, but emits one via
        compositor_snapshot().
      . Pass the full renderable list to Renderer::render().
      . Graceful handling of exceptions thrown from server threads.
      . Clarify size position interfaces in the Surface classes.
      . Plumbing for trusted sessions.
      . Allow posting and managing custom main-loop actions.
      . Timer extension.
      . Identify client process when client connects to Mir not when socket
        connects.
      . Use the ServerActionQueue for display config.
      . Recomposition signal moved to the MultiThreadedCompositor.
      . Make timer service replaceable.
      . Clarify assumptions about how many buffers a client can fill without
        blocking.
      . Introduce EmergencyCleanup interface.
    - Demo shell enhancements:
      . You can now change graphics modes on the fly using Ctrl+Alt+(-/=).
        To reset to the preferred mode use Ctrl+Alt+0.
      . The above mode changing as well as existing screen rotation keys
        (Ctrl+Alt+arrows) are now per-display; only applied to the monitor
        the mouse pointer is on.
      . New shell controls documented.
    - A new testing category, performance test, was introduced. It currently
      runs glmark2-es2 and compares the result to a minimum threshold.
    - MIR_VERSION_MINOR is tied to MIRSERVER_ABI in the sense that a change
      in the former now requires dependent projects that a rebuild is
      necessary.
    - SwitchingBundle was replaced by BufferQueue.
    - Expand credentials to include uid/gid for session authorizer.
    - Bypass control is now Mesa-specific and tied to the command line options.
      So the environment variable MIR_BYPASS has changed to MIR_SERVER_BYPASS.
    - Ongoing architectural changes in the compositor/renderer logic to
   ...

Read more...

Changed in mir (Ubuntu):
status: New → Fix Released
Daniel van Vugt (vanvugt)
Changed in mir:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.