nuttx

History

ligd 00c0801743 local socket: fix accept used after free ==1729315==ERROR: AddressSanitizer: heap-use-after-free on address 0xf0501d60 at pc 0x032ffe43 bp 0xef4ed158 sp 0xef4ed148 READ of size 2 at 0xf0501d60 thread T0 #0 0x32ffe42 in nxsem_wait semaphore/sem_wait.c:94 #1 0x3548cf5 in _net_timedwait utils/net_lock.c:97 #2 0x3548f48 in net_sem_timedwait utils/net_lock.c:236 #3 0x3548f8c in net_sem_wait utils/net_lock.c:318 #4 0x350124d in local_accept local/local_accept.c:246 #5 0x3492719 in psock_accept socket/accept.c:149 #6 0x3492bcc in accept4 socket/accept.c:280 #7 0x662dc04 in accept net/lib_accept.c:50 #8 0x55c81ab in kvdb_loop kvdb/server.c:415 #9 0x55c860a in kvdbd_main kvdb/server.c:458 #10 0x33d968b in nxtask_startup sched/task_startup.c:70 #11 0x32ec039 in nxtask_start task/task_start.c:134 #12 0x34109be in pre_start sim/sim_initialstate.c:52 0xf0501d60 is located 288 bytes inside of 420-byte region [0xf0501c40,0xf0501de4) freed by thread T0 here: #0 0xf7aa6a3f in __interceptor_free ../../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 #1 0x73aa06e in host_free sim/posix/sim_hostmemory.c:192 #2 0x34131d6 in mm_free sim/sim_heap.c:230 #3 0x3409388 in free umm_heap/umm_free.c:49 #4 0x35631f3 in local_free local/local_conn.c:225 #5 0x3563f75 in local_release local/local_release.c:129 #6 0x34f5a32 in local_close local/local_sockif.c:785 #7 0x3496ee8 in psock_close socket/net_close.c:102 #8 0x36500bc in sock_file_close socket/socket.c:115 #9 0x3635f6c in file_close vfs/fs_close.c:74 #10 0x3632439 in nx_close_from_tcb inode/fs_files.c:670 #11 0x36324f3 in nx_close inode/fs_files.c:697 #12 0x3632557 in close inode/fs_files.c:735 #13 0x55be289 in property_set_ kvdb/client.c:210 #14 0x55c0309 in property_set_int32_ kvdb/common.c:226 #15 0x55c03f5 in property_set_int32_oneway kvdb/common.c:236 Signed-off-by: ligd <liguiding1@xiaomi.com>		2023-09-24 10:42:35 +08:00
..
CMakeLists.txt	build: add initial cmake build system	2023-07-08 13:50:48 +08:00
Kconfig	net/local: rename NET_LOCAL_VFS_PATH to follow linux	2023-01-04 20:50:38 +08:00
local_accept.c	local socket: fix accept used after free	2023-09-24 10:42:35 +08:00
local_bind.c	net/assert: remove all unnecessary check for psock/conn	2023-08-30 20:36:49 +08:00
local_conn.c	local socket: fix accept used after free	2023-09-24 10:42:35 +08:00
local_connect.c	net/assert: remove all unnecessary check for psock/conn	2023-08-30 20:36:49 +08:00
local_fifo.c	enable O_CLOEXEC explicit	2023-09-22 13:51:00 +08:00
local_listen.c	net/local: Support the abstract path to connect	2023-07-14 09:57:24 +08:00
local_netpoll.c	net: add poll lock for local socket poll	2023-08-08 08:43:18 +02:00
local_recvmsg.c	net/assert: remove all unnecessary check for psock/conn	2023-08-30 20:36:49 +08:00
local_recvutils.c	net/local: Return -EINVAL if the address length passed to local_bind is too small	2022-12-18 20:12:30 +02:00
local_release.c	net/local: remove client from server.lc_waiters when client close	2023-07-17 09:01:36 +02:00
local_sendmsg.c	net/assert: remove all unnecessary check for psock/conn	2023-08-30 20:36:49 +08:00
local_sendpacket.c	net/local: Return an error when write the too big packet.	2023-08-14 23:46:08 +08:00
local_sockif.c	local socket: fix accept used after free	2023-09-24 10:42:35 +08:00
local.h	local socket: fix accept used after free	2023-09-24 10:42:35 +08:00
Make.defs