sergiotarxz/nuttx
sergiotarxz/nuttx
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
nuttx/net/local
History
ligd 00c0801743 local socket: fix accept used after free 
==1729315==ERROR: AddressSanitizer: heap-use-after-free on address 0xf0501d60 at pc 0x032ffe43 bp 0xef4ed158 sp 0xef4ed148
READ of size 2 at 0xf0501d60 thread T0
    #0 0x32ffe42 in nxsem_wait semaphore/sem_wait.c:94
    #1 0x3548cf5 in _net_timedwait utils/net_lock.c:97
    #2 0x3548f48 in net_sem_timedwait utils/net_lock.c:236
    #3 0x3548f8c in net_sem_wait utils/net_lock.c:318
    #4 0x350124d in local_accept local/local_accept.c:246
    #5 0x3492719 in psock_accept socket/accept.c:149
    #6 0x3492bcc in accept4 socket/accept.c:280
    #7 0x662dc04 in accept net/lib_accept.c:50
    #8 0x55c81ab in kvdb_loop kvdb/server.c:415
    #9 0x55c860a in kvdbd_main kvdb/server.c:458
    #10 0x33d968b in nxtask_startup sched/task_startup.c:70
    #11 0x32ec039 in nxtask_start task/task_start.c:134
    #12 0x34109be in pre_start sim/sim_initialstate.c:52

0xf0501d60 is located 288 bytes inside of 420-byte region [0xf0501c40,0xf0501de4)
freed by thread T0 here:
    #0 0xf7aa6a3f in __interceptor_free ../../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
    #1 0x73aa06e in host_free sim/posix/sim_hostmemory.c:192
    #2 0x34131d6 in mm_free sim/sim_heap.c:230
    #3 0x3409388 in free umm_heap/umm_free.c:49
    #4 0x35631f3 in local_free local/local_conn.c:225
    #5 0x3563f75 in local_release local/local_release.c:129
    #6 0x34f5a32 in local_close local/local_sockif.c:785
    #7 0x3496ee8 in psock_close socket/net_close.c:102
    #8 0x36500bc in sock_file_close socket/socket.c:115
    #9 0x3635f6c in file_close vfs/fs_close.c:74
    #10 0x3632439 in nx_close_from_tcb inode/fs_files.c:670
    #11 0x36324f3 in nx_close inode/fs_files.c:697
    #12 0x3632557 in close inode/fs_files.c:735
    #13 0x55be289 in property_set_ kvdb/client.c:210
    #14 0x55c0309 in property_set_int32_ kvdb/common.c:226
    #15 0x55c03f5 in property_set_int32_oneway kvdb/common.c:236

Signed-off-by: ligd <liguiding1@xiaomi.com>
2023-09-24 10:42:35 +08:00
..
CMakeLists.txt
build: add initial cmake build system
2023-07-08 13:50:48 +08:00
Kconfig
net/local: rename NET_LOCAL_VFS_PATH to follow linux
2023-01-04 20:50:38 +08:00
local_accept.c
local socket: fix accept used after free
2023-09-24 10:42:35 +08:00
local_bind.c
net/assert: remove all unnecessary check for psock/conn
2023-08-30 20:36:49 +08:00
local_conn.c
local socket: fix accept used after free
2023-09-24 10:42:35 +08:00
local_connect.c
net/assert: remove all unnecessary check for psock/conn
2023-08-30 20:36:49 +08:00
local_fifo.c
enable O_CLOEXEC explicit
2023-09-22 13:51:00 +08:00
local_listen.c
net/local: Support the abstract path to connect
2023-07-14 09:57:24 +08:00
local_netpoll.c
net: add poll lock for local socket poll
2023-08-08 08:43:18 +02:00
local_recvmsg.c
net/assert: remove all unnecessary check for psock/conn
2023-08-30 20:36:49 +08:00
local_recvutils.c
net/local: Return -EINVAL if the address length passed to local_bind is too small
2022-12-18 20:12:30 +02:00
local_release.c
net/local: remove client from server.lc_waiters when client close
2023-07-17 09:01:36 +02:00
local_sendmsg.c
net/assert: remove all unnecessary check for psock/conn
2023-08-30 20:36:49 +08:00
local_sendpacket.c
net/local: Return an error when write the too big packet.
2023-08-14 23:46:08 +08:00
local_sockif.c
local socket: fix accept used after free
2023-09-24 10:42:35 +08:00
local.h
local socket: fix accept used after free
2023-09-24 10:42:35 +08:00
Make.defs
net/socket: move si_send/recv into sendmsg/recvmsg
2021-03-05 04:46:13 -08:00