On Wed, Dec 14, 2016 at 02:24:23PM +0000, Pravin Kumaravel Manoharan wrote:
I tried to reproduce the issue mentioned in http://lists.osmocom.org/pipermail/openbsc/2016-December/009966.html .While running sanitizer script I got an error gcc: error: unrecognized command line option '-fsanitize=undefined' So, to avoid this I removed the option from CFLAGS+= and CXXFLAGS+= .
That's odd, all compilers I've used so far apparently support -fsanitize=address -fsanitize=undefined anyway:
Then I got the following error : ERROR: Address Sanitizer: heap-use-after-free on address 0x60380000a00c at pc 0x436acf bp 0x7ffc4456d4e0 sp 0x7ffc4456d4d8 but I didn't get any SIGSEGV in sgsn_create_pdp_ctx().
Have you reversed the order of those two lines I wrote about earlier to fix the use-after-free yet?
This is what I wrote:
I found a use-after-free which isn't the cause for above asan failure:
gsm0408_gprs_access_cancelled(mm, GMM_CAUSE_GPRS_NOTALLOWED); LOGMMCTXP(LOGL_NOTICE, mm, "No PDP context to deactivate\n");
gsm0408_gprs_access_cancelled() calls mm_ctx_cleanup_free(), and after that the local mm is non-NULL but freed. Change the order to:
LOGMMCTXP(LOGL_NOTICE, mm, "No PDP context to deactivate\n"); gsm0408_gprs_access_cancelled(mm, GMM_CAUSE_GPRS_NOTALLOWED);
(This second issue is shown when removing test_pdp_deactivation_with_pdp_ctx() from test_pdp_deactivation())
If you do that, do you still get any asan errors?
I hope that you'll be able to reproduce the segfault, since it was seen on both our build server as well as my own laptop...
~N