Uploaded image for project: 'Apache NiFi MiNiFi C++'
  1. Apache NiFi MiNiFi C++
  2. MINIFICPP-1089

Use after free in RESTSender::sendPayload

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.6.0
    • 0.7.0
    • None

    Description

      ==28232== Invalid write of size 1
==28232==    at 0x7814AF: store (atomic_base.h:374)
==28232==    by 0x7814AF: operator= (atomic_base.h:267)
==28232==    by 0x7814AF: operator= (atomic:79)
==28232==    by 0x7814AF: org::apache::nifi::minifi::utils::HTTPClient::forceClose() (HTTPClient.cpp:118)
==28232==    by 0x78255B: org::apache::nifi::minifi::utils::HTTPClient::~HTTPClient() (HTTPClient.cpp:106)
==28232==    by 0x77E8E2: org::apache::nifi::minifi::c2::RESTSender::sendPayload(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, org::apache::nifi::minifi::c2::Direction, org::apache::nifi::minifi::c2::C2Payload const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) (RESTSender.cpp:96)
==28232==    by 0x77D653: org::apache::nifi::minifi::c2::RESTSender::consumePayload(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, org::apache::nifi::minifi::c2::C2Payload const&, org::apache::nifi::minifi::c2::Direction, bool) (RESTSender.cpp:69)
==28232==    by 0x77CDCA: org::apache::nifi::minifi::c2::RESTSender::consumePayload(org::apache::nifi::minifi::c2::C2Payload const&, org::apache::nifi::minifi::c2::Direction, bool) (RESTSender.cpp:76)
==28232==    by 0x4D47C1: org::apache::nifi::minifi::c2::C2Agent::performHeartBeat() (C2Agent.cpp:329)
==28232==    by 0x4D8969: org::apache::nifi::minifi::c2::C2Agent::C2Agent(std::shared_ptr<org::apache::nifi::minifi::core::controller::ControllerServiceProvider> const&, std::shared_ptr<org::apache::nifi::minifi::state::StateMonitor> const&, std::shared_ptr<org::apache::nifi::minifi::Configure> const&)::{lambda()#1}::operator()() const (C2Agent.cpp:95)
==28232==    by 0x4D8DDC: std::_Function_handler<org::apache::nifi::minifi::state::Update (), org::apache::nifi::minifi::c2::C2Agent::C2Agent(std::shared_ptr<org::apache::nifi::minifi::core::controller::ControllerServiceProvider> const&, std::shared_ptr<org::apache::nifi::minifi::state::StateMonitor> const&, std::shared_ptr<org::apache::nifi::minifi::Configure> const&)::{lambda()#1}>::_M_invoke(std::_Any_data const&) (std_function.h:302)
==28232==    by 0x4B983A: operator() (std_function.h:706)
==28232==    by 0x4B983A: org::apache::nifi::minifi::utils::Worker<org::apache::nifi::minifi::state::Update>::run() (ThreadPool.h:123)
==28232==    by 0x4C045B: org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::run_tasks(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>) (ThreadPool.h:586)
==28232==    by 0x4BA858: __invoke_impl<void, void (org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::*&)(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>), org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>*&, std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>&> (invoke.h:73)
==28232==    by 0x4BA858: __invoke<void (org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::*&)(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>), org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>*&, std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>&> (invoke.h:95)
==28232==    by 0x4BA858: __call<void, 0, 1> (functional:467)
==28232==    by 0x4BA858: operator()<> (functional:551)
==28232==    by 0x4BA858: std::_Function_handler<void (), std::_Bind<void (org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::*(org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>*, std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>))(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>)> >::_M_invoke(std::_Any_data const&) (std_function.h:316)
==28232==    by 0x601A66E: ??? (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25)
==28232==  Address 0x10e60d28 is 40 bytes inside a block of size 64 free'd
==28232==    at 0x4C3123B: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28232==    by 0x77E89D: operator() (unique_ptr.h:78)
==28232==    by 0x77E89D: ~unique_ptr (unique_ptr.h:268)
==28232==    by 0x77E89D: org::apache::nifi::minifi::c2::RESTSender::sendPayload(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, org::apache::nifi::minifi::c2::Direction, org::apache::nifi::minifi::c2::C2Payload const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) (RESTSender.cpp:101)
==28232==    by 0x77D653: org::apache::nifi::minifi::c2::RESTSender::consumePayload(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, org::apache::nifi::minifi::c2::C2Payload const&, org::apache::nifi::minifi::c2::Direction, bool) (RESTSender.cpp:69)
==28232==    by 0x77CDCA: org::apache::nifi::minifi::c2::RESTSender::consumePayload(org::apache::nifi::minifi::c2::C2Payload const&, org::apache::nifi::minifi::c2::Direction, bool) (RESTSender.cpp:76)
==28232==    by 0x4D47C1: org::apache::nifi::minifi::c2::C2Agent::performHeartBeat() (C2Agent.cpp:329)
==28232==    by 0x4D8969: org::apache::nifi::minifi::c2::C2Agent::C2Agent(std::shared_ptr<org::apache::nifi::minifi::core::controller::ControllerServiceProvider> const&, std::shared_ptr<org::apache::nifi::minifi::state::StateMonitor> const&, std::shared_ptr<org::apache::nifi::minifi::Configure> const&)::{lambda()#1}::operator()() const (C2Agent.cpp:95)
==28232==    by 0x4D8DDC: std::_Function_handler<org::apache::nifi::minifi::state::Update (), org::apache::nifi::minifi::c2::C2Agent::C2Agent(std::shared_ptr<org::apache::nifi::minifi::core::controller::ControllerServiceProvider> const&, std::shared_ptr<org::apache::nifi::minifi::state::StateMonitor> const&, std::shared_ptr<org::apache::nifi::minifi::Configure> const&)::{lambda()#1}>::_M_invoke(std::_Any_data const&) (std_function.h:302)
==28232==    by 0x4B983A: operator() (std_function.h:706)
==28232==    by 0x4B983A: org::apache::nifi::minifi::utils::Worker<org::apache::nifi::minifi::state::Update>::run() (ThreadPool.h:123)
==28232==    by 0x4C045B: org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::run_tasks(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>) (ThreadPool.h:586)
==28232==    by 0x4BA858: __invoke_impl<void, void (org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::*&)(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>), org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>*&, std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>&> (invoke.h:73)
==28232==    by 0x4BA858: __invoke<void (org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::*&)(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>), org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>*&, std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>&> (invoke.h:95)
==28232==    by 0x4BA858: __call<void, 0, 1> (functional:467)
==28232==    by 0x4BA858: operator()<> (functional:551)
==28232==    by 0x4BA858: std::_Function_handler<void (), std::_Bind<void (org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::*(org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>*, std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>))(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>)> >::_M_invoke(std::_Any_data const&) (std_function.h:316)
==28232==    by 0x601A66E: ??? (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25)
==28232==    by 0x4E436DA: start_thread (pthread_create.c:463)
==28232==  Block was alloc'd at
==28232==    at 0x4C3017F: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28232==    by 0x77E934: org::apache::nifi::minifi::c2::RESTSender::sendPayload(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, org::apache::nifi::minifi::c2::Direction, org::apache::nifi::minifi::c2::C2Payload const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) (RESTSender.cpp:104)
==28232==    by 0x77D653: org::apache::nifi::minifi::c2::RESTSender::consumePayload(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, org::apache::nifi::minifi::c2::C2Payload const&, org::apache::nifi::minifi::c2::Direction, bool) (RESTSender.cpp:69)
==28232==    by 0x77CDCA: org::apache::nifi::minifi::c2::RESTSender::consumePayload(org::apache::nifi::minifi::c2::C2Payload const&, org::apache::nifi::minifi::c2::Direction, bool) (RESTSender.cpp:76)
==28232==    by 0x4D47C1: org::apache::nifi::minifi::c2::C2Agent::performHeartBeat() (C2Agent.cpp:329)
==28232==    by 0x4D8969: org::apache::nifi::minifi::c2::C2Agent::C2Agent(std::shared_ptr<org::apache::nifi::minifi::core::controller::ControllerServiceProvider> const&, std::shared_ptr<org::apache::nifi::minifi::state::StateMonitor> const&, std::shared_ptr<org::apache::nifi::minifi::Configure> const&)::{lambda()#1}::operator()() const (C2Agent.cpp:95)
==28232==    by 0x4D8DDC: std::_Function_handler<org::apache::nifi::minifi::state::Update (), org::apache::nifi::minifi::c2::C2Agent::C2Agent(std::shared_ptr<org::apache::nifi::minifi::core::controller::ControllerServiceProvider> const&, std::shared_ptr<org::apache::nifi::minifi::state::StateMonitor> const&, std::shared_ptr<org::apache::nifi::minifi::Configure> const&)::{lambda()#1}>::_M_invoke(std::_Any_data const&) (std_function.h:302)
==28232==    by 0x4B983A: operator() (std_function.h:706)
==28232==    by 0x4B983A: org::apache::nifi::minifi::utils::Worker<org::apache::nifi::minifi::state::Update>::run() (ThreadPool.h:123)
==28232==    by 0x4C045B: org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::run_tasks(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>) (ThreadPool.h:586)
==28232==    by 0x4BA858: __invoke_impl<void, void (org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::*&)(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>), org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>*&, std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>&> (invoke.h:73)
==28232==    by 0x4BA858: __invoke<void (org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::*&)(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>), org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>*&, std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>&> (invoke.h:95)
==28232==    by 0x4BA858: __call<void, 0, 1> (functional:467)
==28232==    by 0x4BA858: operator()<> (functional:551)
==28232==    by 0x4BA858: std::_Function_handler<void (), std::_Bind<void (org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>::*(org::apache::nifi::minifi::utils::ThreadPool<org::apache::nifi::minifi::state::Update>*, std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>))(std::shared_ptr<org::apache::nifi::minifi::utils::WorkerThread>)> >::_M_invoke(std::_Any_data const&) (std_function.h:316)
==28232==    by 0x601A66E: ??? (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25)
==28232==    by 0x4E436DA: start_thread (pthread_create.c:463)

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. MINIFICPP-1090 HTTP client should own callbacks

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #686

          Activity

            People

              aboda Arpad Boda
              aboda Arpad Boda
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m