Description
=================================================================
==13159==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x2b5ec8877660 at pc 0x0000004fcdf1 bp 0x2b5ec8875c60 sp 0x2b5ec8875410
READ of size 260 at 0x2b5ec8877660 thread T21 ([ET_NET 20])
#0 0x4fcdf0 in printf_common(void*, char const*, __va_list_tag*) [clone .isra.6] (/usr/local/bin/traffic_server+0x4fcdf0)
#1 0x4fd744 in vfprintf (/usr/local/bin/traffic_server+0x4fd744)
#2 0x2b5ec1a668ee in vprintline<1024> /home/bcall/dev/trafficserver/lib/ts/Diags.cc:61
#3 0x2b5ec1a668ee in Diags::print_va(char const*, DiagsLevel, SrcLoc const*, char const*, __va_list_tag*) const /home/bcall/dev/trafficserver/lib/ts/Diags.cc:340
#4 0x2b5ec1a6765f in Diags::error_va(DiagsLevel, char const*, char const*, int, char const*, __va_list_tag*) const /home/bcall/dev/trafficserver/lib/ts/Diags.cc:572
#5 0x72a724 in Diags::error(DiagsLevel, char const*, char const*, int, char const*, ...) const /home/bcall/dev/trafficserver/lib/ts/Diags.h:242
#6 0x7455d6 in HttpSM::update_stats() /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6972
#7 0x77b07f in HttpSM::kill_this() /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6786
#8 0x77d6f7 in HttpSM::main_handler(int, void*) /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:2660
#9 0x832d3a in Continuation::handleEvent(int, void*) /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153
#10 0x832d3a in HttpTunnel::main_handler(int, void*) /home/bcall/dev/trafficserver/proxy/http/HttpTunnel.cc:1637
#11 0xcfdbb5 in Continuation::handleEvent(int, void*) /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153
#12 0xcfdbb5 in write_signal_and_update /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:181
#13 0xcfdbb5 in write_signal_done /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:223
#14 0xcfdbb5 in write_to_net_io(NetHandler*, UnixNetVConnection*, EThread*) /home/bcall/dev/trafficserver/iocore/net/UnixNetVConnection.cc:563
#15 0xcbc4ca in NetHandler::mainNetEvent(int, Event*) /home/bcall/dev/trafficserver/iocore/net/UnixNet.cc:529
#16 0xda8ce3 in Continuation::handleEvent(int, void*) /home/bcall/dev/trafficserver/iocore/eventsystem/I_Continuation.h:153
#17 0xda8ce3 in EThread::process_event(Event*, int) /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:148
#18 0xdabc8a in EThread::execute() /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEThread.cc:275
#19 0xda7a58 in spawn_thread_internal /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:86
#20 0x2b5ec2264aa0 in start_thread (/lib64/libpthread.so.0+0x3818807aa0)
#21 0x38180e893c in clone (/lib64/libc.so.6+0x38180e893c)
Address 0x2b5ec8877660 is located in stack of thread T21 ([ET_NET 20]) at offset 736 in frame
#0 0x7443ef in HttpSM::update_stats() /home/bcall/dev/trafficserver/proxy/http/HttpSM.cc:6827
This frame has 6 object(s):
[32, 36) 'offset'
[96, 100) 'skip'
[160, 164) 'length'
[224, 270) 'client_ip'
[320, 448) 'unique_id_string'
[480, 736) 'url_string' <== Memory access at offset 736 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions are supported)
Thread T21 ([ET_NET 20]) created by T0 ([ET_NET 0]) here:
#0 0x4d50b4 in pthread_create (/usr/local/bin/traffic_server+0x4d50b4)
#1 0xda85aa in ink_thread_create /home/bcall/dev/trafficserver/lib/ts/ink_thread.h:147
#2 0xda85aa in Thread::start(char const*, unsigned long, void* (void*), void*) /home/bcall/dev/trafficserver/iocore/eventsystem/Thread.cc:101
#3 0xdafff2 in EventProcessor::start(int, unsigned long) /home/bcall/dev/trafficserver/iocore/eventsystem/UnixEventProcessor.cc:141
#4 0x4ab7ed in main /home/bcall/dev/trafficserver/proxy/Main.cc:1733
#5 0x381801ed5c in __libc_start_main (/lib64/libc.so.6+0x381801ed5c)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 printf_common(void*, char const*, __va_list_tag*) [clone .isra.6]
Shadow bytes around the buggy address:
0x056c59106e70: f1 f1 f1 f1 04 f4 f4 f4 f2 f2 f2 f2 04 f4 f4 f4
0x056c59106e80: f2 f2 f2 f2 04 f4 f4 f4 f2 f2 f2 f2 00 00 00 00
0x056c59106e90: 00 06 f4 f4 f2 f2 f2 f2 00 00 00 00 00 00 00 00
0x056c59106ea0: 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 00
0x056c59106eb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x056c59106ec0: 00 00 00 00 00 00 00 00 00 00 00 00[f3]f3 f3 f3
0x056c59106ed0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
0x056c59106ee0: f1 f1 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x056c59106ef0: 00 00 00 00 00 00 00 00 00 00 00 f4 f4 f4 f3 f3
0x056c59106f00: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x056c59106f10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==13159==ABORTING