-
Andrey Ryabinin authored
Ghost file entry used right after it has been freed: ERROR: AddressSanitizer: heap-use-after-free on address 0x60700000dc50 READ of size 4 at 0x60700000dc50 thread T0 #0 0x46e819 in open_remap_ghost criu/files-reg.c:312 #1 0x46e819 in prepare_one_remap criu/files-reg.c:461 #2 0x46e819 in prepare_remaps criu/files-reg.c:507 #3 0x45af00 in root_prepare_shared criu/cr-restore.c:235 #4 0x45af00 in restore_task_with_children criu/cr-restore.c:1421 #5 0x7efc71e85f0c in clone (/lib64/libc.so.6+0xe7f0c) 0x60700000dc50 is located 32 bytes inside of 80-byte region [0x60700000dc30,0x60700000dc80) freed by thread T0 here: #0 0x7efc7305184a in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/libasan.so.2+0x9884a) #1 0x46e4df in open_remap_ghost criu/files-reg.c:309 #2 0x46e4df in prepare_one_remap criu/files-reg.c:461 #3 0x46e4df in prepare_remaps criu/files-reg.c:507 previously allocated by thread T0 here: #0 0x7efc73051b82 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/libasan.so.2+0x98b82) #1 0x7efc7277a8ea in protobuf_c_message_unpack (/usr/lib64/libprotobuf-c.so.1+0x48ea) #2 0xd528232002838017 (<unknown module>) Just move freeing after the last 'gfe' usage to fix this. Fixes: d0097b2d ("files: Support ghost directories restore") travis-ci: success for files-reg: fix use-after-free in open_remap_ghost() Signed-off-by:
Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@virtuozzo.com>
ec40484e
| Name |
Last commit
|
Last update |
|---|---|---|
| Documentation | ||
| contrib | ||
| coredump | ||
| crit | ||
| criu | ||
| images | ||
| include/common | ||
| lib | ||
| scripts | ||
| soccr | ||
| test | ||
| .gitignore | ||
| .mailmap | ||
| .travis.yml | ||
| COPYING | ||
| CREDITS | ||
| INSTALL.md | ||
| Makefile | ||
| Makefile.config | ||
| Makefile.install | ||
| Makefile.versions | ||
| README.md |