[AGENT++] [BUG] Access to freed memory during startup of snmp++v3.2.24 with agent++v3.5.30
Dominik Vogt
Dominik.Vogt at external.thalesgroup.com
Mon Jul 26 08:12:18 CEST 2010
The problem is even worse; it also affects creating the logging entries.
I did not have time to analyse the problem yet, but this is the output
of insure++ (in this specific case it's not a crash but a memory
violation). (snmp++v3.2.24 and agent++v3.5.30, both compiled with the
default configuration). The only other hint I have is that the problem
also occured during or shortly after startup of the program, but that
may be just by chance.
--
[log.h:155] **READ_DANGLING**
>> unsigned char get_class(void) const { return type & 0xF0; }
Reading from a dangling pointer: this, while accessing field "type"
Pointer : 0x097193c8
In block: 0x097193c8 thru 0x097193df (24 bytes)
new LogEntryImpl, allocated at log.cpp, 338
malloc() (interface)
operator new()
AgentLogImpl::create_log_entry() log.cpp, 338
DefaultLog::create_log_entry() ../include/snmp_pp/log.h, 499
Agentpp::thread_starter() threads.cpp, 482
stack trace where memory was freed:
free() (interface)
operator delete()
LogEntryImpl::~LogEntryImpl() log.cpp, 192
DefaultLog::delete_log_entry() ../include/snmp_pp/log.h, 515
Agentpp::TaskManager::TaskManager() threads.cpp, 761
Agentpp::ThreadPool::ThreadPool() threads.cpp, 864
Agentpp::QueuedThreadPool::QueuedThreadPool() threads.cpp, 882
[snip]
__do_global_ctors_aux()
_init()
call_init()
_dl_init()
Stack trace where the error occurred:
LogEntry::get_class() ../include/snmp_pp/log.h, 155
AgentLogImpl::operator+=() log.cpp, 352
Agentpp::thread_starter() threads.cpp, 485
--
log.h:499 is this code:
static void create_log_entry(unsigned char t)
{ if (!entry) { entry = log()->create_log_entry(t);
entry->init();} }
So despite the locking in the macros LOG_BEGIN and LOG_END, I managed
to corrupt the member "entry" of the class DefaultLog.
Ciao
Dominik ^_^ ^_^
More information about the AGENTPP
mailing list