[AGENT++] [BUG] Access to freed memory during startup of snmp++v3.2.24 with agent++v3.5.30

Jochen Katz katz at agentpp.com
Mon Jul 26 22:00:42 CEST 2010 

Hi,

I think this is also caused by the not thread safe init() function. You
can have two AgentLogImpl objects and as the mutex of the AgentLogImpl
is used you can create two log entries...

Regards,
  Jochen

Am 26.07.2010 08:12, schrieb Dominik Vogt:
> The problem is even worse; it also affects creating the logging entries.
> I did not have time to analyse the problem yet, but this is the output
> of insure++ (in this specific case it's not a crash but a memory
> violation).  (snmp++v3.2.24 and agent++v3.5.30, both compiled with the
> default configuration).  The only other hint I have is that the problem
> also occured during or shortly after startup of the program, but that
> may be just by chance.
> 
> --
> [log.h:155] **READ_DANGLING**
>>>         unsigned char get_class(void) const { return type & 0xF0; }
> 
>   Reading from a dangling pointer: this, while accessing field "type"
> 
>   Pointer : 0x097193c8
>   In block: 0x097193c8 thru 0x097193df (24 bytes)
>                   new LogEntryImpl, allocated at log.cpp, 338
>                           malloc()  (interface)
>                     operator new()
>   AgentLogImpl::create_log_entry()  log.cpp, 338
>     DefaultLog::create_log_entry()  ../include/snmp_pp/log.h, 499
>          Agentpp::thread_starter()  threads.cpp, 482
> 
> stack trace where memory was freed:
>                             free()  (interface)
>                  operator delete()
>      LogEntryImpl::~LogEntryImpl()  log.cpp, 192
>     DefaultLog::delete_log_entry()  ../include/snmp_pp/log.h, 515
> Agentpp::TaskManager::TaskManager()  threads.cpp, 761
>  Agentpp::ThreadPool::ThreadPool()  threads.cpp, 864
> Agentpp::QueuedThreadPool::QueuedThreadPool()  threads.cpp, 882
> [snip]
>            __do_global_ctors_aux()
>                            _init()
>                        call_init()
>                         _dl_init()
> 
>   Stack trace where the error occurred:
>              LogEntry::get_class()  ../include/snmp_pp/log.h, 155
>         AgentLogImpl::operator+=()  log.cpp, 352
>          Agentpp::thread_starter()  threads.cpp, 485
> --
> 
> log.h:499 is this code:
> 
>   static void create_log_entry(unsigned char t)
>     { if (!entry) { entry = log()->create_log_entry(t);
> entry->init();} }
> 
> So despite the locking in the macros LOG_BEGIN and LOG_END, I managed
> to corrupt the member "entry" of the class DefaultLog.
> 
> Ciao
> 
> Dominik ^_^  ^_^
> 
> _______________________________________________
> AGENTPP mailing list
> AGENTPP at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/agentpp
>

More information about the AGENTPP mailing list