├── README.md └── asan ├── apache-2.4.29 ├── apache-2.4.29-heap-use-after-free-h2_stream_destroy-asan-error.15581 ├── apache-2.4.29-heap-use-after-free-h2_stream_destroy-asan-error.15582 ├── apache-2.4.29-heap-use-after-free-h2_stream_destroy-asan-error.15908 └── apache-2.4.29-heap-use-after-free-h2_stream_destroy-asan-error.18719 ├── apache-2.4.33 ├── apache-2.4.33-SEGV-ap_add_common_vars-asan-error.1587 ├── apache-2.4.33-SEGV-impl_pollset_remove-asan-error.22791 ├── apache-2.4.33-SEGV-impl_pollset_remove-asan-error.28821 ├── apache-2.4.33-heap-use-after-free-add_unless_null-asan-error.15637 ├── apache-2.4.33-heap-use-after-free-add_unless_null-asan-error.18145 ├── apache-2.4.33-heap-use-after-free-add_unless_null-asan-error.6415 ├── apache-2.4.33-heap-use-after-free-ap_add_common_vars-asan-error.10146 ├── apache-2.4.33-heap-use-after-free-ap_add_common_vars-asan-error.13132 ├── apache-2.4.33-heap-use-after-free-ap_add_common_vars-asan-error.13546 ├── apache-2.4.33-heap-use-after-free-ap_add_common_vars-asan-error.14584 ├── apache-2.4.33-heap-use-after-free-ap_add_common_vars-asan-error.16005 ├── apache-2.4.33-heap-use-after-free-ap_add_common_vars-asan-error.26269 ├── apache-2.4.33-heap-use-after-free-ap_add_common_vars-asan-error.27231 ├── apache-2.4.33-heap-use-after-free-ap_add_common_vars-asan-error.31878 ├── apache-2.4.33-heap-use-after-free-ap_add_common_vars-asan-error.32122 ├── apache-2.4.33-heap-use-after-free-ap_add_common_vars-asan-error.3986 ├── apache-2.4.33-heap-use-after-free-ap_add_common_vars-asan-error.611 ├── apache-2.4.33-heap-use-after-free-ap_add_common_vars-asan-error.6877 ├── apache-2.4.33-heap-use-after-free-do_headers_fixup-asan-error.2245 ├── apache-2.4.33-heap-use-after-free-h2_req_add_header-asan-error.27574 ├── apache-2.4.33-heap-use-after-free-h2_request_end_headers-asan-error.28464 ├── apache-2.4.33-heap-use-after-free-set_neg_headers-asan-error.2179 ├── apache-2.4.33-heap-use-after-free-set_neg_headers-asan-error.21932 ├── apache-2.4.33-heap-use-after-free-set_neg_headers-asan-error.3272 ├── apache-2.4.33-heap-use-after-free-set_neg_headers-asan-error.5051 └── apache-2.4.33-heap-use-after-free-set_neg_headers-asan-error.6808 ├── apache-2.4.34 ├── apache-2.4.34-SEGV-impl_pollset_remove-asan-error.11548 ├── apache-2.4.34-SEGV-impl_pollset_remove-asan-error.17207 ├── apache-2.4.34-SEGV-impl_pollset_remove-asan-error.2350 ├── apache-2.4.34-heap-use-after-free-abort_socket_nonblocking-asan-error.28259 ├── apache-2.4.34-heap-use-after-free-add_unless_null-asan-error.12759 ├── apache-2.4.34-heap-use-after-free-ap_add_common_vars-asan-error.14915 ├── apache-2.4.34-heap-use-after-free-ap_add_common_vars-asan-error.2195 ├── apache-2.4.34-heap-use-after-free-ap_add_common_vars-asan-error.27619 ├── apache-2.4.34-heap-use-after-free-ap_add_common_vars-asan-error.29762 ├── apache-2.4.34-heap-use-after-free-ap_add_common_vars-asan-error.6577 ├── apache-2.4.34-heap-use-after-free-ap_add_common_vars-asan-error.7978 ├── apache-2.4.34-heap-use-after-free-ap_add_common_vars-asan-error.8274 ├── apache-2.4.34-heap-use-after-free-do_headers_fixup-asan-error.12866 ├── apache-2.4.34-heap-use-after-free-do_headers_fixup-asan-error.17619 ├── apache-2.4.34-heap-use-after-free-do_headers_fixup-asan-error.18945 ├── apache-2.4.34-heap-use-after-free-do_headers_fixup-asan-error.7763 ├── apache-2.4.34-heap-use-after-free-set_neg_headers-asan-error.13495 ├── apache-2.4.34-heap-use-after-free-set_neg_headers-asan-error.13706 ├── apache-2.4.34-heap-use-after-free-set_neg_headers-asan-error.1551 ├── apache-2.4.34-heap-use-after-free-set_neg_headers-asan-error.17333 ├── apache-2.4.34-heap-use-after-free-set_neg_headers-asan-error.17749 ├── apache-2.4.34-heap-use-after-free-set_neg_headers-asan-error.17778 ├── apache-2.4.34-heap-use-after-free-set_neg_headers-asan-error.19954 ├── apache-2.4.34-heap-use-after-free-set_neg_headers-asan-error.2229 ├── apache-2.4.34-heap-use-after-free-set_neg_headers-asan-error.27706 ├── apache-2.4.34-heap-use-after-free-set_neg_headers-asan-error.32126 └── apache-2.4.34-heap-use-after-free-set_neg_headers-asan-error.9284 ├── apache-2.4.37-without-mod_h2 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.13046 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.13602 ├── apache-2.4.37-heap-use-after-free-do_headers_fixup-asan-error.22107 ├── apache-2.4.37-heap-use-after-free-do_headers_fixup-asan-error.24193 ├── apache-2.4.37-heap-use-after-free-set_neg_headers-asan-error.12053 ├── apache-2.4.37-heap-use-after-free-set_neg_headers-asan-error.13047 ├── apache-2.4.37-heap-use-after-free-set_neg_headers-asan-error.23100 ├── apache-2.4.37-heap-use-after-free-set_neg_headers-asan-error.3921 └── apache-2.4.37-heap-use-after-free-set_neg_headers-asan-error.8676 └── apache-2.4.37 ├── apache-2.4.37-SEGV-ap_add_common_vars-asan-error.1017 ├── apache-2.4.37-heap-use-after-free-add_unless_null-asan-error.27475 ├── apache-2.4.37-heap-use-after-free-add_unless_null-asan-error.3898 ├── apache-2.4.37-heap-use-after-free-add_unless_null-asan-error.4759 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.1017 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.18434 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.1919 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.19893 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.20871 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.20926 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.22065 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.22157 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.22181 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.22341 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.23499 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.23852 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.25655 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.25738 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.2687 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.27286 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.28223 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.29001 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.29699 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.31096 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.31547 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.3158 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.32650 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.5107 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.5638 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.6234 ├── apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.776 ├── apache-2.4.37-heap-use-after-free-ap_http_header_filter-asan-error.26176 ├── apache-2.4.37-heap-use-after-free-ap_set_keepalive-asan-error.16047 ├── apache-2.4.37-heap-use-after-free-ap_set_keepalive-asan-error.28073 ├── apache-2.4.37-heap-use-after-free-ap_set_keepalive-asan-error.31229 ├── apache-2.4.37-heap-use-after-free-compress_filter-asan-error.23709 ├── apache-2.4.37-heap-use-after-free-do_headers_fixup-asan-error.10935 ├── apache-2.4.37-heap-use-after-free-do_headers_fixup-asan-error.14743 ├── apache-2.4.37-heap-use-after-free-do_headers_fixup-asan-error.15219 ├── apache-2.4.37-heap-use-after-free-do_headers_fixup-asan-error.17037 ├── apache-2.4.37-heap-use-after-free-do_headers_fixup-asan-error.21743 ├── apache-2.4.37-heap-use-after-free-do_headers_fixup-asan-error.2663 ├── apache-2.4.37-heap-use-after-free-do_headers_fixup-asan-error.32295 ├── apache-2.4.37-heap-use-after-free-h2_req_add_header-asan-error.10140 ├── apache-2.4.37-heap-use-after-free-h2_request_end_headers-asan-error.2697 ├── apache-2.4.37-heap-use-after-free-set_neg_headers-asan-error.15429 ├── apache-2.4.37-heap-use-after-free-set_neg_headers-asan-error.15696 └── apache-2.4.37-heap-use-after-free-set_neg_headers-asan-error.20236 /README.md: -------------------------------------------------------------------------------- 1 | Apache use after free bugs 2 | ========================== 3 | 4 | While doing some fuzz testing on the apache httpd server 5 | with address sanitizer we regularly observed use after free 6 | bugs. We originally observed these issues in the http2 7 | module, but we were also able to reproduce them without 8 | http2 enabled, so either we're facing multiple bugs or 9 | there's an underlying bug in the core apache code. 10 | 11 | Originally we used fuzzing payloads to trigger this bug, 12 | but we later observed that sending random garbage in 13 | parallel is enough to trigger the bug. 14 | 15 | We reported this behavior to the apache security team for the first 16 | time in June 2018. The apache developers did not seem to take the 17 | issue as seriously as we had expected. 18 | 19 | It was pointed out to us that some fixes already in their code may 20 | fix the issue, however we are still able to reproduce these bugs in 21 | the latest version (2.4.37). 22 | 23 | The apache developers indicated to us that they'd not consider 24 | these security issues unless we can show a practical exploit. 25 | Due to the complexity of the apache code base and our lack 26 | of specialization in binary memory exploitation we feel unable 27 | to do this. It is, however, our belief that use after free bugs 28 | should generally be seen as potential security bugs. 29 | 30 | For this reason, we have chosen to share this information with the 31 | community and hope others will continue the analysis. 32 | 33 | apr pool allocator 34 | ================== 35 | 36 | For memory allocations apache http uses the apr library's 37 | pool allocator that allows reserving a larger chunk of 38 | memory as a pool and do memory allocations within that pool. 39 | This can, and in our case does, hide memory safety issues. 40 | 41 | apr has an option --enable-pool-debug=yes that will cause 42 | a single malloc call for each memory allocation, allowing 43 | the use of memory safety checkers like ASAN. 44 | 45 | The apache developers suggested that our ASAN reports may stem 46 | from an incompatibility between the pool debugger and the http2 47 | module. However we were later able to reproduce these issues 48 | without the http2 module. 49 | 50 | We were also able to reproduce these issues with valgrind and 51 | without the pool allocator. 52 | 53 | 54 | threading related error 55 | ======================= 56 | 57 | In addition to the ASAN use after free reports, httpd logs threading 58 | related errors: 59 | 60 | AH00052: child pid [pid] exit signal Aborted (6) 61 | apache2: tpp.c:84: __pthread_tpp_change_priority: Assertion `new_prio == -1 || (new_prio >= fifo_min_prio && new_prio <= fifo_max_prio)' failed. 62 | 63 | We found a ten year old bug in the Apache bug tracker 64 | mentioning such errors: 65 | https://bz.apache.org/bugzilla/show_bug.cgi?id=46185 66 | 67 | It was closed as "INVALID". 68 | 69 | 70 | asan stack traces 71 | ================= 72 | 73 | We share asan stack traces from these bugs at 74 | https://github.com/hannob/apache-uaf/tree/master/asan 75 | 76 | 77 | reproduction 78 | ============ 79 | 80 | To reproduce the issue: 81 | 82 | 1. Compile apr with the pool debugger and address sanitizer. 83 | 84 | 2. Compile apache with address sanitizer. 85 | 86 | 3. Run a command like this to send random garbage to the server: 87 | for x in $(seq 1 50); do for i in $(seq 1 1000); do head -n 10 /dev/urandom | nc 127.0.0.1 80 & done; sleep 5; done 88 | 89 | The bugs appear very irregularly, you may need to 90 | "attack" it for a while. 91 | 92 | 93 | Hanno Böck 94 | Craig Young (Tripwire VERT) 95 | 96 | Thanks to Markus Vervier and Luis Merino of X41 D-SEC GmbH for double checking. -------------------------------------------------------------------------------- /asan/apache-2.4.29/apache-2.4.29-heap-use-after-free-h2_stream_destroy-asan-error.15581: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==15581==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110000331c8 at pc 0x65c797 bp 0x7f86b63795a0 sp 0x7f86b6379590 3 | WRITE of size 8 at 0x6110000331c8 thread T54 4 | #0 0x65c796 in h2_stream_destroy /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_stream.c:582 5 | #1 0x62f5e3 in stream_destroy_iter /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_mplx.c:336 6 | #2 0x7f86e9eab6c8 in apr_hash_do tables/apr_hash.c:542 7 | #3 0x675201 in h2_ihash_iter /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_util.c:278 8 | #4 0x635a1d in purge_streams /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_mplx.c:344 9 | #5 0x635a1d in h2_mplx_dispatch_master_events /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_mplx.c:1233 10 | #6 0x654bc8 in dispatch_master /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_session.c:1967 11 | #7 0x654bc8 in h2_session_process /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_session.c:2167 12 | #8 0x61f162 in h2_conn_run /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_conn.c:222 13 | #9 0x628378 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_h2.c:659 14 | #10 0x4c5103 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/connection.c:42 15 | #11 0x70d81f in process_socket /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/mpm/event/event.c:1021 16 | #12 0x70f413 in worker_thread /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/mpm/event/event.c:2014 17 | #13 0x7f86e9623686 in start_thread (/lib64/libpthread.so.0+0x7686) 18 | #14 0x7f86e915e73e in __clone (/lib64/libc.so.6+0xf873e) 19 | 20 | 0x6110000331c8 is located 8 bytes inside of 200-byte region [0x6110000331c0,0x611000033288) 21 | freed by thread T54 here: 22 | #0 0x7f86ec14c4e1 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x574e1) 23 | #1 0x7f86e9ec5659 in pool_clear_debug memory/unix/apr_pools.c:1576 24 | 25 | previously allocated by thread T54 here: 26 | #0 0x7f86ec14c772 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57772) 27 | #1 0x7f86e9ec477b in pool_alloc memory/unix/apr_pools.c:1463 28 | 29 | Thread T54 created by T38 here: 30 | #0 0x7f86ec118d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 31 | #1 0x70c0a5 in start_threads /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/mpm/event/event.c:2200 32 | 33 | Thread T38 created by T0 here: 34 | #0 0x7f86ec118d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 35 | #1 0x43ca56 in child_main /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/mpm/event/event.c:2399 36 | 37 | SUMMARY: AddressSanitizer: heap-use-after-free /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_stream.c:582 h2_stream_destroy 38 | Shadow bytes around the buggy address: 39 | 0x0c227fffe5e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 40 | 0x0c227fffe5f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 41 | 0x0c227fffe600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 42 | 0x0c227fffe610: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 43 | 0x0c227fffe620: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa 44 | =>0x0c227fffe630: fa fa fa fa fa fa fa fa fd[fd]fd fd fd fd fd fd 45 | 0x0c227fffe640: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 46 | 0x0c227fffe650: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 47 | 0x0c227fffe660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 | 0x0c227fffe670: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa 49 | 0x0c227fffe680: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 50 | Shadow byte legend (one shadow byte represents 8 application bytes): 51 | Addressable: 00 52 | Partially addressable: 01 02 03 04 05 06 07 53 | Heap left redzone: fa 54 | Heap right redzone: fb 55 | Freed heap region: fd 56 | Stack left redzone: f1 57 | Stack mid redzone: f2 58 | Stack right redzone: f3 59 | Stack partial redzone: f4 60 | Stack after return: f5 61 | Stack use after scope: f8 62 | Global redzone: f9 63 | Global init order: f6 64 | Poisoned by user: f7 65 | Contiguous container OOB:fc 66 | ASan internal: fe 67 | ==15581==ABORTING 68 | -------------------------------------------------------------------------------- /asan/apache-2.4.29/apache-2.4.29-heap-use-after-free-h2_stream_destroy-asan-error.15582: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==15582==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000033bc8 at pc 0x65c797 bp 0x7f86bfddb5a0 sp 0x7f86bfddb590 3 | WRITE of size 8 at 0x611000033bc8 thread T40 4 | ==15582==AddressSanitizer: while reporting a bug found another one.Ignoring. 5 | ==15582==AddressSanitizer: while reporting a bug found another one.Ignoring. 6 | ==15582==AddressSanitizer: while reporting a bug found another one.Ignoring. 7 | #0 0x65c796 in h2_stream_destroy /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_stream.c:582 8 | #1 0x62f5e3 in stream_destroy_iter /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_mplx.c:336 9 | #2 0x7f86e9eab6c8 in apr_hash_do tables/apr_hash.c:542 10 | #3 0x675201 in h2_ihash_iter /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_util.c:278 11 | #4 0x635a1d in purge_streams /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_mplx.c:344 12 | #5 0x635a1d in h2_mplx_dispatch_master_events /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_mplx.c:1233 13 | #6 0x654bc8 in dispatch_master /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_session.c:1967 14 | #7 0x654bc8 in h2_session_process /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_session.c:2167 15 | #8 0x61f162 in h2_conn_run /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_conn.c:222 16 | #9 0x628378 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_h2.c:659 17 | #10 0x4c5103 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/connection.c:42 18 | #11 0x70d81f in process_socket /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/mpm/event/event.c:1021 19 | #12 0x70f413 in worker_thread /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/mpm/event/event.c:2014 20 | #13 0x7f86e9623686 in start_thread (/lib64/libpthread.so.0+0x7686) 21 | #14 0x7f86e915e73e in __clone (/lib64/libc.so.6+0xf873e) 22 | 23 | 0x611000033bc8 is located 8 bytes inside of 200-byte region [0x611000033bc0,0x611000033c88) 24 | freed by thread T40 here: 25 | #0 0x7f86ec14c4e1 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x574e1) 26 | #1 0x7f86e9ec5659 in pool_clear_debug memory/unix/apr_pools.c:1576 27 | 28 | previously allocated by thread T40 here: 29 | #0 0x7f86ec14c772 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57772) 30 | #1 0x7f86e9ec477b in pool_alloc memory/unix/apr_pools.c:1463 31 | 32 | Thread T40 created by T38 here: 33 | #0 0x7f86ec118d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 34 | #1 0x70c0a5 in start_threads /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/mpm/event/event.c:2200 35 | 36 | Thread T38 created by T0 here: 37 | #0 0x7f86ec118d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 38 | #1 0x43ca56 in child_main /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/mpm/event/event.c:2399 39 | 40 | SUMMARY: AddressSanitizer: heap-use-after-free /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_stream.c:582 h2_stream_destroy 41 | Shadow bytes around the buggy address: 42 | 0x0c227fffe720: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 43 | 0x0c227fffe730: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 44 | 0x0c227fffe740: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 45 | 0x0c227fffe750: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 46 | 0x0c227fffe760: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa 47 | =>0x0c227fffe770: fa fa fa fa fa fa fa fa fd[fd]fd fd fd fd fd fd 48 | 0x0c227fffe780: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 49 | 0x0c227fffe790: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 50 | 0x0c227fffe7a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 | 0x0c227fffe7b0: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa 52 | 0x0c227fffe7c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 53 | Shadow byte legend (one shadow byte represents 8 application bytes): 54 | Addressable: 00 55 | Partially addressable: 01 02 03 04 05 06 07 56 | Heap left redzone: fa 57 | Heap right redzone: fb 58 | Freed heap region: fd 59 | Stack left redzone: f1 60 | Stack mid redzone: f2 61 | Stack right redzone: f3 62 | Stack partial redzone: f4 63 | Stack after return: f5 64 | Stack use after scope: f8 65 | Global redzone: f9 66 | Global init order: f6 67 | Poisoned by user: f7 68 | Contiguous container OOB:fc 69 | ASan internal: fe 70 | ==15582==ABORTING 71 | -------------------------------------------------------------------------------- /asan/apache-2.4.29/apache-2.4.29-heap-use-after-free-h2_stream_destroy-asan-error.15908: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==15908==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000029308 at pc 0x65c797 bp 0x7f86be7cd5a0 sp 0x7f86be7cd590 3 | WRITE of size 8 at 0x611000029308 thread T42 4 | #0 0x65c796 in h2_stream_destroy /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_stream.c:582 5 | #1 0x62f5e3 in stream_destroy_iter /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_mplx.c:336 6 | #2 0x7f86e9eab6c8 in apr_hash_do tables/apr_hash.c:542 7 | #3 0x675201 in h2_ihash_iter /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_util.c:278 8 | #4 0x635a1d in purge_streams /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_mplx.c:344 9 | #5 0x635a1d in h2_mplx_dispatch_master_events /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_mplx.c:1233 10 | #6 0x654bc8 in dispatch_master /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_session.c:1967 11 | #7 0x654bc8 in h2_session_process /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_session.c:2167 12 | #8 0x61f162 in h2_conn_run /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_conn.c:222 13 | #9 0x628378 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_h2.c:659 14 | #10 0x4c5103 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/connection.c:42 15 | #11 0x70d81f in process_socket /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/mpm/event/event.c:1021 16 | #12 0x70f413 in worker_thread /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/mpm/event/event.c:2014 17 | #13 0x7f86e9623686 in start_thread (/lib64/libpthread.so.0+0x7686) 18 | #14 0x7f86e915e73e in __clone (/lib64/libc.so.6+0xf873e) 19 | 20 | 0x611000029308 is located 8 bytes inside of 200-byte region [0x611000029300,0x6110000293c8) 21 | freed by thread T42 here: 22 | #0 0x7f86ec14c4e1 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x574e1) 23 | #1 0x7f86e9ec5659 in pool_clear_debug memory/unix/apr_pools.c:1576 24 | 25 | previously allocated by thread T42 here: 26 | #0 0x7f86ec14c772 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57772) 27 | #1 0x7f86e9ec477b in pool_alloc memory/unix/apr_pools.c:1463 28 | 29 | Thread T42 created by T38 here: 30 | #0 0x7f86ec118d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 31 | #1 0x70c0a5 in start_threads /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/mpm/event/event.c:2200 32 | 33 | Thread T38 created by T0 here: 34 | #0 0x7f86ec118d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 35 | #1 0x43ca56 in child_main /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/mpm/event/event.c:2399 36 | 37 | SUMMARY: AddressSanitizer: heap-use-after-free /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_stream.c:582 h2_stream_destroy 38 | Shadow bytes around the buggy address: 39 | 0x0c227fffd210: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 40 | 0x0c227fffd220: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 41 | 0x0c227fffd230: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 42 | 0x0c227fffd240: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 43 | 0x0c227fffd250: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa 44 | =>0x0c227fffd260: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd 45 | 0x0c227fffd270: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa 46 | 0x0c227fffd280: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 47 | 0x0c227fffd290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 | 0x0c227fffd2a0: 00 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa 49 | 0x0c227fffd2b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 | Shadow byte legend (one shadow byte represents 8 application bytes): 51 | Addressable: 00 52 | Partially addressable: 01 02 03 04 05 06 07 53 | Heap left redzone: fa 54 | Heap right redzone: fb 55 | Freed heap region: fd 56 | Stack left redzone: f1 57 | Stack mid redzone: f2 58 | Stack right redzone: f3 59 | Stack partial redzone: f4 60 | Stack after return: f5 61 | Stack use after scope: f8 62 | Global redzone: f9 63 | Global init order: f6 64 | Poisoned by user: f7 65 | Contiguous container OOB:fc 66 | ASan internal: fe 67 | ==15908==ABORTING 68 | -------------------------------------------------------------------------------- /asan/apache-2.4.29/apache-2.4.29-heap-use-after-free-h2_stream_destroy-asan-error.18719: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==18719==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000051d08 at pc 0x65c797 bp 0x7f86bbbb15a0 sp 0x7f86bbbb1590 3 | WRITE of size 8 at 0x611000051d08 thread T46 4 | #0 0x65c796 in h2_stream_destroy /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_stream.c:582 5 | #1 0x62f5e3 in stream_destroy_iter /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_mplx.c:336 6 | #2 0x7f86e9eab6c8 in apr_hash_do tables/apr_hash.c:542 7 | #3 0x675201 in h2_ihash_iter /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_util.c:278 8 | #4 0x635a1d in purge_streams /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_mplx.c:344 9 | #5 0x635a1d in h2_mplx_dispatch_master_events /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_mplx.c:1233 10 | #6 0x654bc8 in dispatch_master /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_session.c:1967 11 | #7 0x654bc8 in h2_session_process /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_session.c:2167 12 | #8 0x61f162 in h2_conn_run /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_conn.c:222 13 | #9 0x628378 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_h2.c:659 14 | ==18719==AddressSanitizer: while reporting a bug found another one.Ignoring. 15 | #10 0x4c5103 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/connection.c:42 16 | #11 0x70d81f in process_socket /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/mpm/event/event.c:1021 17 | #12 0x70f413 in worker_thread /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/mpm/event/event.c:2014 18 | #13 0x7f86e9623686 in start_thread (/lib64/libpthread.so.0+0x7686) 19 | #14 0x7f86e915e73e in __clone (/lib64/libc.so.6+0xf873e) 20 | 21 | 0x611000051d08 is located 8 bytes inside of 200-byte region [0x611000051d00,0x611000051dc8) 22 | freed by thread T46 here: 23 | #0 0x7f86ec14c4e1 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x574e1) 24 | #1 0x7f86e9ec5659 in pool_clear_debug memory/unix/apr_pools.c:1576 25 | 26 | previously allocated by thread T46 here: 27 | #0 0x7f86ec14c772 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57772) 28 | #1 0x7f86e9ec477b in pool_alloc memory/unix/apr_pools.c:1463 29 | 30 | Thread T46 created by T38 here: 31 | #0 0x7f86ec118d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 32 | #1 0x70c0a5 in start_threads /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/mpm/event/event.c:2200 33 | 34 | Thread T38 created by T0 here: 35 | #0 0x7f86ec118d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 36 | #1 0x43ca56 in child_main /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/server/mpm/event/event.c:2399 37 | 38 | SUMMARY: AddressSanitizer: heap-use-after-free /var/tmp/portage/www-servers/apache-2.4.29-r1/work/httpd-2.4.29/modules/http2/h2_stream.c:582 h2_stream_destroy 39 | Shadow bytes around the buggy address: 40 | 0x0c2280002350: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 41 | 0x0c2280002360: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 42 | 0x0c2280002370: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 43 | 0x0c2280002380: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 44 | 0x0c2280002390: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa 45 | =>0x0c22800023a0: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd 46 | 0x0c22800023b0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa 47 | 0x0c22800023c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 48 | 0x0c22800023d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 49 | 0x0c22800023e0: 00 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa 50 | 0x0c22800023f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 | Shadow byte legend (one shadow byte represents 8 application bytes): 52 | Addressable: 00 53 | Partially addressable: 01 02 03 04 05 06 07 54 | Heap left redzone: fa 55 | Heap right redzone: fb 56 | Freed heap region: fd 57 | Stack left redzone: f1 58 | Stack mid redzone: f2 59 | Stack right redzone: f3 60 | Stack partial redzone: f4 61 | Stack after return: f5 62 | Stack use after scope: f8 63 | Global redzone: f9 64 | Global init order: f6 65 | Poisoned by user: f7 66 | Contiguous container OOB:fc 67 | ASan internal: fe 68 | ==18719==ABORTING 69 | -------------------------------------------------------------------------------- /asan/apache-2.4.33/apache-2.4.33-SEGV-ap_add_common_vars-asan-error.1587: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==1587==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fd4e717240b sp 0x7fd4bfbc4590 bp 0x7fd4e71723d0 T36) 3 | #0 0x7fd4e717240a in pool_find memory/unix/apr_pools.c:1961 4 | #1 0x7fd4e7172a7b in apr_pool_walk_tree memory/unix/apr_pools.c:1219 5 | #2 0x7fd4e7172b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 6 | #3 0x7fd4e7172b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 7 | #4 0x7fd4e7172b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 8 | #5 0x7fd4e7172b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 9 | #6 0x7fd4e7175672 in apr_pool_find memory/unix/apr_pools.c:1979 10 | #7 0x7fd4e7161151 in apr_table_addn tables/apr_tables.c:819 11 | #8 0x4c0354 in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/util_script.c:249 12 | #9 0x533cfd in includes_filter /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/filters/mod_include.c:3902 13 | #10 0x45b88f in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/util_filter.c:609 14 | #11 0x6eca95 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/mappers/mod_negotiation.c:3048 15 | #12 0x4acbc3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/config.c:170 16 | #13 0x4ad750 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/config.c:444 17 | #14 0x56742b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_request.c:772 18 | #15 0x56a00e in ap_process_async_request /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_request.c:459 19 | #16 0x56ac4a in ap_process_request /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_request.c:471 20 | #17 0x66ff55 in h2_task_process_request /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_task.c:678 21 | #18 0x66ff55 in h2_task_process_conn /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_task.c:725 22 | #19 0x4c6b53 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:42 23 | #20 0x674161 in h2_task_do /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_task.c:635 24 | #21 0x67f459 in slot_run /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_workers.c:231 25 | #22 0x7fd4e68d1686 in start_thread (/lib64/libpthread.so.0+0x7686) 26 | #23 0x7fd4e640c73e in __clone (/lib64/libc.so.6+0xf873e) 27 | 28 | AddressSanitizer can not provide additional info. 29 | SUMMARY: AddressSanitizer: SEGV memory/unix/apr_pools.c:1961 pool_find 30 | Thread T36 created by T0 here: 31 | #0 0x7fd4e93c6d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 32 | #1 0x67f0bd in activate_slot /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_workers.c:106 33 | 34 | ==1587==ABORTING 35 | -------------------------------------------------------------------------------- /asan/apache-2.4.33/apache-2.4.33-SEGV-impl_pollset_remove-asan-error.22791: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==22791==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7fa02a32f4f4 sp 0x7ffd56772750 bp 0x7ffd56772770 T0) 3 | #0 0x7fa02a32f4f3 in impl_pollset_remove poll/unix/epoll.c:219 4 | #1 0x712621 in disable_listensocks /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:470 5 | #2 0x7126c2 in wakeup_listener /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:578 6 | #3 0x7128fc in signal_threads /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:627 7 | #4 0x43e9f5 in child_main /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2579 8 | #5 0x713794 in make_child /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2663 9 | #6 0x714992 in perform_idle_server_maintenance /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2846 10 | #7 0x714992 in server_main_loop /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2974 11 | #8 0x714992 in event_run /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:3051 12 | #9 0x456c80 in ap_run_mpm /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm_common.c:94 13 | #10 0x440a27 in main /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/main.c:818 14 | #11 0x7fa0294dc4df in __libc_start_main (/lib64/libc.so.6+0x204df) 15 | #12 0x442169 in _start (/usr/sbin/apache2+0x442169) 16 | 17 | AddressSanitizer can not provide additional info. 18 | SUMMARY: AddressSanitizer: SEGV poll/unix/epoll.c:219 impl_pollset_remove 19 | ==22791==ABORTING 20 | -------------------------------------------------------------------------------- /asan/apache-2.4.33/apache-2.4.33-SEGV-impl_pollset_remove-asan-error.28821: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==28821==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7fa4b76ba4f4 sp 0x7ffd31537570 bp 0x7ffd31537590 T0) 3 | #0 0x7fa4b76ba4f3 in impl_pollset_remove poll/unix/epoll.c:219 4 | #1 0x712651 in disable_listensocks /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:470 5 | #2 0x7126f2 in wakeup_listener /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:578 6 | #3 0x71292c in signal_threads /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:627 7 | #4 0x43e9f5 in child_main /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2579 8 | #5 0x7137c4 in make_child /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2663 9 | #6 0x71392a in startup_children /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2687 10 | #7 0x71577b in event_run /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:3032 11 | #8 0x456c80 in ap_run_mpm /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm_common.c:94 12 | #9 0x440a27 in main /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/main.c:818 13 | #10 0x7fa4b68674df in __libc_start_main (/lib64/libc.so.6+0x204df) 14 | #11 0x442169 in _start (/usr/sbin/apache2+0x442169) 15 | 16 | AddressSanitizer can not provide additional info. 17 | SUMMARY: AddressSanitizer: SEGV poll/unix/epoll.c:219 impl_pollset_remove 18 | ==28821==ABORTING 19 | -------------------------------------------------------------------------------- /asan/apache-2.4.33/apache-2.4.33-heap-use-after-free-add_unless_null-asan-error.15637: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==15637==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190001b7bc8 at pc 0x7f43dcb4a50d bp 0x7f43b567d540 sp 0x7f43b567d530 3 | READ of size 8 at 0x6190001b7bc8 thread T36 4 | #0 0x7f43dcb4a50c in pool_find memory/unix/apr_pools.c:1962 5 | #1 0x7f43dcb4aa7b in apr_pool_walk_tree memory/unix/apr_pools.c:1219 6 | #2 0x7f43dcb4ab0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 7 | #3 0x7f43dcb4ab0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 8 | #4 0x7f43dcb4ab0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 9 | #5 0x7f43dcb4ab0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 10 | #6 0x7f43dcb4ab0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 11 | #7 0x7f43dcb4d672 in apr_pool_find memory/unix/apr_pools.c:1979 12 | #8 0x7f43dcb39151 in apr_table_addn tables/apr_tables.c:819 13 | #9 0x4c0a1d in add_unless_null /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/util_script.c:91 14 | #10 0x4c0a1d in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/util_script.c:211 15 | #11 0x533cfd in includes_filter /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/filters/mod_include.c:3902 16 | #12 0x45b88f in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/util_filter.c:609 17 | #13 0x6eca95 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/mappers/mod_negotiation.c:3048 18 | #14 0x4acbc3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/config.c:170 19 | #15 0x4ad750 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/config.c:444 20 | #16 0x56742b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_request.c:772 21 | #17 0x56a00e in ap_process_async_request /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_request.c:459 22 | #18 0x56ac4a in ap_process_request /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_request.c:471 23 | #19 0x66ff55 in h2_task_process_request /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_task.c:678 24 | #20 0x66ff55 in h2_task_process_conn /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_task.c:725 25 | #21 0x4c6b53 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:42 26 | #22 0x674161 in h2_task_do /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_task.c:635 27 | #23 0x67f459 in slot_run /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_workers.c:231 28 | #24 0x7f43dc2a9686 in start_thread (/lib64/libpthread.so.0+0x7686) 29 | #25 0x7f43dbde473e in __clone (/lib64/libc.so.6+0xf873e) 30 | 31 | 0x6190001b7bc8 is located 72 bytes inside of 1040-byte region [0x6190001b7b80,0x6190001b7f90) 32 | freed by thread T63 here: 33 | #0 0x7f43dedd24e1 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x574e1) 34 | #1 0x7f43dcb4b6e8 in pool_clear_debug memory/unix/apr_pools.c:1580 35 | 36 | previously allocated by thread T63 here: 37 | #0 0x7f43dedd2772 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57772) 38 | #1 0x7f43dcb4a8c9 in pool_alloc memory/unix/apr_pools.c:1472 39 | 40 | Thread T36 created by T0 here: 41 | #0 0x7f43ded9ed1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 42 | #1 0x67f0bd in activate_slot /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_workers.c:106 43 | 44 | Thread T63 created by T38 here: 45 | #0 0x7f43ded9ed1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 46 | #1 0x711ec5 in start_threads /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2312 47 | 48 | Thread T38 created by T0 here: 49 | #0 0x7f43ded9ed1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 50 | #1 0x43e892 in child_main /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2514 51 | 52 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:1962 pool_find 53 | Shadow bytes around the buggy address: 54 | 0x0c328002ef20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 55 | 0x0c328002ef30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 56 | 0x0c328002ef40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 57 | 0x0c328002ef50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 58 | 0x0c328002ef60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 59 | =>0x0c328002ef70: fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd 60 | 0x0c328002ef80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 61 | 0x0c328002ef90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 62 | 0x0c328002efa0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 63 | 0x0c328002efb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 64 | 0x0c328002efc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 65 | Shadow byte legend (one shadow byte represents 8 application bytes): 66 | Addressable: 00 67 | Partially addressable: 01 02 03 04 05 06 07 68 | Heap left redzone: fa 69 | Heap right redzone: fb 70 | Freed heap region: fd 71 | Stack left redzone: f1 72 | Stack mid redzone: f2 73 | Stack right redzone: f3 74 | Stack partial redzone: f4 75 | Stack after return: f5 76 | Stack use after scope: f8 77 | Global redzone: f9 78 | Global init order: f6 79 | Poisoned by user: f7 80 | Contiguous container OOB:fc 81 | ASan internal: fe 82 | ==15637==ABORTING 83 | -------------------------------------------------------------------------------- /asan/apache-2.4.33/apache-2.4.33-heap-use-after-free-add_unless_null-asan-error.6415: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==6415==ERROR: AddressSanitizer: heap-use-after-free on address 0x60e0000b5998 at pc 0x7fd4e7175bf2 bp 0x7fd4b1f384a0 sp 0x7fd4b1f38490 3 | READ of size 8 at 0x60e0000b5998 thread T56 4 | #0 0x7fd4e7175bf1 in apr_pool_is_ancestor memory/unix/apr_pools.c:2103 5 | #1 0x7fd4e716115c in apr_table_addn tables/apr_tables.c:819 6 | #2 0x4c0a1d in add_unless_null /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/util_script.c:91 7 | #3 0x4c0a1d in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/util_script.c:211 8 | #4 0x533cfd in includes_filter /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/filters/mod_include.c:3902 9 | #5 0x45b88f in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/util_filter.c:609 10 | #6 0x6eca95 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/mappers/mod_negotiation.c:3048 11 | #7 0x4acbc3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/config.c:170 12 | #8 0x4ad750 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/config.c:444 13 | #9 0x56742b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_request.c:772 14 | #10 0x46d9f8 in ap_read_request /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/protocol.c:1405 15 | #11 0x55f47e in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_core.c:146 16 | #12 0x55f47e in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_core.c:248 17 | #13 0x4c6b53 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:42 18 | #14 0x70f9dd in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1048 19 | #15 0x71320f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 20 | #16 0x7fd4e68d1686 in start_thread (/lib64/libpthread.so.0+0x7686) 21 | -------------------------------------------------------------------------------- /asan/apache-2.4.33/apache-2.4.33-heap-use-after-free-ap_add_common_vars-asan-error.10146: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==10146==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190002cc488 at pc 0x7fa4b76a54e5 bp 0x7fa485087290 sp 0x7fa485087280 3 | READ of size 4 at 0x6190002cc488 thread T52 4 | #0 0x7fa4b76a54e4 in pool_find memory/unix/apr_pools.c:1961 5 | #1 0x7fa4b76a5a7b in apr_pool_walk_tree memory/unix/apr_pools.c:1219 6 | #2 0x7fa4b76a5b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 7 | #3 0x7fa4b76a5b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 8 | #4 0x7fa4b76a5b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 9 | #5 0x7fa4b76a5b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 10 | #6 0x7fa4b76a5b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 11 | #7 0x7fa4b76a8672 in apr_pool_find memory/unix/apr_pools.c:1979 12 | #8 0x7fa4b7694151 in apr_table_addn tables/apr_tables.c:819 13 | #9 0x4c0397 in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/util_script.c:251 14 | #10 0x533cfd in includes_filter /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/filters/mod_include.c:3902 15 | #11 0x45b88f in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/util_filter.c:609 16 | #12 0x6ecac5 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/mappers/mod_negotiation.c:3048 17 | #13 0x4acbc3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/config.c:170 18 | #14 0x4ad750 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/config.c:444 19 | #15 0x56742b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_request.c:772 20 | #16 0x46d9f8 in ap_read_request /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/protocol.c:1405 21 | #17 0x55f47e in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_core.c:146 22 | #18 0x55f47e in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_core.c:248 23 | #19 0x4c6b53 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:42 24 | #20 0x70fa0d in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1048 25 | #21 0x71323f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 26 | #22 0x7fa4b6e04686 in start_thread (/lib64/libpthread.so.0+0x7686) 27 | #23 0x7fa4b693f73e in __clone (/lib64/libc.so.6+0xf873e) 28 | 29 | 0x6190002cc488 is located 8 bytes inside of 1040-byte region [0x6190002cc480,0x6190002cc890) 30 | freed by thread T58 here: 31 | #0 0x7fa4b992d4e1 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x574e1) 32 | #1 0x7fa4b76a66e8 in pool_clear_debug memory/unix/apr_pools.c:1580 33 | #2 0x7fa4b76a5f2b in pool_destroy_debug memory/unix/apr_pools.c:1638 34 | #3 0x7fa4b76a6277 in pool_clear_debug memory/unix/apr_pools.c:1550 35 | #4 0x7fa4b76a5f2b in pool_destroy_debug memory/unix/apr_pools.c:1638 36 | #5 0x65d269 in h2_session_pre_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:2286 37 | #6 0x623a5b in h2_conn_pre_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_conn.c:253 38 | #7 0x4c7113 in ap_run_pre_close_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:44 39 | #8 0x4c73b8 in ap_prep_lingering_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:101 40 | #9 0x4c740b in ap_start_lingering_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:129 41 | #10 0x70f8e9 in start_lingering_close_blocking /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:804 42 | #11 0x70f8e9 in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1208 43 | #12 0x71323f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 44 | #13 0x7fa4b6e04686 in start_thread (/lib64/libpthread.so.0+0x7686) 45 | #14 0x7fa4b693f73e in __clone (/lib64/libc.so.6+0xf873e) 46 | 47 | previously allocated by thread T58 here: 48 | #0 0x7fa4b992d772 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57772) 49 | #1 0x7fa4b76a58c9 in pool_alloc memory/unix/apr_pools.c:1472 50 | #2 0x7fa4b76a774d in apr_pcalloc_debug memory/unix/apr_pools.c:1520 51 | #3 0x7fa4b76a5007 in apr_thread_mutex_create locks/unix/thread_mutex.c:50 52 | #4 0x7fa4b76a7c90 in apr_pool_create_ex_debug memory/unix/apr_pools.c:1761 53 | #5 0x63436d in h2_mplx_create /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_mplx.c:185 54 | #6 0x646f79 in h2_session_create_int /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:819 55 | #7 0x6232e7 in h2_conn_setup /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_conn.c:201 56 | #8 0x62ca70 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_h2.c:651 57 | #9 0x4c6b53 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:42 58 | #10 0x70fa0d in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1048 59 | #11 0x71323f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 60 | #12 0x7fa4b6e04686 in start_thread (/lib64/libpthread.so.0+0x7686) 61 | #13 0x7fa4b693f73e in __clone (/lib64/libc.so.6+0xf873e) 62 | 63 | Thread T52 created by T38 here: 64 | #0 0x7fa4b98f9d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 65 | #1 0x711ef5 in start_threads /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2312 66 | 67 | Thread T38 created by T0 here: 68 | #0 0x7fa4b98f9d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 69 | #1 0x43e892 in child_main /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2514 70 | 71 | Thread T58 created by T38 here: 72 | #0 0x7fa4b98f9d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 73 | #1 0x711ef5 in start_threads /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2312 74 | 75 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:1961 pool_find 76 | Shadow bytes around the buggy address: 77 | 0x0c3280051840: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 78 | 0x0c3280051850: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 79 | 0x0c3280051860: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 80 | 0x0c3280051870: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 81 | 0x0c3280051880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 82 | =>0x0c3280051890: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd 83 | 0x0c32800518a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 84 | 0x0c32800518b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 85 | 0x0c32800518c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 86 | 0x0c32800518d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 87 | 0x0c32800518e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 88 | Shadow byte legend (one shadow byte represents 8 application bytes): 89 | Addressable: 00 90 | Partially addressable: 01 02 03 04 05 06 07 91 | Heap left redzone: fa 92 | Heap right redzone: fb 93 | Freed heap region: fd 94 | Stack left redzone: f1 95 | Stack mid redzone: f2 96 | Stack right redzone: f3 97 | Stack partial redzone: f4 98 | Stack after return: f5 99 | Stack use after scope: f8 100 | Global redzone: f9 101 | Global init order: f6 102 | Poisoned by user: f7 103 | Contiguous container OOB:fc 104 | ASan internal: fe 105 | ==10146==ABORTING 106 | -------------------------------------------------------------------------------- /asan/apache-2.4.33/apache-2.4.33-heap-use-after-free-ap_add_common_vars-asan-error.13132: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==13132==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190001b7b88 at pc 0x7ff7905574e5 bp 0x7ff759448250 sp 0x7ff759448240 3 | READ of size 4 at 0x6190001b7b88 thread T56 4 | #0 0x7ff7905574e4 in pool_find memory/unix/apr_pools.c:1961 5 | #1 0x7ff790557a7b in apr_pool_walk_tree memory/unix/apr_pools.c:1219 6 | #2 0x7ff790557b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 7 | #3 0x7ff790557b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 8 | #4 0x7ff790557b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 9 | #5 0x7ff790557b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 10 | #6 0x7ff790557b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 11 | #7 0x7ff790557b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 12 | #8 0x7ff79055a672 in apr_pool_find memory/unix/apr_pools.c:1979 13 | #9 0x7ff79054617e in apr_table_addn tables/apr_tables.c:823 14 | #10 0x4c062b in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/util_script.c:272 15 | #11 0x533cfd in includes_filter /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/filters/mod_include.c:3902 16 | #12 0x45b88f in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/util_filter.c:609 17 | #13 0x6eca95 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/mappers/mod_negotiation.c:3048 18 | #14 0x4acbc3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/config.c:170 19 | #15 0x4ad750 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/config.c:444 20 | #16 0x56742b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_request.c:772 21 | #17 0x46c25f in ap_read_request /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/protocol.c:1282 22 | #18 0x55f47e in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_core.c:146 23 | #19 0x55f47e in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_core.c:248 24 | #20 0x4c6b53 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:42 25 | #21 0x70f9dd in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1048 26 | #22 0x71320f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 27 | #23 0x7ff78fcb6686 in start_thread (/lib64/libpthread.so.0+0x7686) 28 | #24 0x7ff78f7f173e in __clone (/lib64/libc.so.6+0xf873e) 29 | 30 | 0x6190001b7b88 is located 107271104985928 bytes inside==13132==AddressSanitizer: while reporting a bug found another one.Ignoring. 31 | -------------------------------------------------------------------------------- /asan/apache-2.4.33/apache-2.4.33-heap-use-after-free-ap_add_common_vars-asan-error.27231: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==27231==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190001ad188 at pc 0x7fd4e71724e5 bp 0x7fd4bc4a12d0 sp 0x7fd4bc4a12c0 3 | READ of size 4 at 0x6190001ad188 thread T41 4 | #0 0x7fd4e71724e4 in pool_find memory/unix/apr_pools.c:1961 5 | #1 0x7fd4e7172a7b in apr_pool_walk_tree memory/unix/apr_pools.c:1219 6 | #2 0x7fd4e7172b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 7 | #3 0x7fd4e7172b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 8 | #4 0x7fd4e7172b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 9 | #5 0x7fd4e7172b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 10 | #6 0x7fd4e7175672 in apr_pool_find memory/unix/apr_pools.c:1979 11 | #7 0x7fd4e7161151 in apr_table_addn tables/apr_tables.c:819 12 | #8 0x4c030c in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/util_script.c:247 13 | #9 0x533cfd in includes_filter /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/filters/mod_include.c:3902 14 | #10 0x45b88f in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/util_filter.c:609 15 | #11 0x6eca95 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/mappers/mod_negotiation.c:3048 16 | #12 0x4acbc3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/config.c:170 17 | #13 0x4ad750 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/config.c:444 18 | #14 0x56742b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_request.c:772 19 | #15 0x46c25f in ap_read_request /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/protocol.c:1282 20 | #16 0x55f47e in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_core.c:146 21 | #17 0x55f47e in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_core.c:248 22 | #18 0x4c6b53 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:42 23 | #19 0x70f9dd in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1048 24 | #20 0x71320f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 25 | #21 0x7fd4e68d1686 in start_thread (/lib64/libpthread.so.0+0x7686) 26 | #22 0x7fd4e640c73e in __clone (/lib64/libc.so.6+0xf873e) 27 | 28 | 0x6190001ad188 is located 8 bytes inside of 1040-byte region [0x6190001ad180,0x6190001ad590) 29 | freed by thread T39 here: 30 | #0 0x7fd4e93fa4e1 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x574e1) 31 | #1 0x7fd4e71736e8 in pool_clear_debug memory/unix/apr_pools.c:1580 32 | #2 0x7fd4e7172f2b in pool_destroy_debug memory/unix/apr_pools.c:1638 33 | #3 0x65d269 in h2_session_pre_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:2286 34 | #4 0x623a5b in h2_conn_pre_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_conn.c:253 35 | #5 0x4c7113 in ap_run_pre_close_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:44 36 | #6 0x4c73b8 in ap_prep_lingering_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:101 37 | #7 0x4c740b in ap_start_lingering_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:129 38 | #8 0x70f8b9 in start_lingering_close_blocking /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:804 39 | #9 0x70f8b9 in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1208 40 | #10 0x71320f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 41 | #11 0x7fd4e68d1686 in start_thread (/lib64/libpthread.so.0+0x7686) 42 | #12 0x7fd4e640c73e in __clone (/lib64/libc.so.6+0xf873e) 43 | 44 | previously allocated by thread T39 here: 45 | #0 0x7fd4e93fa772 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57772) 46 | #1 0x7fd4e71728c9 in pool_alloc memory/unix/apr_pools.c:1472 47 | #2 0x7fd4e717474d in apr_pcalloc_debug memory/unix/apr_pools.c:1520 48 | #3 0x7fd4e7172007 in apr_thread_mutex_create locks/unix/thread_mutex.c:50 49 | #4 0x7fd4e7174c90 in apr_pool_create_ex_debug memory/unix/apr_pools.c:1761 50 | #5 0x646a76 in h2_session_create_int /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:754 51 | #6 0x6232e7 in h2_conn_setup /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_conn.c:201 52 | #7 0x62ca70 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_h2.c:651 53 | #8 0x4c6b53 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:42 54 | #9 0x70f9dd in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1048 55 | #10 0x71320f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 56 | #11 0x7fd4e68d1686 in start_thread (/lib64/libpthread.so.0+0x7686) 57 | #12 0x7fd4e640c73e in __clone (/lib64/libc.so.6+0xf873e) 58 | 59 | Thread T41 created by T38 here: 60 | #0 0x7fd4e93c6d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 61 | #1 0x711ec5 in start_threads /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2312 62 | 63 | Thread T38 created by T0 here: 64 | #0 0x7fd4e93c6d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 65 | #1 0x43e892 in child_main /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2514 66 | 67 | Thread T39 created by T38 here: 68 | #0 0x7fd4e93c6d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 69 | #1 0x711ec5 in start_threads /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2312 70 | 71 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:1961 pool_find 72 | Shadow bytes around the buggy address: 73 | 0x0c328002d9e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 74 | 0x0c328002d9f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 75 | 0x0c328002da00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 76 | 0x0c328002da10: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 77 | 0x0c328002da20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 78 | =>0x0c328002da30: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd 79 | 0x0c328002da40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 80 | 0x0c328002da50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 81 | 0x0c328002da60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 82 | 0x0c328002da70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 83 | 0x0c328002da80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 84 | Shadow byte legend (one shadow byte represents 8 application bytes): 85 | Addressable: 00 86 | Partially addressable: 01 02 03 04 05 06 07 87 | Heap left redzone: fa 88 | Heap right redzone: fb 89 | Freed heap region: fd 90 | Stack left redzone: f1 91 | Stack mid redzone: f2 92 | Stack right redzone: f3 93 | Stack partial redzone: f4 94 | Stack after return: f5 95 | Stack use after scope: f8 96 | Global redzone: f9 97 | Global init order: f6 98 | Poisoned by user: f7 99 | Contiguous container OOB:fc 100 | ASan internal: fe 101 | ==27231==ABORTING 102 | -------------------------------------------------------------------------------- /asan/apache-2.4.33/apache-2.4.33-heap-use-after-free-ap_add_common_vars-asan-error.31878: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==31878==ERROR: AddressSanitizer: heap-use-after-free on address 0x619000188de0 at pc 0x7fb49605950d bp 0x7fb4692732d0 sp 0x7fb4692732c0 3 | READ of size 8 at 0x619000188de0 thread T44 4 | #0 0x7fb49605950c in pool_find memory/unix/apr_pools.c:1962 5 | #1 0x7fb496059a7b in apr_pool_walk_tree memory/unix/apr_pools.c:1219 6 | #2 0x7fb496059b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 7 | #3 0x7fb496059b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 8 | #4 0x7fb496059b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 9 | #5 0x7fb496059b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 10 | #6 0x7fb49605c672 in apr_pool_find memory/unix/apr_pools.c:1979 11 | #7 0x7fb49604817e in apr_table_addn tables/apr_tables.c:823 12 | #8 0x4c030c in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/util_script.c:247 13 | #9 0x533cfd in includes_filter /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/filters/mod_include.c:3902 14 | #10 0x45b88f in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/util_filter.c:609 15 | #11 0x6eca95 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/mappers/mod_negotiation.c:3048 16 | #12 0x4acbc3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/config.c:170 17 | #13 0x4ad750 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/config.c:444 18 | #14 0x56742b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_request.c:772 19 | #15 0x46c25f in ap_read_request /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/protocol.c:1282 20 | #16 0x55f47e in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_core.c:146 21 | #17 0x55f47e in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_core.c:248 22 | #18 0x4c6b53 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:42 23 | #19 0x70f9dd in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1048 24 | #20 0x71320f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 25 | #21 0x7fb4957b8686 in start_thread (/lib64/libpthread.so.0+0x7686) 26 | #22 0x7fb4952f373e in __clone (/lib64/libc.so.6+0xf873e) 27 | 28 | 0x619000188de0 is located 96 bytes inside of 1040-byte region [0x619000188d80,0x619000189190) 29 | freed by thread T45 here: 30 | #0 0x7fb4982e14e1 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x574e1) 31 | #1 0x7fb49605a6e8 in pool_clear_debug memory/unix/apr_pools.c:1580 32 | #2 0x7fb496059f2b in pool_destroy_debug memory/unix/apr_pools.c:1638 33 | #3 0x65d269 in h2_session_pre_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:2286 34 | #4 0x623a5b in h2_conn_pre_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_conn.c:253 35 | #5 0x4c7113 in ap_run_pre_close_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:44 36 | #6 0x4c73b8 in ap_prep_lingering_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:101 37 | #7 0x4c740b in ap_start_lingering_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:129 38 | #8 0x70f8b9 in start_lingering_close_blocking /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:804 39 | #9 0x70f8b9 in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1208 40 | #10 0x71320f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 41 | #11 0x7fb4957b8686 in start_thread (/lib64/libpthread.so.0+0x7686) 42 | #12 0x7fb4952f373e in __clone (/lib64/libc.so.6+0xf873e) 43 | 44 | previously allocated by thread T45 here: 45 | #0 0x7fb4982e1772 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57772) 46 | #1 0x7fb4960598c9 in pool_alloc memory/unix/apr_pools.c:1472 47 | #2 0x7fb49605b74d in apr_pcalloc_debug memory/unix/apr_pools.c:1520 48 | #3 0x7fb496059007 in apr_thread_mutex_create locks/unix/thread_mutex.c:50 49 | #4 0x7fb49605bc90 in apr_pool_create_ex_debug memory/unix/apr_pools.c:1761 50 | #5 0x646a76 in h2_session_create_int /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:754 51 | #6 0x6232e7 in h2_conn_setup /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_conn.c:201 52 | #7 0x62ca70 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_h2.c:651 53 | #8 0x4c6b53 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:42 54 | #9 0x70f9dd in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1048 55 | #10 0x71320f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 56 | #11 0x7fb4957b8686 in start_thread (/lib64/libpthread.so.0+0x7686) 57 | #12 0x7fb4952f373e in __clone (/lib64/libc.so.6+0xf873e) 58 | 59 | Thread T44 created by T38 here: 60 | #0 0x7fb4982add1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 61 | #1 0x711ec5 in start_threads /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2312 62 | 63 | Thread T38 created by T0 here: 64 | #0 0x7fb4982add1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 65 | #1 0x43e892 in child_main /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2514 66 | 67 | Thread T45 created by T38 here: 68 | #0 0x7fb4982add1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 69 | #1 0x711ec5 in start_threads /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2312 70 | 71 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:1962 pool_find 72 | Shadow bytes around the buggy address: 73 | 0x0c3280029160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 74 | 0x0c3280029170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 75 | 0x0c3280029180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 76 | 0x0c3280029190: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa 77 | 0x0c32800291a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 78 | =>0x0c32800291b0: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd 79 | 0x0c32800291c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 80 | 0x0c32800291d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 81 | 0x0c32800291e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 82 | 0x0c32800291f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 83 | 0x0c3280029200: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 84 | Shadow byte legend (one shadow byte represents 8 application bytes): 85 | Addressable: 00 86 | Partially addressable: 01 02 03 04 05 06 07 87 | Heap left redzone: fa 88 | Heap right redzone: fb 89 | Freed heap region: fd 90 | Stack left redzone: f1 91 | Stack mid redzone: f2 92 | Stack right redzone: f3 93 | Stack partial redzone: f4 94 | Stack after return: f5 95 | Stack use after scope: f8 96 | Global redzone: f9 97 | Global init order: f6 98 | Poisoned by user: f7 99 | Contiguous container OOB:fc 100 | ASan internal: fe 101 | ==31878==ABORTING 102 | -------------------------------------------------------------------------------- /asan/apache-2.4.33/apache-2.4.33-heap-use-after-free-ap_add_common_vars-asan-error.3986: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==3986==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190001c3718 at pc 0x7ff790557505 bp 0x7ff75f7872d0 sp 0x7ff75f7872c0 3 | READ of size 8 at 0x6190001c3718 thread T47 4 | #0 0x7ff790557504 in pool_find memory/unix/apr_pools.c:1963 5 | #1 0x7ff790557a7b in apr_pool_walk_tree memory/unix/apr_pools.c:1219 6 | #2 0x7ff790557b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 7 | #3 0x7ff790557b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 8 | #4 0x7ff790557b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 9 | #5 0x7ff790557b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 10 | #6 0x7ff79055a672 in apr_pool_find memory/unix/apr_pools.c:1979 11 | #7 0x7ff79054617e in apr_table_addn tables/apr_tables.c:823 12 | #8 0x4c030c in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/util_script.c:247 13 | #9 0x533cfd in includes_filter /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/filters/mod_include.c:3902 14 | #10 0x45b88f in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/util_filter.c:609 15 | #11 0x6eca95 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/mappers/mod_negotiation.c:3048 16 | #12 0x4acbc3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/config.c:170 17 | #13 0x4ad750 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/config.c:444 18 | #14 0x56742b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_request.c:772 19 | #15 0x46c25f in ap_read_request /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/protocol.c:1282 20 | #16 0x55f47e in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_core.c:146 21 | #17 0x55f47e in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_core.c:248 22 | #18 0x4c6b53 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:42 23 | #19 0x70f9dd in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1048 24 | #20 0x71320f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 25 | #21 0x7ff78fcb6686 in start_thread (/lib64/libpthread.so.0+0x7686) 26 | #22 0x7ff78f7f173e in __clone (/lib64/libc.so.6+0xf873e) 27 | 28 | 0x6190001c3718 is located 107271105033944 bytes inside==3986==AddressSanitizer: while reporting a bug found another one.Ignoring. 29 | -------------------------------------------------------------------------------- /asan/apache-2.4.33/apache-2.4.33-heap-use-after-free-h2_req_add_header-asan-error.27574: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==27574==ERROR: AddressSanitizer: heap-use-after-free on address 0x61900027c4c8 at pc 0x7fb49605950d bp 0x7fb46b386f30 sp 0x7fb46b386f20 3 | READ of size 8 at 0x61900027c4c8 thread T41 4 | #0 0x7fb49605950c in pool_find memory/unix/apr_pools.c:1962 5 | #1 0x7fb496059a7b in apr_pool_walk_tree memory/unix/apr_pools.c:1219 6 | #2 0x7fb496059b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 7 | #3 0x7fb496059b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 8 | #4 0x7fb496059b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 9 | #5 0x7fb496059b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 10 | #6 0x7fb49605c672 in apr_pool_find memory/unix/apr_pools.c:1979 11 | #7 0x7fb496047760 in apr_table_mergen tables/apr_tables.c:746 12 | #8 0x67dfa9 in h2_req_add_header /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_util.c:1870 13 | #9 0x6440f2 in h2_request_add_header /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_request.c:147 14 | #10 0x665f74 in h2_stream_add_header /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_stream.c:736 15 | #11 0x64e4ec in on_header_cb /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:311 16 | #12 0x7fb4976a1d82 in nghttp2_session_mem_recv (/usr/lib64/libnghttp2.so.14+0x2ad82) 17 | #13 0x625b15 in recv_RAW_DATA /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_filter.c:60 18 | #14 0x625b15 in recv_RAW_brigade /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_filter.c:101 19 | #15 0x627be9 in h2_filter_core_input /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_filter.c:183 20 | #16 0x64bfe0 in session_read /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:1502 21 | #17 0x64bfe0 in h2_session_read /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:1559 22 | #18 0x658c9b in h2_session_process /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:2151 23 | #19 0x623572 in h2_conn_run /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_conn.c:223 24 | #20 0x62c6c2 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_h2.c:658 25 | #21 0x4c6b53 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:42 26 | #22 0x70f9dd in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1048 27 | #23 0x71320f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 28 | #24 0x7fb4957b8686 in start_thread (/lib64/libpthread.so.0+0x7686) 29 | #25 0x7fb4952f373e in __clone (/lib64/libc.so.6+0xf873e) 30 | 31 | 0x61900027c4c8 is located 72 bytes inside of 1040-byte region [0x61900027c480,0x61900027c890) 32 | freed by thread T58 here: 33 | #0 0x7fb4982e14e1 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x574e1) 34 | #1 0x7fb49605a6e8 in pool_clear_debug memory/unix/apr_pools.c:1580 35 | #2 0x7fb496059f2b in pool_destroy_debug memory/unix/apr_pools.c:1638 36 | #3 0x65d269 in h2_session_pre_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:2286 37 | #4 0x623a5b in h2_conn_pre_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_conn.c:253 38 | #5 0x4c7113 in ap_run_pre_close_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:44 39 | #6 0x4c73b8 in ap_prep_lingering_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:101 40 | #7 0x4c740b in ap_start_lingering_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:129 41 | #8 0x70f8b9 in start_lingering_close_blocking /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:804 42 | #9 0x70f8b9 in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1208 43 | #10 0x71320f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 44 | #11 0x7fb4957b8686 in start_thread (/lib64/libpthread.so.0+0x7686) 45 | #12 0x7fb4952f373e in __clone (/lib64/libc.so.6+0xf873e) 46 | 47 | previously allocated by thread T58 here: 48 | #0 0x7fb4982e1772 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57772) 49 | #1 0x7fb4960598c9 in pool_alloc memory/unix/apr_pools.c:1472 50 | #2 0x7fb49605b74d in apr_pcalloc_debug memory/unix/apr_pools.c:1520 51 | #3 0x7fb496059007 in apr_thread_mutex_create locks/unix/thread_mutex.c:50 52 | #4 0x7fb49605bc90 in apr_pool_create_ex_debug memory/unix/apr_pools.c:1761 53 | #5 0x646a76 in h2_session_create_int /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:754 54 | #6 0x6232e7 in h2_conn_setup /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_conn.c:201 55 | #7 0x62ca70 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_h2.c:651 56 | #8 0x4c6b53 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:42 57 | #9 0x70f9dd in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1048 58 | #10 0x71320f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 59 | #11 0x7fb4957b8686 in start_thread (/lib64/libpthread.so.0+0x7686) 60 | #12 0x7fb4952f373e in __clone (/lib64/libc.so.6+0xf873e) 61 | 62 | Thread T41 created by T38 here: 63 | #0 0x7fb4982add1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 64 | #1 0x711ec5 in start_threads /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2312 65 | 66 | Thread T38 created by T0 here: 67 | #0 0x7fb4982add1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 68 | #1 0x43e892 in child_main /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2514 69 | 70 | Thread T58 created by T38 here: 71 | #0 0x7fb4982add1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 72 | #1 0x711ec5 in start_threads /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2312 73 | 74 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:1962 pool_find 75 | Shadow bytes around the buggy address: 76 | 0x0c3280047840: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 77 | 0x0c3280047850: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 78 | 0x0c3280047860: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 79 | 0x0c3280047870: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 80 | 0x0c3280047880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 81 | =>0x0c3280047890: fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd 82 | 0x0c32800478a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 83 | 0x0c32800478b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 84 | 0x0c32800478c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 85 | 0x0c32800478d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 86 | 0x0c32800478e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 87 | Shadow byte legend (one shadow byte represents 8 application bytes): 88 | Addressable: 00 89 | Partially addressable: 01 02 03 04 05 06 07 90 | Heap left redzone: fa 91 | Heap right redzone: fb 92 | Freed heap region: fd 93 | Stack left redzone: f1 94 | Stack mid redzone: f2 95 | Stack right redzone: f3 96 | Stack partial redzone: f4 97 | Stack after return: f5 98 | Stack use after scope: f8 99 | Global redzone: f9 100 | Global init order: f6 101 | Poisoned by user: f7 102 | Contiguous container OOB:fc 103 | ASan internal: fe 104 | ==27574==ABORTING 105 | -------------------------------------------------------------------------------- /asan/apache-2.4.33/apache-2.4.33-heap-use-after-free-h2_request_end_headers-asan-error.28464: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==28464==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190001bd090 at pc 0x7fd4e717250d bp 0x7fd4b8275ef0 sp 0x7fd4b8275ee0 3 | READ of size 8 at 0x6190001bd090 thread T47 4 | #0 0x7fd4e717250c in pool_find memory/unix/apr_pools.c:1962 5 | #1 0x7fd4e7172a7b in apr_pool_walk_tree memory/unix/apr_pools.c:1219 6 | #2 0x7fd4e7172b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 7 | #3 0x7fd4e7172b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 8 | #4 0x7fd4e7172b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 9 | #5 0x7fd4e7172b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 10 | #6 0x7fd4e7175672 in apr_pool_find memory/unix/apr_pools.c:1979 11 | #7 0x7fd4e7160760 in apr_table_mergen tables/apr_tables.c:746 12 | #8 0x644676 in h2_request_end_headers /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_request.c:184 13 | #9 0x664e28 in h2_stream_recv_frame /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_stream.c:455 14 | #10 0x651464 in on_frame_recv_cb /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:351 15 | #11 0x7fd4e87ba4af in nghttp2_session_mem_recv (/usr/lib64/libnghttp2.so.14+0x2a4af) 16 | #12 0x625b15 in recv_RAW_DATA /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_filter.c:60 17 | #13 0x625b15 in recv_RAW_brigade /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_filter.c:101 18 | #14 0x627be9 in h2_filter_core_input /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_filter.c:183 19 | #15 0x64bfe0 in session_read /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:1502 20 | #16 0x64bfe0 in h2_session_read /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:1559 21 | #17 0x658c9b in h2_session_process /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:2151 22 | #18 0x623572 in h2_conn_run /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_conn.c:223 23 | #19 0x62c6c2 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_h2.c:658 24 | #20 0x4c6b53 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:42 25 | #21 0x70f9dd in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1048 26 | #22 0x71320f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 27 | #23 0x7fd4e68d1686 in start_thread (/lib64/libpthread.so.0+0x7686) 28 | #24 0x7fd4e640c73e in __clone (/lib64/libc.so.6+0xf873e) 29 | 30 | 0x6190001bd090 is located 16 bytes inside of 1040-byte region [0x6190001bd080,0x6190001bd490) 31 | freed by thread T58 here: 32 | #0 0x7fd4e93fa4e1 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x574e1) 33 | #1 0x7fd4e71736e8 in pool_clear_debug memory/unix/apr_pools.c:1580 34 | #2 0x7fd4e7172f2b in pool_destroy_debug memory/unix/apr_pools.c:1638 35 | #3 0x65d269 in h2_session_pre_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:2286 36 | #4 0x623a5b in h2_conn_pre_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_conn.c:253 37 | #5 0x4c7113 in ap_run_pre_close_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:44 38 | #6 0x4c73b8 in ap_prep_lingering_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:101 39 | #7 0x4c740b in ap_start_lingering_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:129 40 | #8 0x70f8b9 in start_lingering_close_blocking /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:804 41 | #9 0x70f8b9 in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1208 42 | #10 0x71320f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 43 | #11 0x7fd4e68d1686 in start_thread (/lib64/libpthread.so.0+0x7686) 44 | #12 0x7fd4e640c73e in __clone (/lib64/libc.so.6+0xf873e) 45 | 46 | previously allocated by thread T58 here: 47 | #0 0x7fd4e93fa772 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57772) 48 | #1 0x7fd4e71728c9 in pool_alloc memory/unix/apr_pools.c:1472 49 | #2 0x7fd4e717474d in apr_pcalloc_debug memory/unix/apr_pools.c:1520 50 | #3 0x7fd4e7172007 in apr_thread_mutex_create locks/unix/thread_mutex.c:50 51 | #4 0x7fd4e7174c90 in apr_pool_create_ex_debug memory/unix/apr_pools.c:1761 52 | #5 0x646a76 in h2_session_create_int /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:754 53 | #6 0x6232e7 in h2_conn_setup /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_conn.c:201 54 | #7 0x62ca70 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_h2.c:651 55 | #8 0x4c6b53 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:42 56 | #9 0x70f9dd in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1048 57 | #10 0x71320f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 58 | #11 0x7fd4e68d1686 in start_thread (/lib64/libpthread.so.0+0x7686) 59 | #12 0x7fd4e640c73e in __clone (/lib64/libc.so.6+0xf873e) 60 | 61 | Thread T47 created by T38 here: 62 | #0 0x7fd4e93c6d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 63 | #1 0x711ec5 in start_threads /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2312 64 | 65 | Thread T38 created by T0 here: 66 | #0 0x7fd4e93c6d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 67 | #1 0x43e892 in child_main /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2514 68 | 69 | Thread T58 created by T38 here: 70 | #0 0x7fd4e93c6d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 71 | #1 0x711ec5 in start_threads /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2312 72 | 73 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:1962 pool_find 74 | Shadow bytes around the buggy address: 75 | 0x0c328002f9c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 76 | 0x0c328002f9d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 77 | 0x0c328002f9e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 78 | 0x0c328002f9f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 79 | 0x0c328002fa00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 80 | =>0x0c328002fa10: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd 81 | 0x0c328002fa20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 82 | 0x0c328002fa30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 83 | 0x0c328002fa40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 84 | 0x0c328002fa50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 85 | 0x0c328002fa60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 86 | Shadow byte legend (one shadow byte represents 8 application bytes): 87 | Addressable: 00 88 | Partially addressable: 01 02 03 04 05 06 07 89 | Heap left redzone: fa 90 | Heap right redzone: fb 91 | Freed heap region: fd 92 | Stack left redzone: f1 93 | Stack mid redzone: f2 94 | Stack right redzone: f3 95 | Stack partial redzone: f4 96 | Stack after return: f5 97 | Stack use after scope: f8 98 | Global redzone: f9 99 | Global init order: f6 100 | Poisoned by user: f7 101 | Contiguous container OOB:fc 102 | ASan internal: fe 103 | ==28464==ABORTING 104 | -------------------------------------------------------------------------------- /asan/apache-2.4.33/apache-2.4.33-heap-use-after-free-set_neg_headers-asan-error.3272: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==3272==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190000f8c88 at pc 0x7fd4e71724e5 bp 0x7fd4bfbc4680 sp 0x7fd4bfbc4670 3 | READ of size 4 at 0x6190000f8c88 thread T36 4 | #0 0x7fd4e71724e4 in pool_find memory/unix/apr_pools.c:1961 5 | #1 0x7fd4e7172a7b in apr_pool_walk_tree memory/unix/apr_pools.c:1219 6 | #2 0x7fd4e7172b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 7 | #3 0x7fd4e7172b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 8 | #4 0x7fd4e7172b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 9 | #5 0x7fd4e7172b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 10 | #6 0x7fd4e7175672 in apr_pool_find memory/unix/apr_pools.c:1979 11 | #7 0x7fd4e7160760 in apr_table_mergen tables/apr_tables.c:746 12 | #8 0x6e5e0e in set_neg_headers /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/mappers/mod_negotiation.c:2603 13 | #9 0x6e6c72 in do_negotiation /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/mappers/mod_negotiation.c:2914 14 | #10 0x6ec551 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/mappers/mod_negotiation.c:2977 15 | #11 0x4acbc3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/config.c:170 16 | #12 0x4ad750 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/config.c:444 17 | #13 0x56742b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_request.c:772 18 | #14 0x56a00e in ap_process_async_request /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_request.c:459 19 | #15 0x56ac4a in ap_process_request /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http/http_request.c:471 20 | #16 0x66ff55 in h2_task_process_request /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_task.c:678 21 | #17 0x66ff55 in h2_task_process_conn /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_task.c:725 22 | #18 0x4c6b53 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:42 23 | #19 0x674161 in h2_task_do /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_task.c:635 24 | #20 0x67f459 in slot_run /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_workers.c:231 25 | #21 0x7fd4e68d1686 in start_thread (/lib64/libpthread.so.0+0x7686) 26 | #22 0x7fd4e640c73e in __clone (/lib64/libc.so.6+0xf873e) 27 | 28 | 0x6190000f8c88 is located 8 bytes inside of 1040-byte region [0x6190000f8c80,0x6190000f9090) 29 | freed by thread T42 here: 30 | #0 0x7fd4e93fa4e1 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x574e1) 31 | #1 0x7fd4e71736e8 in pool_clear_debug memory/unix/apr_pools.c:1580 32 | #2 0x7fd4e7172f2b in pool_destroy_debug memory/unix/apr_pools.c:1638 33 | #3 0x65d269 in h2_session_pre_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:2286 34 | #4 0x623a5b in h2_conn_pre_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_conn.c:253 35 | #5 0x4c7113 in ap_run_pre_close_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:44 36 | #6 0x4c73b8 in ap_prep_lingering_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:101 37 | #7 0x4c740b in ap_start_lingering_close /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:129 38 | #8 0x70f8b9 in start_lingering_close_blocking /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:804 39 | #9 0x70f8b9 in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1208 40 | #10 0x71320f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 41 | #11 0x7fd4e68d1686 in start_thread (/lib64/libpthread.so.0+0x7686) 42 | #12 0x7fd4e640c73e in __clone (/lib64/libc.so.6+0xf873e) 43 | 44 | previously allocated by thread T42 here: 45 | #0 0x7fd4e93fa772 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57772) 46 | #1 0x7fd4e71728c9 in pool_alloc memory/unix/apr_pools.c:1472 47 | #2 0x7fd4e717474d in apr_pcalloc_debug memory/unix/apr_pools.c:1520 48 | #3 0x7fd4e7172007 in apr_thread_mutex_create locks/unix/thread_mutex.c:50 49 | #4 0x7fd4e7174c90 in apr_pool_create_ex_debug memory/unix/apr_pools.c:1761 50 | #5 0x646a76 in h2_session_create_int /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_session.c:754 51 | #6 0x6232e7 in h2_conn_setup /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_conn.c:201 52 | #7 0x62ca70 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_h2.c:651 53 | #8 0x4c6b53 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/connection.c:42 54 | #9 0x70f9dd in process_socket /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:1048 55 | #10 0x71320f in worker_thread /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2122 56 | #11 0x7fd4e68d1686 in start_thread (/lib64/libpthread.so.0+0x7686) 57 | #12 0x7fd4e640c73e in __clone (/lib64/libc.so.6+0xf873e) 58 | 59 | Thread T36 created by T0 here: 60 | #0 0x7fd4e93c6d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 61 | #1 0x67f0bd in activate_slot /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/modules/http2/h2_workers.c:106 62 | 63 | Thread T42 created by T38 here: 64 | #0 0x7fd4e93c6d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 65 | #1 0x711ec5 in start_threads /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2312 66 | 67 | Thread T38 created by T0 here: 68 | #0 0x7fd4e93c6d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 69 | #1 0x43e892 in child_main /var/tmp/portage/www-servers/apache-2.4.33/work/httpd-2.4.33/server/mpm/event/event.c:2514 70 | 71 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:1961 pool_find 72 | Shadow bytes around the buggy address: 73 | 0x0c3280017140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 74 | 0x0c3280017150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 75 | 0x0c3280017160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 76 | 0x0c3280017170: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa 77 | 0x0c3280017180: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 78 | =>0x0c3280017190: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd 79 | 0x0c32800171a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 80 | 0x0c32800171b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 81 | 0x0c32800171c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 82 | 0x0c32800171d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 83 | 0x0c32800171e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 84 | Shadow byte legend (one shadow byte represents 8 application bytes): 85 | Addressable: 00 86 | Partially addressable: 01 02 03 04 05 06 07 87 | Heap left redzone: fa 88 | Heap right redzone: fb 89 | Freed heap region: fd 90 | Stack left redzone: f1 91 | Stack mid redzone: f2 92 | Stack right redzone: f3 93 | Stack partial redzone: f4 94 | Stack after return: f5 95 | Stack use after scope: f8 96 | Global redzone: f9 97 | Global init order: f6 98 | Poisoned by user: f7 99 | Contiguous container OOB:fc 100 | ASan internal: fe 101 | ==3272==ABORTING 102 | -------------------------------------------------------------------------------- /asan/apache-2.4.34/apache-2.4.34-SEGV-impl_pollset_remove-asan-error.11548: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==11548==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7fa1a0137a64 sp 0x7ffd4a82b260 bp 0x7ffd4a82b280 T0) 3 | #0 0x7fa1a0137a63 in impl_pollset_remove poll/unix/epoll.c:219 4 | #1 0x7135b1 in disable_listensocks /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/mpm/event/event.c:470 5 | #2 0x713652 in wakeup_listener /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/mpm/event/event.c:578 6 | #3 0x71388c in signal_threads /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/mpm/event/event.c:627 7 | #4 0x43fa37 in child_main /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/mpm/event/event.c:2581 8 | #5 0x714724 in make_child /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/mpm/event/event.c:2665 9 | #6 0x715922 in perform_idle_server_maintenance /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/mpm/event/event.c:2848 10 | #7 0x715922 in server_main_loop /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/mpm/event/event.c:2976 11 | #8 0x715922 in event_run /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/mpm/event/event.c:3053 12 | #9 0x457c40 in ap_run_mpm /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/mpm_common.c:94 13 | #10 0x4419f3 in main /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/main.c:819 14 | #11 0x7fa19f2cdfcf in __libc_start_main (/lib64/libc.so.6+0x20fcf) 15 | #12 0x4430e9 in _start (/usr/sbin/apache2+0x4430e9) 16 | 17 | AddressSanitizer can not provide additional info. 18 | SUMMARY: AddressSanitizer: SEGV poll/unix/epoll.c:219 impl_pollset_remove 19 | ==11548==ABORTING 20 | -------------------------------------------------------------------------------- /asan/apache-2.4.34/apache-2.4.34-SEGV-impl_pollset_remove-asan-error.17207: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==17207==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7fe205a46a64 sp 0x7ffe3fb15050 bp 0x7ffe3fb15070 T0) 3 | #0 0x7fe205a46a63 in impl_pollset_remove poll/unix/epoll.c:219 4 | #1 0x70ed11 in disable_listensocks /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/mpm/event/event.c:470 5 | #2 0x70edb2 in wakeup_listener /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/mpm/event/event.c:578 6 | #3 0x70efec in signal_threads /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/mpm/event/event.c:627 7 | #4 0x43fbd5 in child_main /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/mpm/event/event.c:2581 8 | #5 0x70fe84 in make_child /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/mpm/event/event.c:2665 9 | #6 0x70ffea in startup_children /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/mpm/event/event.c:2689 10 | #7 0x7113fd in server_main_loop /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/mpm/event/event.c:2966 11 | #8 0x7113fd in event_run /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/mpm/event/event.c:3053 12 | #9 0x457e00 in ap_run_mpm /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/mpm_common.c:94 13 | #10 0x441bf7 in main /var/tmp/portage/www-servers/apache-2.4.34-r2/work/httpd-2.4.34/server/main.c:819 14 | #11 0x7fe204bd4b9d in __libc_start_main (/lib64/libc.so.6+0x21b9d) 15 | #12 0x443319 in _start (/usr/sbin/apache2+0x443319) 16 | 17 | AddressSanitizer can not provide additional info. 18 | SUMMARY: AddressSanitizer: SEGV poll/unix/epoll.c:219 impl_pollset_remove 19 | ==17207==ABORTING 20 | -------------------------------------------------------------------------------- /asan/apache-2.4.34/apache-2.4.34-SEGV-impl_pollset_remove-asan-error.2350: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==2350==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7f39bd59c4f4 sp 0x7ffcf6e36790 bp 0x7ffcf6e367b0 T0) 3 | #0 0x7f39bd59c4f3 in impl_pollset_remove poll/unix/epoll.c:219 4 | #1 0x713e91 in disable_listensocks /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:470 5 | #2 0x713f32 in wakeup_listener /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:578 6 | #3 0x71416c in signal_threads /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:627 7 | #4 0x43eb05 in child_main /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2581 8 | #5 0x715004 in make_child /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2665 9 | #6 0x71516a in startup_children /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2689 10 | #7 0x716fbb in event_run /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:3034 11 | #8 0x456d60 in ap_run_mpm /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm_common.c:94 12 | #9 0x440b37 in main /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/main.c:819 13 | #10 0x7f39bc736fcf in __libc_start_main (/lib64/libc.so.6+0x20fcf) 14 | #11 0x442279 in _start (/usr/sbin/apache2+0x442279) 15 | 16 | AddressSanitizer can not provide additional info. 17 | SUMMARY: AddressSanitizer: SEGV poll/unix/epoll.c:219 impl_pollset_remove 18 | ==2350==ABORTING 19 | -------------------------------------------------------------------------------- /asan/apache-2.4.34/apache-2.4.34-heap-use-after-free-abort_socket_nonblocking-asan-error.28259: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==28259==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000046c18 at pc 0x7f53ddea0256 bp 0x7ffec5849990 sp 0x7ffec5849980 3 | READ of size 8 at 0x607000046c18 thread T0 4 | #0 0x7f53ddea0255 in apr_socket_timeout_set network_io/unix/sockopt.c:86 5 | #1 0x70f002 in abort_socket_nonblocking /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:526 6 | #2 0x7141d9 in close_worker_sockets /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:557 7 | #3 0x7141d9 in signal_threads /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:636 8 | #4 0x43eb05 in child_main /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2581 9 | #5 0x715004 in make_child /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2665 10 | #6 0x716202 in perform_idle_server_maintenance /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2848 11 | #7 0x716202 in server_main_loop /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2976 12 | #8 0x716202 in event_run /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:3053 13 | #9 0x456d60 in ap_run_mpm /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm_common.c:94 14 | #10 0x440b37 in main /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/main.c:819 15 | #11 0x7f53dd03cfcf in __libc_start_main (/lib64/libc.so.6+0x20fcf) 16 | #12 0x442279 in _start (/usr/sbin/apache2+0x442279) 17 | 18 | 0x607000046c18 is located 40 bytes inside of 80-byte region [0x607000046bf0,0x607000046c40) 19 | freed by thread T41 here: 20 | #0 0x7f53e01154e1 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x574e1) 21 | #1 0x7f53dde8e659 in pool_clear_debug memory/unix/apr_pools.c:1576 22 | #2 0x7f53dde8df2b in pool_destroy_debug memory/unix/apr_pools.c:1638 23 | #3 0x7109fd in process_lingering_close /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:1504 24 | #4 0x714a7f in worker_thread /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2122 25 | #5 0x7f53dd5ec6f9 in start_thread (/lib64/libpthread.so.0+0x76f9) 26 | #6 0x7f53dd11cd7e in clone (/lib64/libc.so.6+0x100d7e) 27 | 28 | previously allocated by thread T64 here: 29 | #0 0x7f53e0115772 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57772) 30 | #1 0x7f53dde8d77b in pool_alloc memory/unix/apr_pools.c:1463 31 | #2 0x7f53dde8f74d in apr_pcalloc_debug memory/unix/apr_pools.c:1520 32 | #3 0x7f53dde9d336 in alloc_socket network_io/unix/sockets.c:69 33 | #4 0x7f53dde9dd48 in apr_socket_accept network_io/unix/sockets.c:246 34 | #5 0x71b5bf in ap_unixd_accept /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/os/unix/unixd.c:303 35 | #6 0x718ec9 in listener_thread /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:1888 36 | #7 0x7f53dd5ec6f9 in start_thread (/lib64/libpthread.so.0+0x76f9) 37 | #8 0x7f53dd11cd7e in clone (/lib64/libc.so.6+0x100d7e) 38 | 39 | Thread T41 created by T38 here: 40 | #0 0x7f53e00e1d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 41 | #1 0x713735 in start_threads /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2312 42 | 43 | Thread T38 created by T0 here: 44 | #0 0x7f53e00e1d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 45 | #1 0x43e9a0 in child_main /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2516 46 | 47 | Thread T64 created by T38 here: 48 | #0 0x7f53e00e1d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 49 | #1 0x71388d in create_listener_thread /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2183 50 | #2 0x71388d in start_threads /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2326 51 | 52 | SUMMARY: AddressSanitizer: heap-use-after-free network_io/unix/sockopt.c:86 apr_socket_timeout_set 53 | Shadow bytes around the buggy address: 54 | 0x0c0e80000d30: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00 55 | 0x0c0e80000d40: 00 00 fa fa fa fa fd fd fd fd fd fd fd fd fd fd 56 | 0x0c0e80000d50: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 fa fa 57 | 0x0c0e80000d60: fa fa 00 00 00 00 00 00 00 00 00 00 fa fa fa fa 58 | 0x0c0e80000d70: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fd fd 59 | =>0x0c0e80000d80: fd fd fd[fd]fd fd fd fd fa fa fa fa 00 00 00 00 60 | 0x0c0e80000d90: 00 00 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 61 | 0x0c0e80000da0: 00 00 00 00 fa fa fa fa fd fd fd fd fd fd fd fd 62 | 0x0c0e80000db0: fd fd fa fa fa fa 00 00 00 00 00 00 00 00 00 00 63 | 0x0c0e80000dc0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa 64 | 0x0c0e80000dd0: fa fa fd fd fd fd fd fd fd fd fd fd fa fa fa fa 65 | Shadow byte legend (one shadow byte represents 8 application bytes): 66 | Addressable: 00 67 | Partially addressable: 01 02 03 04 05 06 07 68 | Heap left redzone: fa 69 | Heap right redzone: fb 70 | Freed heap region: fd 71 | Stack left redzone: f1 72 | Stack mid redzone: f2 73 | Stack right redzone: f3 74 | Stack partial redzone: f4 75 | Stack after return: f5 76 | Stack use after scope: f8 77 | Global redzone: f9 78 | Global init order: f6 79 | Poisoned by user: f7 80 | Contiguous container OOB:fc 81 | ASan internal: fe 82 | ==28259==ABORTING 83 | -------------------------------------------------------------------------------- /asan/apache-2.4.34/apache-2.4.34-heap-use-after-free-add_unless_null-asan-error.12759: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==12759==ERROR: AddressSanitizer: heap-use-after-free on address 0x619000532ca8 at pc 0x7f53dde8d505 bp 0x7f53ae1821c0 sp 0x7f53ae1821b0 3 | READ of size 8 at 0x619000532ca8 thread T48 4 | #0 0x7f53dde8d504 in pool_find memory/unix/apr_pools.c:1963 5 | #1 0x7f53dde8da7b in apr_pool_walk_tree memory/unix/apr_pools.c:1219 6 | #2 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 7 | #3 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 8 | #4 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 9 | #5 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 10 | #6 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 11 | #7 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 12 | #8 0x7f53dde90672 in apr_pool_find memory/unix/apr_pools.c:1979 13 | #9 0x7f53dde7c17e in apr_table_addn tables/apr_tables.c:823 14 | #10 0x4c0866 in add_unless_null /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/util_script.c:91 15 | #11 0x4c0866 in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/util_script.c:298 16 | #12 0x533e5d in includes_filter /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3903 17 | #13 0x45b96f in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/util_filter.c:609 18 | #14 0x6ee3c5 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/mappers/mod_negotiation.c:3048 19 | #15 0x4accf3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:170 20 | #16 0x4ad880 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:444 21 | #17 0x56752b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_request.c:791 22 | #18 0x567b55 in ap_die_r /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_request.c:212 23 | #19 0x46c6bf in ap_read_request /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/protocol.c:1339 24 | #20 0x55f42e in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_core.c:146 25 | #21 0x55f42e in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_core.c:248 26 | #22 0x4c6c73 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/connection.c:42 27 | #23 0x71124d in process_socket /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:1048 28 | #24 0x714a7f in worker_thread /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2122 29 | #25 0x7f53dd5ec6f9 in start_thread (/lib64/libpthread.so.0+0x76f9) 30 | #26 0x7f53dd11cd7e in clone (/lib64/libc.so.6+0x100d7e) 31 | 32 | ==12759==AddressSanitizer: while reporting a bug found another one.Ignoring. 33 | -------------------------------------------------------------------------------- /asan/apache-2.4.34/apache-2.4.34-heap-use-after-free-ap_add_common_vars-asan-error.2195: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==2195==ERROR: AddressSanitizer: heap-use-after-free on address 0x61900019c3d0 at pc 0x7fc57b82050d bp 0x7fc543971360 sp 0x7fc543971350 3 | READ of size 8 at 0x61900019c3d0 thread T60 4 | #0 0x7fc57b82050c in pool_find memory/unix/apr_pools.c:1962 5 | #1 0x7fc57b820a7b in apr_pool_walk_tree memory/unix/apr_pools.c:1219 6 | #2 0x7fc57b820b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 7 | #3 0x7fc57b820b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 8 | #4 0x7fc57b820b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 9 | #5 0x7fc57b820b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 10 | #6 0x7fc57b823672 in apr_pool_find memory/unix/apr_pools.c:1979 11 | #7 0x7fc57b80f151 in apr_table_addn tables/apr_tables.c:819 12 | #8 0x4c091f in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/util_script.c:268 13 | #9 0x533e5d in includes_filter /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3903 14 | #10 0x45b96f in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/util_filter.c:609 15 | #11 0x6ee3c5 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/mappers/mod_negotiation.c:3048 16 | #12 0x4accf3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:170 17 | #13 0x4ad880 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:444 18 | #14 0x56752b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_request.c:791 19 | #15 0x567b55 in ap_die_r /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_request.c:212 20 | #16 0x56a15e in ap_process_async_request /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_request.c:476 21 | #17 0x55f587 in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_core.c:154 22 | #18 0x55f587 in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_core.c:248 23 | #19 0x4c6c73 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/connection.c:42 24 | #20 0x71124d in process_socket /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:1048 25 | #21 0x714a7f in worker_thread /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2122 26 | #22 0x7fc57af7f6f9 in start_thread (/lib64/libpthread.so.0+0x76f9) 27 | #23 0x7fc57aaafd7e in clone (/lib64/libc.so.6+0x100d7e) 28 | 29 | 0x61900019c3d0 is located 80 bytes inside of 1040-byte region [0x61900019c380,0x61900019c790) 30 | freed by thread T48 here: 31 | #0 0x7fc57daa84e1 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x574e1) 32 | #1 0x7fc57b8216e8 in pool_clear_debug memory/unix/apr_pools.c:1580 33 | #2 0x7fc57b820f2b in pool_destroy_debug memory/unix/apr_pools.c:1638 34 | #3 0x65efe9 in h2_session_pre_close /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http2/h2_session.c:2289 35 | #4 0x62553b in h2_conn_pre_close /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http2/h2_conn.c:254 36 | #5 0x4c7233 in ap_run_pre_close_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/connection.c:44 37 | #6 0x4c74d8 in ap_prep_lingering_close /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/connection.c:101 38 | #7 0x4c752d in ap_start_lingering_close /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/connection.c:129 39 | #8 0x711129 in start_lingering_close_blocking /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:804 40 | #9 0x711129 in process_socket /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:1208 41 | #10 0x714a7f in worker_thread /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2122 42 | #11 0x7fc57af7f6f9 in start_thread (/lib64/libpthread.so.0+0x76f9) 43 | #12 0x7fc57aaafd7e in clone (/lib64/libc.so.6+0x100d7e) 44 | 45 | previously allocated by thread T48 here: 46 | #0 0x7fc57daa8772 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57772) 47 | #1 0x7fc57b8208c9 in pool_alloc memory/unix/apr_pools.c:1472 48 | #2 0x7fc57b82274d in apr_pcalloc_debug memory/unix/apr_pools.c:1520 49 | #3 0x7fc57b820007 in apr_thread_mutex_create locks/unix/thread_mutex.c:50 50 | #4 0x7fc57b822c90 in apr_pool_create_ex_debug memory/unix/apr_pools.c:1761 51 | #5 0x6488e6 in h2_session_create_int /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http2/h2_session.c:757 52 | #6 0x624d37 in h2_conn_setup /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http2/h2_conn.c:190 53 | #7 0x62e590 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http2/h2_h2.c:651 54 | #8 0x4c6c73 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/connection.c:42 55 | #9 0x71124d in process_socket /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:1048 56 | #10 0x714a7f in worker_thread /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2122 57 | #11 0x7fc57af7f6f9 in start_thread (/lib64/libpthread.so.0+0x76f9) 58 | #12 0x7fc57aaafd7e in clone (/lib64/libc.so.6+0x100d7e) 59 | 60 | Thread T60 created by T38 here: 61 | #0 0x7fc57da74d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 62 | #1 0x713735 in start_threads /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2312 63 | 64 | Thread T38 created by T0 here: 65 | #0 0x7fc57da74d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 66 | #1 0x43e9a0 in child_main /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2516 67 | 68 | Thread T48 created by T38 here: 69 | #0 0x7fc57da74d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 70 | #1 0x713735 in start_threads /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2312 71 | 72 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:1962 pool_find 73 | Shadow bytes around the buggy address: 74 | 0x0c328002b820: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 75 | 0x0c328002b830: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 76 | 0x0c328002b840: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 77 | 0x0c328002b850: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 78 | 0x0c328002b860: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 79 | =>0x0c328002b870: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd 80 | 0x0c328002b880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 81 | 0x0c328002b890: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 82 | 0x0c328002b8a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 83 | 0x0c328002b8b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 84 | 0x0c328002b8c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 85 | Shadow byte legend (one shadow byte represents 8 application bytes): 86 | Addressable: 00 87 | Partially addressable: 01 02 03 04 05 06 07 88 | Heap left redzone: fa 89 | Heap right redzone: fb 90 | Freed heap region: fd 91 | Stack left redzone: f1 92 | Stack mid redzone: f2 93 | Stack right redzone: f3 94 | Stack partial redzone: f4 95 | Stack after return: f5 96 | Stack use after scope: f8 97 | Global redzone: f9 98 | Global init order: f6 99 | Poisoned by user: f7 100 | Contiguous container OOB:fc 101 | ASan internal: fe 102 | ==2195==ABORTING 103 | -------------------------------------------------------------------------------- /asan/apache-2.4.34/apache-2.4.34-heap-use-after-free-ap_add_common_vars-asan-error.27619: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==27619==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190002fbc98 at pc 0x7f53dde8d50d bp 0x7f53b18a5240 sp 0x7f53b18a5230 3 | READ of size 8 at 0x6190002fbc98 thread T43 4 | #0 0x7f53dde8d50c in pool_find memory/unix/apr_pools.c:1962 5 | #1 0x7f53dde8da7b in apr_pool_walk_tree memory/unix/apr_pools.c:1219 6 | #2 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 7 | #3 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 8 | #4 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 9 | #5 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 10 | #6 0x7f53dde90672 in apr_pool_find memory/unix/apr_pools.c:1979 11 | #7 0x7f53dde7c151 in apr_table_addn tables/apr_tables.c:819 12 | #8 0x4c091f in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/util_script.c:268 13 | #9 0x533e5d in includes_filter /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3903 14 | #10 0x45b96f in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/util_filter.c:609 15 | #11 0x6ee3c5 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/mappers/mod_negotiation.c:3048 16 | #12 0x4accf3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:170 17 | #13 0x4ad880 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:444 18 | #14 0x56752b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_request.c:791 19 | #15 0x567b55 in ap_die_r /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_request.c:212 20 | #16 0x46de58 in ap_read_request /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/protocol.c:1462 21 | #17 0x55f42e in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_core.c:146 22 | #18 0x55f42e in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_core.c:248 23 | #19 0x4c6c73 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/connection.c:42 24 | #20 0x71124d in process_socket /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:1048 25 | #21 0x714a7f in worker_thread /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2122 26 | #22 0x7f53dd5ec6f9 in start_thread (/lib64/libpthread.so.0+0x76f9) 27 | #23 0x7f53dd11cd7e in clone (/lib64/libc.so.6+0x100d7e) 28 | 29 | ==27619==AddressSanitizer: while reporting a bug found another one.Ignoring. 30 | -------------------------------------------------------------------------------- /asan/apache-2.4.34/apache-2.4.34-heap-use-after-free-do_headers_fixup-asan-error.18945: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==18945==ERROR: AddressSanitizer: heap-use-after-free on address 0x619000251790 at pc 0x7f53dde8d50d bp 0x7f53b0d9d5a0 sp 0x7f53b0d9d590 3 | READ of size 8 at 0x619000251790 thread T44 4 | #0 0x7f53dde8d50c in pool_find memory/unix/apr_pools.c:1962 5 | #1 0x7f53dde8da7b in apr_pool_walk_tree memory/unix/apr_pools.c:1219 6 | #2 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 7 | #3 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 8 | #4 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 9 | #5 0x7f53dde90672 in apr_pool_find memory/unix/apr_pools.c:1979 10 | #6 0x7f53dde7b799 in apr_table_mergen tables/apr_tables.c:752 11 | #7 0x5934a5 in do_headers_fixup /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/metadata/mod_headers.c:751 12 | #8 0x594358 in ap_headers_output_filter /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/metadata/mod_headers.c:879 13 | #9 0x55dabd in compress_filter /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_brotli.c:480 14 | #10 0x5439c4 in filter_harness /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_filter.c:323 15 | #11 0x558575 in deflate_out_filter /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_deflate.c:831 16 | #12 0x5439c4 in filter_harness /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_filter.c:323 17 | #13 0x530505 in send_parsed_content /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3476 18 | #14 0x530505 in includes_filter /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3966 19 | #15 0x47a067 in default_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/core.c:4820 20 | #16 0x4accf3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:170 21 | #17 0x4ad880 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:444 22 | #18 0x49b917 in ap_run_sub_req /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/request.c:2477 23 | #19 0x5381b1 in handle_include /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:1880 24 | #20 0x53236b in send_parsed_content /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3717 25 | #21 0x53236b in includes_filter /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3966 26 | #22 0x45b96f in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/util_filter.c:609 27 | #23 0x6ee3c5 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/mappers/mod_negotiation.c:3048 28 | #24 0x4accf3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:170 29 | #25 0x4ad880 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:444 30 | #26 0x56752b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_request.c:791 31 | #27 0x567b55 in ap_die_r /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_request.c:212 32 | #28 0x46c6bf in ap_read_request /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/protocol.c:1339 33 | #29 0x55f42e in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_core.c:146 34 | #30 0x55f42e in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_core.c:248 35 | #31 0x4c6c73 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/connection.c:42 36 | #32 0x71124d in process_socket /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:1048 37 | #33 0x714a7f in worker_thread /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2122 38 | #34 0x7f53dd5ec6f9 in start_thread (/lib64/libpthread.so.0+0x76f9) 39 | #35 0x7f53dd11cd7e in clone (/lib64/libc.so.6+0x100d7e) 40 | 41 | ==18945==AddressSanitizer: while reporting a bug found another one.Ignoring. 42 | -------------------------------------------------------------------------------- /asan/apache-2.4.34/apache-2.4.34-heap-use-after-free-set_neg_headers-asan-error.13706: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==13706==ERROR: AddressSanitizer: heap-use-after-free on address 0x619000271a90 at pc 0x7f53dde8d50d bp 0x7f53b44c07d0 sp 0x7f53b44c07c0 3 | READ of size 8 at 0x619000271a90 thread T39 4 | #0 0x7f53dde8d50c in pool_find memory/unix/apr_pools.c:1962 5 | #1 0x7f53dde8da7b in apr_pool_walk_tree memory/unix/apr_pools.c:1219 6 | #2 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 7 | #3 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 8 | #4 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 9 | #5 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 10 | #6 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 11 | #7 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 12 | #8 0x7f53dde90672 in apr_pool_find memory/unix/apr_pools.c:1979 13 | #9 0x7f53dde7b760 in apr_table_mergen tables/apr_tables.c:746 14 | #10 0x6e792e in set_neg_headers /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/mappers/mod_negotiation.c:2603 15 | #11 0x6e8792 in do_negotiation /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/mappers/mod_negotiation.c:2914 16 | #12 0x6ede81 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/mappers/mod_negotiation.c:2977 17 | #13 0x4accf3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:170 18 | #14 0x4ad880 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:444 19 | #15 0x49b917 in ap_run_sub_req /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/request.c:2477 20 | #16 0x5381b1 in handle_include /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:1880 21 | #17 0x53236b in send_parsed_content /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3717 22 | #18 0x53236b in includes_filter /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3966 23 | #19 0x47a067 in default_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/core.c:4820 24 | #20 0x4accf3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:170 25 | #21 0x4ad880 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:444 26 | #22 0x49b917 in ap_run_sub_req /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/request.c:2477 27 | #23 0x5381b1 in handle_include /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:1880 28 | #24 0x53236b in send_parsed_content /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3717 29 | #25 0x53236b in includes_filter /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3966 30 | #26 0x45b96f in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/util_filter.c:609 31 | #27 0x6ee3c5 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/mappers/mod_negotiation.c:3048 32 | #28 0x4accf3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:170 33 | #29 0x4ad880 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:444 34 | #30 0x56752b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_request.c:791 35 | #31 0x567b55 in ap_die_r /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_request.c:212 36 | #32 0x46de58 in ap_read_request /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/protocol.c:1462 37 | #33 0x55f42e in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_core.c:146 38 | #34 0x55f42e in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_core.c:248 39 | #35 0x4c6c73 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/connection.c:42 40 | #36 0x71124d in process_socket /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:1048 41 | #37 0x714a7f in worker_thread /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2122 42 | #38 0x7f53dd5ec6f9 in start_thread (/lib64/libpthread.so.0+0x76f9) 43 | #39 0x7f53dd11cd7e in clone (/lib64/libc.so.6+0x100d7e) 44 | 45 | ==13706==AddressSanitizer: while reporting a bug found another one.Ignoring. 46 | -------------------------------------------------------------------------------- /asan/apache-2.4.34/apache-2.4.34-heap-use-after-free-set_neg_headers-asan-error.1551: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==1551==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190005ecfb8 at pc 0x7ffbd519150d bp 0x7ffb9e9db7d0 sp 0x7ffb9e9db7c0 3 | READ of size 8 at 0x6190005ecfb8 thread T58 4 | #0 0x7ffbd519150c in pool_find memory/unix/apr_pools.c:1962 5 | #1 0x7ffbd5191a7b in apr_pool_walk_tree memory/unix/apr_pools.c:1219 6 | #2 0x7ffbd5191b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 7 | #3 0x7ffbd5191b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 8 | #4 0x7ffbd5191b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 9 | #5 0x7ffbd5191b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 10 | #6 0x7ffbd5191b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 11 | #7 0x7ffbd5191b0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 12 | #8 0x7ffbd5194672 in apr_pool_find memory/unix/apr_pools.c:1979 13 | #9 0x7ffbd517f760 in apr_table_mergen tables/apr_tables.c:746 14 | #10 0x6e792e in set_neg_headers /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/mappers/mod_negotiation.c:2603 15 | #11 0x6e8792 in do_negotiation /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/mappers/mod_negotiation.c:2914 16 | #12 0x6ede81 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/mappers/mod_negotiation.c:2977 17 | #13 0x4accf3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:170 18 | #14 0x4ad880 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:444 19 | #15 0x49b917 in ap_run_sub_req /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/request.c:2477 20 | #16 0x5381b1 in handle_include /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:1880 21 | #17 0x53236b in send_parsed_content /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3717 22 | #18 0x53236b in includes_filter /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3966 23 | #19 0x47a067 in default_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/core.c:4820 24 | #20 0x4accf3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:170 25 | #21 0x4ad880 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:444 26 | #22 0x49b917 in ap_run_sub_req /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/request.c:2477 27 | #23 0x5381b1 in handle_include /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:1880 28 | #24 0x53236b in send_parsed_content /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3717 29 | #25 0x53236b in includes_filter /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3966 30 | #26 0x45b96f in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/util_filter.c:609 31 | #27 0x6ee3c5 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/mappers/mod_negotiation.c:3048 32 | #28 0x4accf3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:170 33 | #29 0x4ad880 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:444 34 | #30 0x56752b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_request.c:791 35 | #31 0x567b55 in ap_die_r /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_request.c:212 36 | #32 0x46de58 in ap_read_request /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/protocol.c:1462 37 | #33 0x55f42e in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_core.c:146 38 | #34 0x55f42e in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_core.c:248 39 | #35 0x4c6c73 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/connection.c:42 40 | #36 0x71124d in process_socket /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:1048 41 | #37 0x714a7f in worker_thread /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2122 42 | #38 0x7ffbd48f06f9 in start_thread (/lib64/libpthread.so.0+0x76f9) 43 | #39 0x7ffbd4420d7e in clone (/lib64/libc.so.6+0x100d7e) 44 | 45 | 0x6190005ecfb8 is located 312 bytes inside of 1040-byte region [0x6190005ece80,0x6190005ed290) 46 | freed by thread T40 here: 47 | #0 0x7ffbd74194e1 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x574e1) 48 | #1 0x7ffbd51926e8 in pool_clear_debug memory/unix/apr_pools.c:1580 49 | 50 | previously allocated by thread T43 here: 51 | #0 0x7ffbd7419772 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57772) 52 | #1 0x7ffbd51918c9 in pool_alloc memory/unix/apr_pools.c:1472 53 | 54 | Thread T58 created by T38 here: 55 | #0 0x7ffbd73e5d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 56 | #1 0x713735 in start_threads /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2312 57 | 58 | Thread T38 created by T0 here: 59 | #0 0x7ffbd73e5d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 60 | #1 0x43e9a0 in child_main /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2516 61 | 62 | Thread T40 created by T38 here: 63 | #0 0x7ffbd73e5d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 64 | #1 0x713735 in start_threads /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2312 65 | 66 | Thread T43 created by T38 here: 67 | #0 0x7ffbd73e5d1a in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x23d1a) 68 | #1 0x713735 in start_threads /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2312 69 | 70 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:1962 pool_find 71 | Shadow bytes around the buggy address: 72 | 0x0c32800b59a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 73 | 0x0c32800b59b0: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 74 | 0x0c32800b59c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 75 | 0x0c32800b59d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 76 | 0x0c32800b59e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 77 | =>0x0c32800b59f0: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd 78 | 0x0c32800b5a00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 79 | 0x0c32800b5a10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 80 | 0x0c32800b5a20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 81 | 0x0c32800b5a30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 82 | 0x0c32800b5a40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 83 | Shadow byte legend (one shadow byte represents 8 application bytes): 84 | Addressable: 00 85 | Partially addressable: 01 02 03 04 05 06 07 86 | Heap left redzone: fa 87 | Heap right redzone: fb 88 | Freed heap region: fd 89 | Stack left redzone: f1 90 | Stack mid redzone: f2 91 | Stack right redzone: f3 92 | Stack partial redzone: f4 93 | Stack after return: f5 94 | Stack use after scope: f8 95 | Global redzone: f9 96 | Global init order: f6 97 | Poisoned by user: f7 98 | Contiguous container OOB:fc 99 | ASan internal: fe 100 | ==1551==ABORTING 101 | -------------------------------------------------------------------------------- /asan/apache-2.4.34/apache-2.4.34-heap-use-after-free-set_neg_headers-asan-error.17333: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==17333==ERROR: AddressSanitizer: heap-use-after-free on address 0x619001062690 at pc 0x7f53dde8d50d bp 0x7f53a9450790 sp 0x7f53a9450780 3 | READ of size 8 at 0x619001062690 thread T55 4 | #0 0x7f53dde8d50c in pool_find memory/unix/apr_pools.c:1962 5 | #1 0x7f53dde8da7b in apr_pool_walk_tree memory/unix/apr_pools.c:1219 6 | #2 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 7 | #3 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 8 | #4 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 9 | #5 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 10 | #6 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 11 | #7 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 12 | #8 0x7f53dde8db0e in apr_pool_walk_tree memory/unix/apr_pools.c:1231 13 | #9 0x7f53dde90672 in apr_pool_find memory/unix/apr_pools.c:1979 14 | #10 0x7f53dde7b760 in apr_table_mergen tables/apr_tables.c:746 15 | #11 0x6e792e in set_neg_headers /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/mappers/mod_negotiation.c:2603 16 | #12 0x6e8792 in do_negotiation /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/mappers/mod_negotiation.c:2914 17 | #13 0x6ede81 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/mappers/mod_negotiation.c:2977 18 | #14 0x4accf3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:170 19 | #15 0x4ad880 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:444 20 | #16 0x49b917 in ap_run_sub_req /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/request.c:2477 21 | #17 0x5381b1 in handle_include /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:1880 22 | #18 0x53236b in send_parsed_content /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3717 23 | #19 0x53236b in includes_filter /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3966 24 | #20 0x47a067 in default_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/core.c:4820 25 | #21 0x4accf3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:170 26 | #22 0x4ad880 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:444 27 | #23 0x49b917 in ap_run_sub_req /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/request.c:2477 28 | #24 0x5381b1 in handle_include /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:1880 29 | #25 0x53236b in send_parsed_content /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3717 30 | #26 0x53236b in includes_filter /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/filters/mod_include.c:3966 31 | #27 0x45b96f in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/util_filter.c:609 32 | #28 0x6ee3c5 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/mappers/mod_negotiation.c:3048 33 | #29 0x4accf3 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:170 34 | #30 0x4ad880 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/config.c:444 35 | #31 0x56752b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_request.c:791 36 | #32 0x567b55 in ap_die_r /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_request.c:212 37 | #33 0x46de58 in ap_read_request /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/protocol.c:1462 38 | #34 0x55f42e in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_core.c:146 39 | #35 0x55f42e in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/modules/http/http_core.c:248 40 | #36 0x4c6c73 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/connection.c:42 41 | #37 0x71124d in process_socket /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:1048 42 | #38 0x714a7f in worker_thread /var/tmp/portage/www-servers/apache-2.4.34-r1/work/httpd-2.4.34/server/mpm/event/event.c:2122 43 | #39 0x7f53dd5ec6f9 in start_thread (/lib64/libpthread.so.0+0x76f9) 44 | #40 0x7f53dd11cd7e in clone (/lib64/libc.so.6+0x100d7e) 45 | 46 | ==17333==AddressSanitizer: while reporting a bug found another one.Ignoring. 47 | -------------------------------------------------------------------------------- /asan/apache-2.4.37/apache-2.4.37-SEGV-ap_add_common_vars-asan-error.1017: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==1017==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f8510c14e5b sp 0x7f84dd960370 bp 0x7f8510c14e20 T53) 3 | #0 0x7f8510c14e5a in pool_find memory/unix/apr_pools.c:2238 4 | #1 0x7f8510c154cb in apr_pool_walk_tree memory/unix/apr_pools.c:1496 5 | #2 0x7f8510c1555e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 6 | #3 0x7f8510c1555e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 7 | #4 0x7f8510c1555e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 8 | #5 0x7f8510c1555e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 9 | #6 0x7f8510c17f12 in apr_pool_find memory/unix/apr_pools.c:2256 10 | #7 0x7f8510c02c4e in apr_table_addn tables/apr_tables.c:823 11 | #8 0x4c2d33 in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/util_script.c:271 12 | #9 0x5363fd in includes_filter /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/filters/mod_include.c:3903 13 | #10 0x45d1af in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/util_filter.c:609 14 | #11 0x6ee0a5 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/mappers/mod_negotiation.c:3048 15 | #12 0x4af333 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/config.c:170 16 | #13 0x4afec0 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/config.c:444 17 | #14 0x569a6b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_request.c:791 18 | #15 0x56a095 in ap_die_r /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_request.c:212 19 | #16 0x56c69e in ap_process_async_request /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_request.c:476 20 | #17 0x561b27 in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_core.c:154 21 | #18 0x561b27 in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_core.c:248 22 | #19 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:42 23 | #20 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:1049 24 | #21 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2082 25 | #22 0x7f851036b779 in start_thread (/lib64/libpthread.so.0+0x7779) 26 | #23 0x7f850fe99b2e in clone (/lib64/libc.so.6+0x102b2e) 27 | 28 | AddressSanitizer can not provide additional info. 29 | SUMMARY: AddressSanitizer: SEGV memory/unix/apr_pools.c:2238 pool_find 30 | Thread T53 created by T38 here: 31 | #0 0x7f8512e769aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 32 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2336 33 | 34 | Thread T38 created by T0 here: 35 | #0 0x7f8512e769aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 36 | #1 0x714ebc in child_main /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2541 37 | 38 | ==1017==ABORTING 39 | -------------------------------------------------------------------------------- /asan/apache-2.4.37/apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.20926: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==20926==ERROR: AddressSanitizer: heap-use-after-free on address 0x61900019d790 at pc 0x7ff99c65bf3a bp 0x7ff96ede6240 sp 0x7ff96ede6230 3 | READ of size 8 at 0x61900019d790 thread T45 4 | #0 0x7ff99c65bf39 in pool_find memory/unix/apr_pools.c:2239 5 | #1 0x7ff99c65c49b in apr_pool_walk_tree memory/unix/apr_pools.c:1496 6 | #2 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 7 | #3 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 8 | #4 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 9 | #5 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 10 | #6 0x7ff99c65ee92 in apr_pool_find memory/unix/apr_pools.c:2256 11 | #7 0x7ff99c649c4e in apr_table_addn tables/apr_tables.c:823 12 | #8 0x4c2b7f in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/util_script.c:256 13 | #9 0x5363fd in includes_filter /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/filters/mod_include.c:3903 14 | #10 0x45d1af in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/util_filter.c:609 15 | #11 0x6ee0a5 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/mappers/mod_negotiation.c:3048 16 | #12 0x4af333 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/config.c:170 17 | #13 0x4afec0 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/config.c:444 18 | #14 0x569a6b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http/http_request.c:791 19 | #15 0x56a095 in ap_die_r /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http/http_request.c:212 20 | #16 0x46e16f in ap_read_request /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/protocol.c:1339 21 | #17 0x5619ce in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http/http_core.c:146 22 | #18 0x5619ce in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http/http_core.c:248 23 | #19 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:42 24 | #20 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:1049 25 | #21 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2082 26 | #22 0x7ff99bdb2779 in start_thread (/lib64/libpthread.so.0+0x7779) 27 | #23 0x7ff99b8e0b2e in clone (/lib64/libc.so.6+0x102b2e) 28 | 29 | 0x61900019d790 is located 16 bytes inside of 1040-byte region [0x61900019d780,0x61900019db90) 30 | freed by thread T54 here: 31 | #0 0x7ff99e8f0171 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57171) 32 | #1 0x7ff99c65d0f4 in pool_clear_debug memory/unix/apr_pools.c:1857 33 | #2 0x7ff99c65c94b in pool_destroy_debug memory/unix/apr_pools.c:1915 34 | #3 0x65e6f9 in h2_session_pre_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_session.c:2357 35 | #4 0x62333b in h2_conn_pre_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_conn.c:254 36 | #5 0x4c9803 in ap_run_pre_close_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:44 37 | #6 0x4c9aa8 in ap_prep_lingering_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:101 38 | #7 0x4c9afd in ap_start_lingering_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:129 39 | #8 0x710e49 in start_lingering_close_blocking /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:805 40 | #9 0x710e49 in process_socket /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:1209 41 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2082 42 | #11 0x7ff99bdb2779 in start_thread (/lib64/libpthread.so.0+0x7779) 43 | #12 0x7ff99b8e0b2e in clone (/lib64/libc.so.6+0x102b2e) 44 | 45 | previously allocated by thread T54 here: 46 | #0 0x7ff99e8f0402 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57402) 47 | #1 0x7ff99c65c2f1 in pool_alloc memory/unix/apr_pools.c:1749 48 | #2 0x7ff99c65df9d in apr_pcalloc_debug memory/unix/apr_pools.c:1797 49 | #3 0x7ff99c65ba57 in apr_thread_mutex_create locks/unix/thread_mutex.c:50 50 | #4 0x7ff99c65e4e0 in apr_pool_create_ex_debug memory/unix/apr_pools.c:2038 51 | #5 0x647256 in h2_session_create_int /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_session.c:800 52 | #6 0x622b37 in h2_conn_setup /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_conn.c:190 53 | #7 0x62c390 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_h2.c:651 54 | #8 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:42 55 | #9 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:1049 56 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2082 57 | #11 0x7ff99bdb2779 in start_thread (/lib64/libpthread.so.0+0x7779) 58 | #12 0x7ff99b8e0b2e in clone (/lib64/libc.so.6+0x102b2e) 59 | 60 | Thread T45 created by T38 here: 61 | #0 0x7ff99e8bc9aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 62 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2336 63 | 64 | Thread T38 created by T0 here: 65 | #0 0x7ff99e8bc9aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 66 | #1 0x714ebc in child_main /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2541 67 | 68 | Thread T54 created by T38 here: 69 | #0 0x7ff99e8bc9aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 70 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2336 71 | 72 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:2239 pool_find 73 | Shadow bytes around the buggy address: 74 | 0x0c328002baa0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 75 | 0x0c328002bab0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 76 | 0x0c328002bac0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 77 | 0x0c328002bad0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 78 | 0x0c328002bae0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 79 | =>0x0c328002baf0: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd 80 | 0x0c328002bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 81 | 0x0c328002bb10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 82 | 0x0c328002bb20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 83 | 0x0c328002bb30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 84 | 0x0c328002bb40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 85 | Shadow byte legend (one shadow byte represents 8 application bytes): 86 | Addressable: 00 87 | Partially addressable: 01 02 03 04 05 06 07 88 | Heap left redzone: fa 89 | Heap right redzone: fb 90 | Freed heap region: fd 91 | Stack left redzone: f1 92 | Stack mid redzone: f2 93 | Stack right redzone: f3 94 | Stack partial redzone: f4 95 | Stack after return: f5 96 | Stack use after scope: f8 97 | Global redzone: f9 98 | Global init order: f6 99 | Poisoned by user: f7 100 | Contiguous container OOB:fc 101 | ASan internal: fe 102 | ==20926==ABORTING 103 | -------------------------------------------------------------------------------- /asan/apache-2.4.37/apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.22157: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==22157==ERROR: AddressSanitizer: heap-use-after-free on address 0x61900019d780 at pc 0x7f8510c14f4d bp 0x7f84de467240 sp 0x7f84de467230 3 | READ of size 8 at 0x61900019d780 thread T52 4 | #0 0x7f8510c14f4c in pool_find memory/unix/apr_pools.c:2246 5 | #1 0x7f8510c154cb in apr_pool_walk_tree memory/unix/apr_pools.c:1496 6 | #2 0x7f8510c1555e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 7 | #3 0x7f8510c1555e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 8 | #4 0x7f8510c1555e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 9 | #5 0x7f8510c1555e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 10 | #6 0x7f8510c17f12 in apr_pool_find memory/unix/apr_pools.c:2256 11 | #7 0x7f8510c02c21 in apr_table_addn tables/apr_tables.c:819 12 | #8 0x4c2b97 in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/util_script.c:257 13 | #9 0x5363fd in includes_filter /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/filters/mod_include.c:3903 14 | #10 0x45d1af in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/util_filter.c:609 15 | #11 0x6ee0a5 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/mappers/mod_negotiation.c:3048 16 | #12 0x4af333 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/config.c:170 17 | #13 0x4afec0 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/config.c:444 18 | #14 0x569a6b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_request.c:791 19 | #15 0x56a095 in ap_die_r /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_request.c:212 20 | #16 0x46e16f in ap_read_request /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/protocol.c:1339 21 | #17 0x5619ce in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_core.c:146 22 | #18 0x5619ce in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_core.c:248 23 | #19 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:42 24 | #20 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:1049 25 | #21 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2082 26 | #22 0x7f851036b779 in start_thread (/lib64/libpthread.so.0+0x7779) 27 | #23 0x7f850fe99b2e in clone (/lib64/libc.so.6+0x102b2e) 28 | 29 | 0x61900019d780 is located 0 bytes inside of 1040-byte region [0x61900019d780,0x61900019db90) 30 | freed by thread T61 here: 31 | #0 0x7f8512eaa171 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57171) 32 | #1 0x7f8510c16138 in pool_clear_debug memory/unix/apr_pools.c:1857 33 | #2 0x7f8510c1597b in pool_destroy_debug memory/unix/apr_pools.c:1915 34 | #3 0x65e6f9 in h2_session_pre_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_session.c:2357 35 | #4 0x62333b in h2_conn_pre_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_conn.c:254 36 | #5 0x4c9803 in ap_run_pre_close_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:44 37 | #6 0x4c9aa8 in ap_prep_lingering_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:101 38 | #7 0x4c9afd in ap_start_lingering_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:129 39 | #8 0x710e49 in start_lingering_close_blocking /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:805 40 | #9 0x710e49 in process_socket /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:1209 41 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2082 42 | #11 0x7f851036b779 in start_thread (/lib64/libpthread.so.0+0x7779) 43 | #12 0x7f850fe99b2e in clone (/lib64/libc.so.6+0x102b2e) 44 | 45 | previously allocated by thread T61 here: 46 | #0 0x7f8512eaa402 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57402) 47 | #1 0x7f8510c15319 in pool_alloc memory/unix/apr_pools.c:1749 48 | #2 0x7f8510c16fed in apr_pcalloc_debug memory/unix/apr_pools.c:1797 49 | #3 0x7f8510c14a57 in apr_thread_mutex_create locks/unix/thread_mutex.c:50 50 | #4 0x7f8510c17530 in apr_pool_create_ex_debug memory/unix/apr_pools.c:2038 51 | #5 0x647256 in h2_session_create_int /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_session.c:800 52 | #6 0x622b37 in h2_conn_setup /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_conn.c:190 53 | #7 0x62c390 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_h2.c:651 54 | #8 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:42 55 | #9 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:1049 56 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2082 57 | #11 0x7f851036b779 in start_thread (/lib64/libpthread.so.0+0x7779) 58 | #12 0x7f850fe99b2e in clone (/lib64/libc.so.6+0x102b2e) 59 | 60 | Thread T52 created by T38 here: 61 | #0 0x7f8512e769aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 62 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2336 63 | 64 | Thread T38 created by T0 here: 65 | #0 0x7f8512e769aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 66 | #1 0x714ebc in child_main /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2541 67 | 68 | Thread T61 created by T38 here: 69 | #0 0x7f8512e769aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 70 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2336 71 | 72 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:2246 pool_find 73 | Shadow bytes around the buggy address: 74 | 0x0c328002baa0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 75 | 0x0c328002bab0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 76 | 0x0c328002bac0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 77 | 0x0c328002bad0: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 78 | 0x0c328002bae0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 79 | =>0x0c328002baf0:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 80 | 0x0c328002bb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 81 | 0x0c328002bb10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 82 | 0x0c328002bb20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 83 | 0x0c328002bb30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 84 | 0x0c328002bb40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 85 | Shadow byte legend (one shadow byte represents 8 application bytes): 86 | Addressable: 00 87 | Partially addressable: 01 02 03 04 05 06 07 88 | Heap left redzone: fa 89 | Heap right redzone: fb 90 | Freed heap region: fd 91 | Stack left redzone: f1 92 | Stack mid redzone: f2 93 | Stack right redzone: f3 94 | Stack partial redzone: f4 95 | Stack after return: f5 96 | Stack use after scope: f8 97 | Global redzone: f9 98 | Global init order: f6 99 | Poisoned by user: f7 100 | Contiguous container OOB:fc 101 | ASan internal: fe 102 | ==22157==ABORTING 103 | -------------------------------------------------------------------------------- /asan/apache-2.4.37/apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.22341: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==22341==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190001f09a0 at pc 0x7f8510c14f5d bp 0x7f84d8c2f240 sp 0x7f84d8c2f230 3 | READ of size 8 at 0x6190001f09a0 thread T60 4 | #0 0x7f8510c14f5c in pool_find memory/unix/apr_pools.c:2239 5 | #1 0x7f8510c154cb in apr_pool_walk_tree memory/unix/apr_pools.c:1496 6 | #2 0x7f8510c1555e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 7 | #3 0x7f8510c1555e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 8 | #4 0x7f8510c1555e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 9 | #5 0x7f8510c1555e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 10 | #6 0x7f8510c17f12 in apr_pool_find memory/unix/apr_pools.c:2256 11 | #7 0x7f8510c02c4e in apr_table_addn tables/apr_tables.c:823 12 | #8 0x4c2af7 in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/util_script.c:251 13 | #9 0x5363fd in includes_filter /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/filters/mod_include.c:3903 14 | #10 0x45d1af in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/util_filter.c:609 15 | #11 0x6ee0a5 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/mappers/mod_negotiation.c:3048 16 | #12 0x4af333 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/config.c:170 17 | #13 0x4afec0 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/config.c:444 18 | #14 0x569a6b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_request.c:791 19 | #15 0x56a095 in ap_die_r /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_request.c:212 20 | #16 0x46e16f in ap_read_request /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/protocol.c:1339 21 | #17 0x5619ce in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_core.c:146 22 | #18 0x5619ce in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_core.c:248 23 | #19 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:42 24 | #20 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:1049 25 | #21 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2082 26 | #22 0x7f851036b779 in start_thread (/lib64/libpthread.so.0+0x7779) 27 | #23 0x7f850fe99b2e in clone (/lib64/libc.so.6+0x102b2e) 28 | 29 | 0x6190001f09a0 is located 32 bytes inside of 1040-byte region [0x6190001f0980,0x6190001f0d90) 30 | freed by thread T45 here: 31 | #0 0x7f8512eaa171 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57171) 32 | #1 0x7f8510c16138 in pool_clear_debug memory/unix/apr_pools.c:1857 33 | #2 0x7f8510c1597b in pool_destroy_debug memory/unix/apr_pools.c:1915 34 | #3 0x65e6f9 in h2_session_pre_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_session.c:2357 35 | #4 0x62333b in h2_conn_pre_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_conn.c:254 36 | #5 0x4c9803 in ap_run_pre_close_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:44 37 | #6 0x4c9aa8 in ap_prep_lingering_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:101 38 | #7 0x4c9afd in ap_start_lingering_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:129 39 | #8 0x710e49 in start_lingering_close_blocking /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:805 40 | #9 0x710e49 in process_socket /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:1209 41 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2082 42 | #11 0x7f851036b779 in start_thread (/lib64/libpthread.so.0+0x7779) 43 | #12 0x7f850fe99b2e in clone (/lib64/libc.so.6+0x102b2e) 44 | 45 | previously allocated by thread T45 here: 46 | #0 0x7f8512eaa402 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57402) 47 | #1 0x7f8510c15319 in pool_alloc memory/unix/apr_pools.c:1749 48 | #2 0x7f8510c16fed in apr_pcalloc_debug memory/unix/apr_pools.c:1797 49 | #3 0x7f8510c14a57 in apr_thread_mutex_create locks/unix/thread_mutex.c:50 50 | #4 0x7f8510c17530 in apr_pool_create_ex_debug memory/unix/apr_pools.c:2038 51 | #5 0x647256 in h2_session_create_int /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_session.c:800 52 | #6 0x622b37 in h2_conn_setup /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_conn.c:190 53 | #7 0x62c390 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_h2.c:651 54 | #8 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:42 55 | #9 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:1049 56 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2082 57 | #11 0x7f851036b779 in start_thread (/lib64/libpthread.so.0+0x7779) 58 | #12 0x7f850fe99b2e in clone (/lib64/libc.so.6+0x102b2e) 59 | 60 | Thread T60 created by T38 here: 61 | #0 0x7f8512e769aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 62 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2336 63 | 64 | Thread T38 created by T0 here: 65 | #0 0x7f8512e769aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 66 | #1 0x714ebc in child_main /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2541 67 | 68 | Thread T45 created by T38 here: 69 | #0 0x7f8512e769aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 70 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2336 71 | 72 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:2239 pool_find 73 | Shadow bytes around the buggy address: 74 | 0x0c32800360e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 75 | 0x0c32800360f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 76 | 0x0c3280036100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 77 | 0x0c3280036110: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 78 | 0x0c3280036120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 79 | =>0x0c3280036130: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd 80 | 0x0c3280036140: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 81 | 0x0c3280036150: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 82 | 0x0c3280036160: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 83 | 0x0c3280036170: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 84 | 0x0c3280036180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 85 | Shadow byte legend (one shadow byte represents 8 application bytes): 86 | Addressable: 00 87 | Partially addressable: 01 02 03 04 05 06 07 88 | Heap left redzone: fa 89 | Heap right redzone: fb 90 | Freed heap region: fd 91 | Stack left redzone: f1 92 | Stack mid redzone: f2 93 | Stack right redzone: f3 94 | Stack partial redzone: f4 95 | Stack after return: f5 96 | Stack use after scope: f8 97 | Global redzone: f9 98 | Global init order: f6 99 | Poisoned by user: f7 100 | Contiguous container OOB:fc 101 | ASan internal: fe 102 | ==22341==ABORTING 103 | -------------------------------------------------------------------------------- /asan/apache-2.4.37/apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.25655: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==25655==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190002daf88 at pc 0x7f2f4d3b2f35 bp 0x7f2f18cf7360 sp 0x7f2f18cf7350 3 | READ of size 4 at 0x6190002daf88 thread T55 4 | #0 0x7f2f4d3b2f34 in pool_find memory/unix/apr_pools.c:2238 5 | #1 0x7f2f4d3b34cb in apr_pool_walk_tree memory/unix/apr_pools.c:1496 6 | #2 0x7f2f4d3b355e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 7 | #3 0x7f2f4d3b355e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 8 | #4 0x7f2f4d3b355e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 9 | #5 0x7f2f4d3b355e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 10 | #6 0x7f2f4d3b5f12 in apr_pool_find memory/unix/apr_pools.c:2256 11 | #7 0x7f2f4d3a0c21 in apr_table_addn tables/apr_tables.c:819 12 | #8 0x4c2a29 in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/util_script.c:221 13 | #9 0x5363fd in includes_filter /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/filters/mod_include.c:3903 14 | #10 0x45d1af in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/util_filter.c:609 15 | #11 0x6ee0a5 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/mappers/mod_negotiation.c:3048 16 | #12 0x4af333 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/config.c:170 17 | #13 0x4afec0 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/config.c:444 18 | #14 0x569a6b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_request.c:791 19 | #15 0x56a095 in ap_die_r /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_request.c:212 20 | #16 0x56c69e in ap_process_async_request /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_request.c:476 21 | #17 0x561b27 in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_core.c:154 22 | #18 0x561b27 in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_core.c:248 23 | #19 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:42 24 | #20 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:1049 25 | #21 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2082 26 | #22 0x7f2f4cb09779 in start_thread (/lib64/libpthread.so.0+0x7779) 27 | #23 0x7f2f4c637b2e in clone (/lib64/libc.so.6+0x102b2e) 28 | 29 | 0x6190002daf88 is located 8 bytes inside of 1040-byte region [0x6190002daf80,0x6190002db390) 30 | freed by thread T63 here: 31 | #0 0x7f2f4f648171 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57171) 32 | #1 0x7f2f4d3b4138 in pool_clear_debug memory/unix/apr_pools.c:1857 33 | #2 0x7f2f4d3b397b in pool_destroy_debug memory/unix/apr_pools.c:1915 34 | #3 0x65e6f9 in h2_session_pre_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_session.c:2357 35 | #4 0x62333b in h2_conn_pre_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_conn.c:254 36 | #5 0x4c9803 in ap_run_pre_close_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:44 37 | #6 0x4c9aa8 in ap_prep_lingering_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:101 38 | #7 0x4c9afd in ap_start_lingering_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:129 39 | #8 0x710e49 in start_lingering_close_blocking /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:805 40 | #9 0x710e49 in process_socket /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:1209 41 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2082 42 | #11 0x7f2f4cb09779 in start_thread (/lib64/libpthread.so.0+0x7779) 43 | #12 0x7f2f4c637b2e in clone (/lib64/libc.so.6+0x102b2e) 44 | 45 | previously allocated by thread T63 here: 46 | #0 0x7f2f4f648402 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57402) 47 | #1 0x7f2f4d3b3319 in pool_alloc memory/unix/apr_pools.c:1749 48 | #2 0x7f2f4d3b4fed in apr_pcalloc_debug memory/unix/apr_pools.c:1797 49 | #3 0x7f2f4d3b2a57 in apr_thread_mutex_create locks/unix/thread_mutex.c:50 50 | #4 0x7f2f4d3b5530 in apr_pool_create_ex_debug memory/unix/apr_pools.c:2038 51 | #5 0x647256 in h2_session_create_int /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_session.c:800 52 | #6 0x622b37 in h2_conn_setup /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_conn.c:190 53 | #7 0x62c390 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_h2.c:651 54 | #8 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:42 55 | #9 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:1049 56 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2082 57 | #11 0x7f2f4cb09779 in start_thread (/lib64/libpthread.so.0+0x7779) 58 | #12 0x7f2f4c637b2e in clone (/lib64/libc.so.6+0x102b2e) 59 | 60 | Thread T55 created by T38 here: 61 | #0 0x7f2f4f6149aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 62 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2336 63 | 64 | Thread T38 created by T0 here: 65 | #0 0x7f2f4f6149aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 66 | #1 0x714ebc in child_main /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2541 67 | 68 | Thread T63 created by T38 here: 69 | #0 0x7f2f4f6149aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 70 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2336 71 | 72 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:2238 pool_find 73 | Shadow bytes around the buggy address: 74 | 0x0c32800535a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 75 | 0x0c32800535b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 76 | 0x0c32800535c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 77 | 0x0c32800535d0: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 78 | 0x0c32800535e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 79 | =>0x0c32800535f0: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd 80 | 0x0c3280053600: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 81 | 0x0c3280053610: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 82 | 0x0c3280053620: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 83 | 0x0c3280053630: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 84 | 0x0c3280053640: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 85 | Shadow byte legend (one shadow byte represents 8 application bytes): 86 | Addressable: 00 87 | Partially addressable: 01 02 03 04 05 06 07 88 | Heap left redzone: fa 89 | Heap right redzone: fb 90 | Freed heap region: fd 91 | Stack left redzone: f1 92 | Stack mid redzone: f2 93 | Stack right redzone: f3 94 | Stack partial redzone: f4 95 | Stack after return: f5 96 | Stack use after scope: f8 97 | Global redzone: f9 98 | Global init order: f6 99 | Poisoned by user: f7 100 | Contiguous container OOB:fc 101 | ASan internal: fe 102 | ==25655==ABORTING 103 | -------------------------------------------------------------------------------- /asan/apache-2.4.37/apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.31096: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==31096==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190001fdb90 at pc 0x7ff99c65bf3a bp 0x7ff973010240 sp 0x7ff973010230 3 | READ of size 8 at 0x6190001fdb90 thread T39 4 | #0 0x7ff99c65bf39 in pool_find memory/unix/apr_pools.c:2239 5 | #1 0x7ff99c65c49b in apr_pool_walk_tree memory/unix/apr_pools.c:1496 6 | #2 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 7 | #3 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 8 | #4 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 9 | #5 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 10 | #6 0x7ff99c65ee92 in apr_pool_find memory/unix/apr_pools.c:2256 11 | #7 0x7ff99c649c21 in apr_table_addn tables/apr_tables.c:819 12 | #8 0x4c2d33 in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/util_script.c:271 13 | #9 0x5363fd in includes_filter /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/filters/mod_include.c:3903 14 | #10 0x45d1af in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/util_filter.c:609 15 | #11 0x6ee0a5 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/mappers/mod_negotiation.c:3048 16 | #12 0x4af333 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/config.c:170 17 | #13 0x4afec0 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/config.c:444 18 | #14 0x569a6b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http/http_request.c:791 19 | #15 0x56a095 in ap_die_r /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http/http_request.c:212 20 | #16 0x46e16f in ap_read_request /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/protocol.c:1339 21 | #17 0x5619ce in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http/http_core.c:146 22 | #18 0x5619ce in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http/http_core.c:248 23 | #19 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:42 24 | #20 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:1049 25 | #21 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2082 26 | #22 0x7ff99bdb2779 in start_thread (/lib64/libpthread.so.0+0x7779) 27 | #23 0x7ff99b8e0b2e in clone (/lib64/libc.so.6+0x102b2e) 28 | 29 | 0x6190001fdb90 is located 16 bytes inside of 1040-byte region [0x6190001fdb80,0x6190001fdf90) 30 | freed by thread T62 here: 31 | #0 0x7ff99e8f0171 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57171) 32 | #1 0x7ff99c65d0f4 in pool_clear_debug memory/unix/apr_pools.c:1857 33 | #2 0x7ff99c65c94b in pool_destroy_debug memory/unix/apr_pools.c:1915 34 | #3 0x65e6f9 in h2_session_pre_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_session.c:2357 35 | #4 0x62333b in h2_conn_pre_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_conn.c:254 36 | #5 0x4c9803 in ap_run_pre_close_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:44 37 | #6 0x4c9aa8 in ap_prep_lingering_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:101 38 | #7 0x4c9afd in ap_start_lingering_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:129 39 | #8 0x710e49 in start_lingering_close_blocking /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:805 40 | #9 0x710e49 in process_socket /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:1209 41 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2082 42 | #11 0x7ff99bdb2779 in start_thread (/lib64/libpthread.so.0+0x7779) 43 | #12 0x7ff99b8e0b2e in clone (/lib64/libc.so.6+0x102b2e) 44 | 45 | previously allocated by thread T62 here: 46 | #0 0x7ff99e8f0402 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57402) 47 | #1 0x7ff99c65c2f1 in pool_alloc memory/unix/apr_pools.c:1749 48 | #2 0x7ff99c65df9d in apr_pcalloc_debug memory/unix/apr_pools.c:1797 49 | #3 0x7ff99c65ba57 in apr_thread_mutex_create locks/unix/thread_mutex.c:50 50 | #4 0x7ff99c65e4e0 in apr_pool_create_ex_debug memory/unix/apr_pools.c:2038 51 | #5 0x647256 in h2_session_create_int /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_session.c:800 52 | #6 0x622b37 in h2_conn_setup /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_conn.c:190 53 | #7 0x62c390 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_h2.c:651 54 | #8 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:42 55 | #9 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:1049 56 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2082 57 | #11 0x7ff99bdb2779 in start_thread (/lib64/libpthread.so.0+0x7779) 58 | #12 0x7ff99b8e0b2e in clone (/lib64/libc.so.6+0x102b2e) 59 | 60 | Thread T39 created by T38 here: 61 | #0 0x7ff99e8bc9aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 62 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2336 63 | 64 | Thread T38 created by T0 here: 65 | #0 0x7ff99e8bc9aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 66 | #1 0x714ebc in child_main /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2541 67 | 68 | Thread T62 created by T38 here: 69 | #0 0x7ff99e8bc9aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 70 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2336 71 | 72 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:2239 pool_find 73 | Shadow bytes around the buggy address: 74 | 0x0c3280037b20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 75 | 0x0c3280037b30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 76 | 0x0c3280037b40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 77 | 0x0c3280037b50: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 78 | 0x0c3280037b60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 79 | =>0x0c3280037b70: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd 80 | 0x0c3280037b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 81 | 0x0c3280037b90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 82 | 0x0c3280037ba0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 83 | 0x0c3280037bb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 84 | 0x0c3280037bc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 85 | Shadow byte legend (one shadow byte represents 8 application bytes): 86 | Addressable: 00 87 | Partially addressable: 01 02 03 04 05 06 07 88 | Heap left redzone: fa 89 | Heap right redzone: fb 90 | Freed heap region: fd 91 | Stack left redzone: f1 92 | Stack mid redzone: f2 93 | Stack right redzone: f3 94 | Stack partial redzone: f4 95 | Stack after return: f5 96 | Stack use after scope: f8 97 | Global redzone: f9 98 | Global init order: f6 99 | Poisoned by user: f7 100 | Contiguous container OOB:fc 101 | ASan internal: fe 102 | ==31096==ABORTING 103 | -------------------------------------------------------------------------------- /asan/apache-2.4.37/apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.32650: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==32650==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190002599e0 at pc 0x7f2f4d3b2f5d bp 0x7f2f26983460 sp 0x7f2f26983450 3 | READ of size 8 at 0x6190002599e0 thread T35 4 | #0 0x7f2f4d3b2f5c in pool_find memory/unix/apr_pools.c:2239 5 | #1 0x7f2f4d3b34cb in apr_pool_walk_tree memory/unix/apr_pools.c:1496 6 | #2 0x7f2f4d3b355e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 7 | #3 0x7f2f4d3b355e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 8 | #4 0x7f2f4d3b355e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 9 | #5 0x7f2f4d3b355e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 10 | #6 0x7f2f4d3b5f12 in apr_pool_find memory/unix/apr_pools.c:2256 11 | #7 0x7f2f4d3a0c4e in apr_table_addn tables/apr_tables.c:823 12 | #8 0x4c2a29 in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/util_script.c:221 13 | #9 0x5363fd in includes_filter /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/filters/mod_include.c:3903 14 | #10 0x45d1af in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/util_filter.c:609 15 | #11 0x6ee0a5 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/mappers/mod_negotiation.c:3048 16 | #12 0x4af333 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/config.c:170 17 | #13 0x4afec0 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/config.c:444 18 | #14 0x569a6b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_request.c:791 19 | #15 0x56a095 in ap_die_r /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_request.c:212 20 | #16 0x56c69e in ap_process_async_request /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_request.c:476 21 | #17 0x56d34a in ap_process_request /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http/http_request.c:488 22 | #18 0x6714c5 in h2_task_process_request /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_task.c:684 23 | #19 0x6714c5 in h2_task_process_conn /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_task.c:732 24 | #20 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:42 25 | #21 0x675631 in h2_task_do /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_task.c:635 26 | #22 0x680979 in slot_run /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_workers.c:231 27 | #23 0x7f2f4cb09779 in start_thread (/lib64/libpthread.so.0+0x7779) 28 | #24 0x7f2f4c637b2e in clone (/lib64/libc.so.6+0x102b2e) 29 | 30 | 0x6190002599e0 is located 96 bytes inside of 1040-byte region [0x619000259980,0x619000259d90) 31 | freed by thread T57 here: 32 | #0 0x7f2f4f648171 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57171) 33 | #1 0x7f2f4d3b4138 in pool_clear_debug memory/unix/apr_pools.c:1857 34 | #2 0x7f2f4d3b397b in pool_destroy_debug memory/unix/apr_pools.c:1915 35 | #3 0x65e6f9 in h2_session_pre_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_session.c:2357 36 | #4 0x62333b in h2_conn_pre_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_conn.c:254 37 | #5 0x4c9803 in ap_run_pre_close_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:44 38 | #6 0x4c9aa8 in ap_prep_lingering_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:101 39 | #7 0x4c9afd in ap_start_lingering_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:129 40 | #8 0x710e49 in start_lingering_close_blocking /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:805 41 | #9 0x710e49 in process_socket /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:1209 42 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2082 43 | #11 0x7f2f4cb09779 in start_thread (/lib64/libpthread.so.0+0x7779) 44 | #12 0x7f2f4c637b2e in clone (/lib64/libc.so.6+0x102b2e) 45 | 46 | previously allocated by thread T57 here: 47 | #0 0x7f2f4f648402 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57402) 48 | #1 0x7f2f4d3b3319 in pool_alloc memory/unix/apr_pools.c:1749 49 | #2 0x7f2f4d3b4fed in apr_pcalloc_debug memory/unix/apr_pools.c:1797 50 | #3 0x7f2f4d3b2a57 in apr_thread_mutex_create locks/unix/thread_mutex.c:50 51 | #4 0x7f2f4d3b5530 in apr_pool_create_ex_debug memory/unix/apr_pools.c:2038 52 | #5 0x647256 in h2_session_create_int /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_session.c:800 53 | #6 0x622b37 in h2_conn_setup /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_conn.c:190 54 | #7 0x62c390 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_h2.c:651 55 | #8 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:42 56 | #9 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:1049 57 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2082 58 | #11 0x7f2f4cb09779 in start_thread (/lib64/libpthread.so.0+0x7779) 59 | #12 0x7f2f4c637b2e in clone (/lib64/libc.so.6+0x102b2e) 60 | 61 | Thread T35 created by T0 here: 62 | #0 0x7f2f4f6149aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 63 | #1 0x6805dd in activate_slot /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_workers.c:106 64 | 65 | Thread T57 created by T38 here: 66 | #0 0x7f2f4f6149aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 67 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2336 68 | 69 | Thread T38 created by T0 here: 70 | #0 0x7f2f4f6149aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 71 | #1 0x714ebc in child_main /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2541 72 | 73 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:2239 pool_find 74 | Shadow bytes around the buggy address: 75 | 0x0c32800432e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 76 | 0x0c32800432f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 77 | 0x0c3280043300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 | 0x0c3280043310: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa 79 | 0x0c3280043320: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 80 | =>0x0c3280043330: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd 81 | 0x0c3280043340: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 82 | 0x0c3280043350: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 83 | 0x0c3280043360: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 84 | 0x0c3280043370: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 85 | 0x0c3280043380: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 86 | Shadow byte legend (one shadow byte represents 8 application bytes): 87 | Addressable: 00 88 | Partially addressable: 01 02 03 04 05 06 07 89 | Heap left redzone: fa 90 | Heap right redzone: fb 91 | Freed heap region: fd 92 | Stack left redzone: f1 93 | Stack mid redzone: f2 94 | Stack right redzone: f3 95 | Stack partial redzone: f4 96 | Stack after return: f5 97 | Stack use after scope: f8 98 | Global redzone: f9 99 | Global init order: f6 100 | Poisoned by user: f7 101 | Contiguous container OOB:fc 102 | ASan internal: fe 103 | ==32650==ABORTING 104 | -------------------------------------------------------------------------------- /asan/apache-2.4.37/apache-2.4.37-heap-use-after-free-ap_add_common_vars-asan-error.6234: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==6234==ERROR: AddressSanitizer: heap-use-after-free on address 0x61900017de90 at pc 0x7ff99c65bf3a bp 0x7ff979e56460 sp 0x7ff979e56450 3 | READ of size 8 at 0x61900017de90 thread T29 4 | #0 0x7ff99c65bf39 in pool_find memory/unix/apr_pools.c:2239 5 | #1 0x7ff99c65c49b in apr_pool_walk_tree memory/unix/apr_pools.c:1496 6 | #2 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 7 | #3 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 8 | #4 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 9 | #5 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 10 | #6 0x7ff99c65ee92 in apr_pool_find memory/unix/apr_pools.c:2256 11 | #7 0x7ff99c649c4e in apr_table_addn tables/apr_tables.c:823 12 | #8 0x4c2a29 in ap_add_common_vars /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/util_script.c:221 13 | #9 0x5363fd in includes_filter /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/filters/mod_include.c:3903 14 | #10 0x45d1af in ap_pass_brigade_fchk /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/util_filter.c:609 15 | #11 0x6ee0a5 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/mappers/mod_negotiation.c:3048 16 | #12 0x4af333 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/config.c:170 17 | #13 0x4afec0 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/config.c:444 18 | #14 0x569a6b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http/http_request.c:791 19 | #15 0x56a095 in ap_die_r /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http/http_request.c:212 20 | #16 0x56c69e in ap_process_async_request /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http/http_request.c:476 21 | #17 0x56d34a in ap_process_request /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http/http_request.c:488 22 | #18 0x6714c5 in h2_task_process_request /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_task.c:684 23 | #19 0x6714c5 in h2_task_process_conn /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_task.c:732 24 | #20 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:42 25 | #21 0x675631 in h2_task_do /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_task.c:635 26 | #22 0x680979 in slot_run /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_workers.c:231 27 | #23 0x7ff99bdb2779 in start_thread (/lib64/libpthread.so.0+0x7779) 28 | #24 0x7ff99b8e0b2e in clone (/lib64/libc.so.6+0x102b2e) 29 | 30 | 0x61900017de90 is located 16 bytes inside of 1040-byte region [0x61900017de80,0x61900017e290) 31 | freed by thread T42 here: 32 | #0 0x7ff99e8f0171 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57171) 33 | #1 0x7ff99c65d0f4 in pool_clear_debug memory/unix/apr_pools.c:1857 34 | #2 0x7ff99c65c94b in pool_destroy_debug memory/unix/apr_pools.c:1915 35 | #3 0x65e6f9 in h2_session_pre_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_session.c:2357 36 | #4 0x62333b in h2_conn_pre_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_conn.c:254 37 | #5 0x4c9803 in ap_run_pre_close_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:44 38 | #6 0x4c9aa8 in ap_prep_lingering_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:101 39 | #7 0x4c9afd in ap_start_lingering_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:129 40 | #8 0x710e49 in start_lingering_close_blocking /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:805 41 | #9 0x710e49 in process_socket /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:1209 42 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2082 43 | #11 0x7ff99bdb2779 in start_thread (/lib64/libpthread.so.0+0x7779) 44 | #12 0x7ff99b8e0b2e in clone (/lib64/libc.so.6+0x102b2e) 45 | 46 | previously allocated by thread T42 here: 47 | #0 0x7ff99e8f0402 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57402) 48 | #1 0x7ff99c65c2f1 in pool_alloc memory/unix/apr_pools.c:1749 49 | #2 0x7ff99c65df9d in apr_pcalloc_debug memory/unix/apr_pools.c:1797 50 | #3 0x7ff99c65ba57 in apr_thread_mutex_create locks/unix/thread_mutex.c:50 51 | #4 0x7ff99c65e4e0 in apr_pool_create_ex_debug memory/unix/apr_pools.c:2038 52 | #5 0x647256 in h2_session_create_int /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_session.c:800 53 | #6 0x622b37 in h2_conn_setup /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_conn.c:190 54 | #7 0x62c390 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_h2.c:651 55 | #8 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:42 56 | #9 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:1049 57 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2082 58 | #11 0x7ff99bdb2779 in start_thread (/lib64/libpthread.so.0+0x7779) 59 | #12 0x7ff99b8e0b2e in clone (/lib64/libc.so.6+0x102b2e) 60 | 61 | Thread T29 created by T0 here: 62 | #0 0x7ff99e8bc9aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 63 | #1 0x6805dd in activate_slot /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_workers.c:106 64 | 65 | Thread T42 created by T38 here: 66 | #0 0x7ff99e8bc9aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 67 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2336 68 | 69 | Thread T38 created by T0 here: 70 | #0 0x7ff99e8bc9aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 71 | #1 0x714ebc in child_main /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2541 72 | 73 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:2239 pool_find 74 | Shadow bytes around the buggy address: 75 | 0x0c3280027b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 76 | 0x0c3280027b90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 77 | 0x0c3280027ba0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 78 | 0x0c3280027bb0: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 79 | 0x0c3280027bc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 80 | =>0x0c3280027bd0: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd 81 | 0x0c3280027be0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 82 | 0x0c3280027bf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 83 | 0x0c3280027c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 84 | 0x0c3280027c10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 85 | 0x0c3280027c20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 86 | Shadow byte legend (one shadow byte represents 8 application bytes): 87 | Addressable: 00 88 | Partially addressable: 01 02 03 04 05 06 07 89 | Heap left redzone: fa 90 | Heap right redzone: fb 91 | Freed heap region: fd 92 | Stack left redzone: f1 93 | Stack mid redzone: f2 94 | Stack right redzone: f3 95 | Stack partial redzone: f4 96 | Stack after return: f5 97 | Stack use after scope: f8 98 | Global redzone: f9 99 | Global init order: f6 100 | Poisoned by user: f7 101 | Contiguous container OOB:fc 102 | ASan internal: fe 103 | ==6234==ABORTING 104 | -------------------------------------------------------------------------------- /asan/apache-2.4.37/apache-2.4.37-heap-use-after-free-h2_req_add_header-asan-error.10140: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==10140==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190002ad0f0 at pc 0x7f8510c14f5d bp 0x7f84da23bed0 sp 0x7f84da23bec0 3 | READ of size 8 at 0x6190002ad0f0 thread T58 4 | #0 0x7f8510c14f5c in pool_find memory/unix/apr_pools.c:2239 5 | #1 0x7f8510c154cb in apr_pool_walk_tree memory/unix/apr_pools.c:1496 6 | #2 0x7f8510c1555e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 7 | #3 0x7f8510c1555e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 8 | #4 0x7f8510c1555e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 9 | #5 0x7f8510c1555e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 10 | #6 0x7f8510c17f12 in apr_pool_find memory/unix/apr_pools.c:2256 11 | #7 0x7f8510c02230 in apr_table_mergen tables/apr_tables.c:746 12 | #8 0x67f4c9 in h2_req_add_header /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_util.c:1874 13 | #9 0x643d5b in h2_request_add_header /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_request.c:147 14 | #10 0x6674a4 in h2_stream_add_header /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_stream.c:740 15 | #11 0x64debc in on_header_cb /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_session.c:312 16 | #12 0x7f851226cf19 in nghttp2_session_mem_recv (/usr/lib64/libnghttp2.so.14+0x2cf19) 17 | #13 0x625435 in recv_RAW_DATA /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_filter.c:60 18 | #14 0x625435 in recv_RAW_brigade /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_filter.c:101 19 | #15 0x627509 in h2_filter_core_input /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_filter.c:183 20 | #16 0x64c400 in session_read /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_session.c:1552 21 | #17 0x64c400 in h2_session_read /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_session.c:1609 22 | #18 0x65a05b in h2_session_process /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_session.c:2223 23 | #19 0x622dc2 in h2_conn_run /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_conn.c:212 24 | #20 0x62bfe2 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_h2.c:658 25 | #21 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:42 26 | #22 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:1049 27 | #23 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2082 28 | #24 0x7f851036b779 in start_thread (/lib64/libpthread.so.0+0x7779) 29 | #25 0x7f850fe99b2e in clone (/lib64/libc.so.6+0x102b2e) 30 | 31 | 0x6190002ad0f0 is located 112 bytes inside of 1040-byte region [0x6190002ad080,0x6190002ad490) 32 | freed by thread T62 here: 33 | #0 0x7f8512eaa171 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57171) 34 | #1 0x7f8510c16138 in pool_clear_debug memory/unix/apr_pools.c:1857 35 | #2 0x7f8510c1597b in pool_destroy_debug memory/unix/apr_pools.c:1915 36 | #3 0x65e6f9 in h2_session_pre_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_session.c:2357 37 | #4 0x62333b in h2_conn_pre_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_conn.c:254 38 | #5 0x4c9803 in ap_run_pre_close_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:44 39 | #6 0x4c9aa8 in ap_prep_lingering_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:101 40 | #7 0x4c9afd in ap_start_lingering_close /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:129 41 | #8 0x710e49 in start_lingering_close_blocking /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:805 42 | #9 0x710e49 in process_socket /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:1209 43 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2082 44 | #11 0x7f851036b779 in start_thread (/lib64/libpthread.so.0+0x7779) 45 | #12 0x7f850fe99b2e in clone (/lib64/libc.so.6+0x102b2e) 46 | 47 | previously allocated by thread T62 here: 48 | #0 0x7f8512eaa402 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57402) 49 | #1 0x7f8510c15319 in pool_alloc memory/unix/apr_pools.c:1749 50 | #2 0x7f8510c16fed in apr_pcalloc_debug memory/unix/apr_pools.c:1797 51 | #3 0x7f8510c14a57 in apr_thread_mutex_create locks/unix/thread_mutex.c:50 52 | #4 0x7f8510c17530 in apr_pool_create_ex_debug memory/unix/apr_pools.c:2038 53 | #5 0x647256 in h2_session_create_int /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_session.c:800 54 | #6 0x622b37 in h2_conn_setup /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_conn.c:190 55 | #7 0x62c390 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/modules/http2/h2_h2.c:651 56 | #8 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/connection.c:42 57 | #9 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:1049 58 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2082 59 | #11 0x7f851036b779 in start_thread (/lib64/libpthread.so.0+0x7779) 60 | #12 0x7f850fe99b2e in clone (/lib64/libc.so.6+0x102b2e) 61 | 62 | Thread T58 created by T38 here: 63 | #0 0x7f8512e769aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 64 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2336 65 | 66 | Thread T38 created by T0 here: 67 | #0 0x7f8512e769aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 68 | #1 0x714ebc in child_main /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2541 69 | 70 | Thread T62 created by T38 here: 71 | #0 0x7f8512e769aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 72 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37/work/httpd-2.4.37/server/mpm/event/event.c:2336 73 | 74 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:2239 pool_find 75 | Shadow bytes around the buggy address: 76 | 0x0c328004d9c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 77 | 0x0c328004d9d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 78 | 0x0c328004d9e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 79 | 0x0c328004d9f0: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 80 | 0x0c328004da00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 81 | =>0x0c328004da10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd 82 | 0x0c328004da20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 83 | 0x0c328004da30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 84 | 0x0c328004da40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 85 | 0x0c328004da50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 86 | 0x0c328004da60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 87 | Shadow byte legend (one shadow byte represents 8 application bytes): 88 | Addressable: 00 89 | Partially addressable: 01 02 03 04 05 06 07 90 | Heap left redzone: fa 91 | Heap right redzone: fb 92 | Freed heap region: fd 93 | Stack left redzone: f1 94 | Stack mid redzone: f2 95 | Stack right redzone: f3 96 | Stack partial redzone: f4 97 | Stack after return: f5 98 | Stack use after scope: f8 99 | Global redzone: f9 100 | Global init order: f6 101 | Poisoned by user: f7 102 | Contiguous container OOB:fc 103 | ASan internal: fe 104 | ==10140==ABORTING 105 | -------------------------------------------------------------------------------- /asan/apache-2.4.37/apache-2.4.37-heap-use-after-free-h2_request_end_headers-asan-error.2697: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==2697==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190001c9890 at pc 0x7ff99c65bf3a bp 0x7ff96ede4e90 sp 0x7ff96ede4e80 3 | READ of size 8 at 0x6190001c9890 thread T45 4 | #0 0x7ff99c65bf39 in pool_find memory/unix/apr_pools.c:2239 5 | #1 0x7ff99c65c49b in apr_pool_walk_tree memory/unix/apr_pools.c:1496 6 | #2 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 7 | #3 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 8 | #4 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 9 | #5 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 10 | #6 0x7ff99c65ee92 in apr_pool_find memory/unix/apr_pools.c:2256 11 | #7 0x7ff99c649230 in apr_table_mergen tables/apr_tables.c:746 12 | #8 0x644332 in h2_request_end_headers /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_request.c:184 13 | #9 0x66631e in h2_stream_recv_frame /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_stream.c:459 14 | #10 0x651a72 in on_frame_recv_cb /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_session.c:352 15 | #11 0x7ff99dcb0a3e in nghttp2_session_mem_recv (/usr/lib64/libnghttp2.so.14+0x2aa3e) 16 | #12 0x625435 in recv_RAW_DATA /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_filter.c:60 17 | #13 0x625435 in recv_RAW_brigade /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_filter.c:101 18 | #14 0x627509 in h2_filter_core_input /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_filter.c:183 19 | #15 0x64c400 in session_read /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_session.c:1552 20 | #16 0x64c400 in h2_session_read /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_session.c:1609 21 | #17 0x65a05b in h2_session_process /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_session.c:2223 22 | #18 0x622dc2 in h2_conn_run /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_conn.c:212 23 | #19 0x62bfe2 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_h2.c:658 24 | #20 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:42 25 | #21 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:1049 26 | #22 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2082 27 | #23 0x7ff99bdb2779 in start_thread (/lib64/libpthread.so.0+0x7779) 28 | #24 0x7ff99b8e0b2e in clone (/lib64/libc.so.6+0x102b2e) 29 | 30 | 0x6190001c9890 is located 16 bytes inside of 1040-byte region [0x6190001c9880,0x6190001c9c90) 31 | freed by thread T44 here: 32 | #0 0x7ff99e8f0171 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57171) 33 | #1 0x7ff99c65d0f4 in pool_clear_debug memory/unix/apr_pools.c:1857 34 | #2 0x7ff99c65c94b in pool_destroy_debug memory/unix/apr_pools.c:1915 35 | #3 0x65e6f9 in h2_session_pre_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_session.c:2357 36 | #4 0x62333b in h2_conn_pre_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_conn.c:254 37 | #5 0x4c9803 in ap_run_pre_close_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:44 38 | #6 0x4c9aa8 in ap_prep_lingering_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:101 39 | #7 0x4c9afd in ap_start_lingering_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:129 40 | #8 0x710e49 in start_lingering_close_blocking /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:805 41 | #9 0x710e49 in process_socket /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:1209 42 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2082 43 | #11 0x7ff99bdb2779 in start_thread (/lib64/libpthread.so.0+0x7779) 44 | #12 0x7ff99b8e0b2e in clone (/lib64/libc.so.6+0x102b2e) 45 | 46 | previously allocated by thread T44 here: 47 | #0 0x7ff99e8f0402 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57402) 48 | #1 0x7ff99c65c2f1 in pool_alloc memory/unix/apr_pools.c:1749 49 | #2 0x7ff99c65df9d in apr_pcalloc_debug memory/unix/apr_pools.c:1797 50 | #3 0x7ff99c65ba57 in apr_thread_mutex_create locks/unix/thread_mutex.c:50 51 | #4 0x7ff99c65e4e0 in apr_pool_create_ex_debug memory/unix/apr_pools.c:2038 52 | #5 0x647256 in h2_session_create_int /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_session.c:800 53 | #6 0x622b37 in h2_conn_setup /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_conn.c:190 54 | #7 0x62c390 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_h2.c:651 55 | #8 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:42 56 | #9 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:1049 57 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2082 58 | #11 0x7ff99bdb2779 in start_thread (/lib64/libpthread.so.0+0x7779) 59 | #12 0x7ff99b8e0b2e in clone (/lib64/libc.so.6+0x102b2e) 60 | 61 | Thread T45 created by T38 here: 62 | #0 0x7ff99e8bc9aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 63 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2336 64 | 65 | Thread T38 created by T0 here: 66 | #0 0x7ff99e8bc9aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 67 | #1 0x714ebc in child_main /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2541 68 | 69 | Thread T44 created by T38 here: 70 | #0 0x7ff99e8bc9aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 71 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2336 72 | 73 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:2239 pool_find 74 | Shadow bytes around the buggy address: 75 | 0x0c32800312c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 76 | 0x0c32800312d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 77 | 0x0c32800312e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 78 | 0x0c32800312f0: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 79 | 0x0c3280031300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 80 | =>0x0c3280031310: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd 81 | 0x0c3280031320: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 82 | 0x0c3280031330: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 83 | 0x0c3280031340: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 84 | 0x0c3280031350: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 85 | 0x0c3280031360: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 86 | Shadow byte legend (one shadow byte represents 8 application bytes): 87 | Addressable: 00 88 | Partially addressable: 01 02 03 04 05 06 07 89 | Heap left redzone: fa 90 | Heap right redzone: fb 91 | Freed heap region: fd 92 | Stack left redzone: f1 93 | Stack mid redzone: f2 94 | Stack right redzone: f3 95 | Stack partial redzone: f4 96 | Stack after return: f5 97 | Stack use after scope: f8 98 | Global redzone: f9 99 | Global init order: f6 100 | Poisoned by user: f7 101 | Contiguous container OOB:fc 102 | ASan internal: fe 103 | ==2697==ABORTING 104 | -------------------------------------------------------------------------------- /asan/apache-2.4.37/apache-2.4.37-heap-use-after-free-set_neg_headers-asan-error.20236: -------------------------------------------------------------------------------- 1 | ================================================================= 2 | ==20236==ERROR: AddressSanitizer: heap-use-after-free on address 0x619000182488 at pc 0x7ff99c65bf12 bp 0x7ff967499460 sp 0x7ff967499450 3 | READ of size 8 at 0x619000182488 thread T56 4 | #0 0x7ff99c65bf11 in pool_find memory/unix/apr_pools.c:2238 5 | #1 0x7ff99c65c49b in apr_pool_walk_tree memory/unix/apr_pools.c:1496 6 | #2 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 7 | #3 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 8 | #4 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 9 | #5 0x7ff99c65c52e in apr_pool_walk_tree memory/unix/apr_pools.c:1508 10 | #6 0x7ff99c65ee92 in apr_pool_find memory/unix/apr_pools.c:2256 11 | #7 0x7ff99c649230 in apr_table_mergen tables/apr_tables.c:746 12 | #8 0x6e760e in set_neg_headers /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/mappers/mod_negotiation.c:2603 13 | #9 0x6e8472 in do_negotiation /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/mappers/mod_negotiation.c:2914 14 | #10 0x6edb61 in handle_map_file /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/mappers/mod_negotiation.c:2977 15 | #11 0x4af333 in ap_run_handler /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/config.c:170 16 | #12 0x4afec0 in ap_invoke_handler /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/config.c:444 17 | #13 0x569a6b in ap_internal_redirect /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http/http_request.c:791 18 | #14 0x56a095 in ap_die_r /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http/http_request.c:212 19 | #15 0x56c69e in ap_process_async_request /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http/http_request.c:476 20 | #16 0x561b27 in ap_process_http_async_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http/http_core.c:154 21 | #17 0x561b27 in ap_process_http_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http/http_core.c:248 22 | #18 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:42 23 | #19 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:1049 24 | #20 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2082 25 | #21 0x7ff99bdb2779 in start_thread (/lib64/libpthread.so.0+0x7779) 26 | #22 0x7ff99b8e0b2e in clone (/lib64/libc.so.6+0x102b2e) 27 | 28 | 0x619000182488 is located 8 bytes inside of 1040-byte region [0x619000182480,0x619000182890) 29 | freed by thread T44 here: 30 | #0 0x7ff99e8f0171 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57171) 31 | #1 0x7ff99c65d0f4 in pool_clear_debug memory/unix/apr_pools.c:1857 32 | #2 0x7ff99c65c94b in pool_destroy_debug memory/unix/apr_pools.c:1915 33 | #3 0x65e6f9 in h2_session_pre_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_session.c:2357 34 | #4 0x62333b in h2_conn_pre_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_conn.c:254 35 | #5 0x4c9803 in ap_run_pre_close_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:44 36 | #6 0x4c9aa8 in ap_prep_lingering_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:101 37 | #7 0x4c9afd in ap_start_lingering_close /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:129 38 | #8 0x710e49 in start_lingering_close_blocking /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:805 39 | #9 0x710e49 in process_socket /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:1209 40 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2082 41 | #11 0x7ff99bdb2779 in start_thread (/lib64/libpthread.so.0+0x7779) 42 | #12 0x7ff99b8e0b2e in clone (/lib64/libc.so.6+0x102b2e) 43 | 44 | previously allocated by thread T44 here: 45 | #0 0x7ff99e8f0402 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x57402) 46 | #1 0x7ff99c65c2f1 in pool_alloc memory/unix/apr_pools.c:1749 47 | #2 0x7ff99c65df9d in apr_pcalloc_debug memory/unix/apr_pools.c:1797 48 | #3 0x7ff99c65ba57 in apr_thread_mutex_create locks/unix/thread_mutex.c:50 49 | #4 0x7ff99c65e4e0 in apr_pool_create_ex_debug memory/unix/apr_pools.c:2038 50 | #5 0x647256 in h2_session_create_int /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_session.c:800 51 | #6 0x622b37 in h2_conn_setup /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_conn.c:190 52 | #7 0x62c390 in h2_h2_process_conn /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/modules/http2/h2_h2.c:651 53 | #8 0x4c9243 in ap_run_process_connection /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/connection.c:42 54 | #9 0x710f6d in process_socket /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:1049 55 | #10 0x7143af in worker_thread /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2082 56 | #11 0x7ff99bdb2779 in start_thread (/lib64/libpthread.so.0+0x7779) 57 | #12 0x7ff99b8e0b2e in clone (/lib64/libc.so.6+0x102b2e) 58 | 59 | Thread T56 created by T38 here: 60 | #0 0x7ff99e8bc9aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 61 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2336 62 | 63 | Thread T38 created by T0 here: 64 | #0 0x7ff99e8bc9aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 65 | #1 0x714ebc in child_main /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2541 66 | 67 | Thread T44 created by T38 here: 68 | #0 0x7ff99e8bc9aa in pthread_create (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/libasan.so.1+0x239aa) 69 | #1 0x713255 in start_threads /var/tmp/portage/www-servers/apache-2.4.37-r1/work/httpd-2.4.37/server/mpm/event/event.c:2336 70 | 71 | SUMMARY: AddressSanitizer: heap-use-after-free memory/unix/apr_pools.c:2238 pool_find 72 | Shadow bytes around the buggy address: 73 | 0x0c3280028440: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 74 | 0x0c3280028450: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 75 | 0x0c3280028460: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 76 | 0x0c3280028470: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 77 | 0x0c3280028480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 78 | =>0x0c3280028490: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd 79 | 0x0c32800284a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 80 | 0x0c32800284b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 81 | 0x0c32800284c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 82 | 0x0c32800284d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 83 | 0x0c32800284e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 84 | Shadow byte legend (one shadow byte represents 8 application bytes): 85 | Addressable: 00 86 | Partially addressable: 01 02 03 04 05 06 07 87 | Heap left redzone: fa 88 | Heap right redzone: fb 89 | Freed heap region: fd 90 | Stack left redzone: f1 91 | Stack mid redzone: f2 92 | Stack right redzone: f3 93 | Stack partial redzone: f4 94 | Stack after return: f5 95 | Stack use after scope: f8 96 | Global redzone: f9 97 | Global init order: f6 98 | Poisoned by user: f7 99 | Contiguous container OOB:fc 100 | ASan internal: fe 101 | ==20236==ABORTING 102 | --------------------------------------------------------------------------------