Bug 1366282 - Double free or corruption when use net-snmp snmp_sess_open() with several threads
Summary: Double free or corruption when use net-snmp snmp_sess_open() with several thr...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: net-snmp
Version: 23
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Josef Ridky
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-11 13:49 UTC by glad08
Modified: 2016-09-09 16:56 UTC (History)
3 users (show)

Fixed In Version: net-snmp-5.7.3-13.fc24 net-snmp-5.7.3-13.fc25 net-snmp-5.7.3-13.fc23
Clone Of:
Environment:
Last Closed: 2016-08-18 21:19:00 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
patch (1.33 KB, text/plain)
2016-08-11 13:51 UTC, glad08 		no flags Details
Show Obsolete (1) View All

Description glad08 2016-08-11 13:49:06 UTC 
Description of problem:

There is some chance to get free() error while calling snmp_sess_open() from several threads.


Version-Release number of selected component (if applicable):
net-snmp-5.7.3

How reproducible:



Steps to Reproduce:
1.
2.
3.

Actual results:

Core was generated by `./snmpv3poller'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007febf36faa28 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
55	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
[Current thread is 1 (Thread 0x7fea4cf39700 (LWP 19055))]
(gdb) bt
#0  0x00007febf36faa28 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
#1  0x00007febf36fc62a in __GI_abort () at abort.c:89
#2  0x00007febf373dd7a in __libc_message (do_abort=do_abort@entry=2, 
    fmt=fmt@entry=0x7febf3850300 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3  0x00007febf37461ca in malloc_printerr (ar_ptr=<optimized out>, ptr=<optimized out>, 
    str=0x7febf3850378 "free(): invalid next size (fast)", action=3) at malloc.c:5004
#4  _int_free (av=<optimized out>, p=<optimized out>, have_lock=<optimized out>) at malloc.c:3865
#5  0x00007febf374972c in __GI___libc_free (mem=mem@entry=0x7fea000019f0) at malloc.c:2966
#6  0x00007febf4e92b80 in netsnmp_tdomain_transport_full (application=application@entry=0x7febf4ec2ea6 "snmp", 
    str=0x7fea00001380 "192.168.2.251:161", local=0, default_domain=default_domain@entry=0x7febf4ebeaba "udp,udp6", 
    default_target=0x0) at snmp_transport.c:671
#7  0x00007febf4e5bbc3 in _sess_open (in_session=0x7fea4cf38870) at snmp_api.c:1562
#8  snmp_sess_open (pss=pss@entry=0x7fea4cf38870) at snmp_api.c:1784


Expected results:


Additional info:
Comment 1 glad08 2016-08-11 13:51:38 UTC 
Created attachment 1190062 [details]
patch
Comment 2 Jan Safranek 2016-08-12 07:01:30 UTC 
It seems it has already been fixed upstream in these two patches:

https://sourceforge.net/p/net-snmp/code/ci/315a9dfeddbad9c611833c9625d6c1c6d7c38324/

https://sourceforge.net/p/net-snmp/code/ci/d27ccfba26840ef8446152c007557ca4daa45a8f/

Do you have an application that's failing? All Net-SNMP users in Fedora so far were single-threaded and nobody really cared about this error.
Comment 3 glad08 2016-08-12 09:14:38 UTC 
Yes, there is such application written by company where I work.
Comment 4 Fedora Update System 2016-08-12 13:40:28 UTC 
net-snmp-5.7.3-13.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-eefcc589e9
Comment 5 Fedora Update System 2016-08-12 13:40:46 UTC 
net-snmp-5.7.3-13.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cdb928af6
Comment 6 Fedora Update System 2016-08-12 13:40:56 UTC 
net-snmp-5.7.3-13.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-9b778487e2
Comment 7 Fedora Update System 2016-08-12 15:58:33 UTC 
net-snmp-5.7.3-13.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cdb928af6
Comment 8 Fedora Update System 2016-08-14 00:22:51 UTC 
net-snmp-5.7.3-13.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-eefcc589e9
Comment 9 Fedora Update System 2016-08-14 00:50:03 UTC 
net-snmp-5.7.3-13.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-9b778487e2
Comment 10 Fedora Update System 2016-08-18 21:18:52 UTC 
net-snmp-5.7.3-13.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2016-08-27 10:36:47 UTC 
net-snmp-5.7.3-13.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Comment 12 glad08 2016-09-07 11:05:42 UTC 
And what about fedora 23 stable repository?
Comment 13 Josef Ridky 2016-09-07 11:22:57 UTC 
Fedora 23 version just stuck in Bodhi. Will be available in stable in few hours.
Comment 14 Fedora Update System 2016-09-09 16:55:52 UTC 
net-snmp-5.7.3-13.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.