Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ASAN heap use after free

Tags:

c

heap-memory

malloc

free

address-sanitizer

I am running ASAN for finding memory leaks in a very big project. I have found out the cause, but do not know how to resolve it. I have made a sample program to make the problem understandable. In the below program I can only work-around on specified code. For rest of the code it is not possible to do work around. So please suggest what work around I may have to resolve below ASAN error. (How to make pointer two as NULL using t1?)

#include<stdio.h>
#include<stdlib.h>

typedef struct l
{
    int a, b;
}pack;

void delete_me(pack *ap)
{
    free(ap);
}

int main(void)
{
    pack **d_ptr = (pack **)malloc(3 * sizeof(pack *));
    pack *one, *two, *three;
    one = (pack *)malloc(sizeof(pack));
    one->a = 1, one->b = 2;
    two = (pack *)malloc(sizeof(pack));
    two->a = 3, two->b = 4;
    three = (pack *)malloc(sizeof(pack));
    three->a = 5, three->b = 6;
    d_ptr[0] = one;
    d_ptr[1] = two;
    d_ptr[2] = three;

    // I can Only work-around below code (4 lines)
    pack *t1 = d_ptr[1]; // For which index t1 would be assigned, is not known before hand
    t1->a = 1; t1->b = 2;
    printf("a: %d, b: %d\n", two->a, two->b);
    delete_me(t1); // How to delete t1 so that corresponding pointer also becomes NULL?
    // Work around only till here was possible.

    // Below this, No workaround possible.
    if (two && (two->a == one->a)) // ASAN ERROR
            printf("ERROR\n");
    else
            printf("It works!\n");
    return 0;
}

ASAN Error: ERROR: AddressSanitizer: heap-use-after-free

like image 266
Sanjay Avatar asked Nov 30 '18 14:11

Sanjay

1 Answers

Unfortunately your problem isn't really solvable.

When you have multiple copies of the same pointer, e.g.

int *p1 = malloc(sizeof (int));
int *p2 = p1;
int *p3 = p2;

then freeing any of them invalidates all of them:

free(p2);
// Now p1, p2, p3 have invalid values.
// The C standard calls these "indeterminate values"; accessing them has undefined behavior

You can manually set p2 to NULL after freeing, but that still leaves p1 and p3 dangling. You cannot automatically find all copies of a pointer value that may exist anywhere in your program's memory.

You need to restructure the logic of your program. There is no quick and easy fix.

like image 93
melpomene Avatar answered Sep 28 '22 02:09

melpomene
Sign in to Comment

Related questions

& operator cannot be applied to constants in C [duplicate]
Finding "fallthroughs" in C code
return matrix on C
Safe conversion from __int64 to size_t
Get external commands of a DLL file
How to cancel a function call if it takes too long to respond in C?
Portable tagged pointers
What is the purpose of a 'switch 0' statement in C?
In Linux, how do I determine optimal value of optmem_max?
Printf() printing character as 32 bit
Finite State Machines in C
Compiler warning for function defined without prototype in scope?
Can static memory be lazily allocated?
Why can't a static initialization expression in C use an element of a constant array?
Serial port hangs on close()
simulate jg instruction(datalab's isGreater)
Can someone explain how this C snippet will be evaluated w.r.t sequence points?
What does # sign mean in C?
click counter to light up LEDs using C code
Are gcc __builtin functions guaranteed to be replaced by matching assembly instructions?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!