jeudi 23 février 2023

Why Heap-buffer-overflow in std::map(or std::Rb_tree)

I am writing a multithreads program. However, when I run this code, I meet heap-buffer overflow.

int lock_server_cache_rsm::acquire(lock_protocol::lockid_t lid, std::string id,
                                   lock_protocol::xid_t xid, int &) {
std::unique_lock<std::mutex> ulock(mutex_);
  std::shared_ptr<Lock> lock;
  if (lock_table_.count(lid) == 0U) {
    lock = std::make_shared<Lock> (lid, ServerLockState::FREE);
    lock_table_[lid] = lock;
  } 
  else lock = lock_table_[lid];
  bool revoke = false;
  if (!lock->findClientId(id) || lock->getClientXid(id) < xid)
    lock->setClientXid(id, xid);
}

I use asan check my program, it shows that : heap-buffer-overflow in the std::map.

=================================================================
==2048==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c0000000c8 at pc 0x55d830fd8595 bp 0x7f102777b460 sp 0x7f102777b450
READ of size 8 at 0x60c0000000c8 thread T

SUMMARY: AddressSanitizer: heap-buffer-overflow /usr/include/c++/11/bits/stl_tree.h:735 in std::_Rb_tree

The Lock class and lock_server_cache_rsm class like this:

class lock_server_cache_rsm : public rsm_state_transfer {
 private:
  int nacquire;
  class rsm *rsm;
  std::unordered_map<lock_protocol::lockid_t, std::shared_ptr<Lock>>
      lock_table_;
  std::mutex mutex_;
 public:
  lock_server_cache_rsm(class rsm *rsm = 0);
  int acquire(lock_protocol::lockid_t, std::string id, lock_protocol::xid_t,
              int &);
};
class Lock {
 public:
  Lock(lock_protocol::lockid_t lid, ServerLockState state)
      : lid_(lid), state_(state){}
  void setClientXid(std::string id, lock_protocol::xid_t xid) {
    std::lock_guard<std::mutex> lg(lck_mutex_);
    client_max_xid_[id] = xid;
  }
 private:
  std::string owner_;
  lock_protocol::lockid_t lid_;
  ServerLockState state_;
  std::unordered_set<std::string> wait_client_set_;
  public:
  std::map<std::string, lock_protocol::xid_t> client_max_xid_;
  std::unordered_map<std::string, int> acquire_reply_;
  std::unordered_map<std::string, int> release_reply_;
  std::mutex lck_mutex_;
};

I donot know why I meet this problem,and I have use the lock_guard to protect my data structure and use unique_lock to protect my method.

Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)