05-16-2021, 03:20 PM
(This post was last modified: 05-16-2021, 04:26 PM by antiX-Dave.)
OK, For mmsd using the wip/libsoup branch with the meson _build -Db_sanitize=address flags here is the output.
using the following for configuration.
The error is more or less identical when using the proxy set to 74.49.0.18:80
This is with no messages on the modem.
Where are the running logs for mmsd-tng?
Here is the output of mmsdtng -d
Re: Chatty. Used the branch specified above and it did build and runs as well.
Code:
mmsd-tng[1173]: MMSD-TNG version 1.0~beta2
mmsd-tng[1173]: Ofono plugin needs to be ported to GIO Dbus!
mmsd-tng[1173]: Ofono plugin is disabled until then
mmsd-tng[1173]: src/service.c:load_message_from_store() There is no date stamp!
mmsd-tng[1173]: src/service.c:load_message_from_store() Setting time to now.
mmsd-tng[1173]: src/service.c:load_message_from_store() Time is 2021-05-16T17:09:05-0400.
mmsd-tng[1173]: Fail to get data (http status = 004)
mmsd-tng[1173]: Fail to get data (http status = 004)
mmsd-tng[1173]: retry later
mmsd-tng[1173]: Fail to get data (http status = 004)
mmsd-tng[1173]: Fail to get data (http status = 004)
mmsd-tng[1173]: retry later
mmsd-tng[1173]: Fail to get data (http status = 004)
mmsd-tng[1173]: Fail to get data (http status = 004)
=================================================================
==1173==ERROR: AddressSanitizer: heap-use-after-free on address 0x007f82a12348 at pc 0x00558940950c bp 0x007fe6bcbd00 sp 0x007fe6bcbd18
READ of size 8 at 0x007f82a12348 thread T0
#0 0x5589409508 in on_message_done ../src/service.c:2770
#1 0x7f8b124e48 (/lib/aarch64-linux-gnu/libsoup-2.4.so.1+0x5de48)
#2 0x7f8b125294 (/lib/aarch64-linux-gnu/libsoup-2.4.so.1+0x5e294)
#3 0x7f8b125418 (/lib/aarch64-linux-gnu/libsoup-2.4.so.1+0x5e418)
#4 0x7f8b2dcf18 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xbff18)
#5 0x7f8b2dde10 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xc0e10)
#6 0x7f8b0fb0a8 (/lib/aarch64-linux-gnu/libsoup-2.4.so.1+0x340a8)
#7 0x7f8b0fb2b8 (/lib/aarch64-linux-gnu/libsoup-2.4.so.1+0x342b8)
#8 0x7f8b2dcf18 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xbff18)
#9 0x7f8b2dde10 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xc0e10)
#10 0x7f8b127e48 (/lib/aarch64-linux-gnu/libsoup-2.4.so.1+0x60e48)
#11 0x7f8b2dcf18 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xbff18)
#12 0x7f8b2dde10 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xc0e10)
#13 0x7f8b2d2150 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xb5150)
#14 0x7f8b2dcf18 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xbff18)
#15 0x7f8b2dde10 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xc0e10)
#16 0x7f8b2be45c (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xa145c)
#17 0x7f8b2dcf18 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xbff18)
#18 0x7f8b2dcf64 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xbff64)
#19 0x7f8b573ab0 in g_main_context_dispatch (/lib/aarch64-linux-gnu/libglib-2.0.so.0+0x53ab0)
#20 0x7f8b573e58 (/lib/aarch64-linux-gnu/libglib-2.0.so.0+0x53e58)
#21 0x7f8b5741ac in g_main_loop_run (/lib/aarch64-linux-gnu/libglib-2.0.so.0+0x541ac)
#22 0x55893fba98 in main ../src/main.c:164
#23 0x7f8af0a214 in __libc_start_main (/lib/aarch64-linux-gnu/libc.so.6+0x24214)
#24 0x55893fb4c4 (/usr/local/bin/mmsdtng+0x1b4c4)
0x007f82a12348 is located 40 bytes inside of 64-byte region [0x007f82a12320,0x007f82a12360)
freed by thread T0 here:
#0 0x7f8b701bbc in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:123
#1 0x55893fed7c in mms_request_destroy ../src/service.c:758
#2 0x55894094e4 in on_message_done ../src/service.c:2766
#3 0x7f8b124e48 (/lib/aarch64-linux-gnu/libsoup-2.4.so.1+0x5de48)
#4 0x7f8b125294 (/lib/aarch64-linux-gnu/libsoup-2.4.so.1+0x5e294)
#5 0x7f8b125418 (/lib/aarch64-linux-gnu/libsoup-2.4.so.1+0x5e418)
#6 0x7f8b2dcf18 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xbff18)
#7 0x7f8b2dde10 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xc0e10)
#8 0x7f8b0fb0a8 (/lib/aarch64-linux-gnu/libsoup-2.4.so.1+0x340a8)
#9 0x7f8b0fb2b8 (/lib/aarch64-linux-gnu/libsoup-2.4.so.1+0x342b8)
#10 0x7f8b2dcf18 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xbff18)
#11 0x7f8b2dde10 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xc0e10)
#12 0x7f8b127e48 (/lib/aarch64-linux-gnu/libsoup-2.4.so.1+0x60e48)
#13 0x7f8b2dcf18 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xbff18)
#14 0x7f8b2dde10 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xc0e10)
#15 0x7f8b2d2150 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xb5150)
#16 0x7f8b2dcf18 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xbff18)
#17 0x7f8b2dde10 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xc0e10)
#18 0x7f8b2be45c (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xa145c)
#19 0x7f8b2dcf18 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xbff18)
#20 0x7f8b2dcf64 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xbff64)
#21 0x7f8b573ab0 in g_main_context_dispatch (/lib/aarch64-linux-gnu/libglib-2.0.so.0+0x53ab0)
#22 0x7f8b573e58 (/lib/aarch64-linux-gnu/libglib-2.0.so.0+0x53e58)
#23 0x7f8b5741ac in g_main_loop_run (/lib/aarch64-linux-gnu/libglib-2.0.so.0+0x541ac)
#24 0x55893fba98 in main ../src/main.c:164
#25 0x7f8af0a214 in __libc_start_main (/lib/aarch64-linux-gnu/libc.so.6+0x24214)
#26 0x55893fb4c4 (/usr/local/bin/mmsdtng+0x1b4c4)
previously allocated by thread T0 here:
#0 0x7f8b70200c in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x5589401f20 in create_request ../src/service.c:1336
#2 0x5589404c78 in process_message_on_start ../src/service.c:1879
#3 0x55894051c0 in load_messages ../src/service.c:1959
#4 0x55894055f0 in mms_service_register ../src/service.c:2013
#5 0x55894273c8 in mmsd_modem_available ../plugins/modemmanager.c:1184
#6 0x5589425890 in mmsd_mm_state ../plugins/modemmanager.c:960
#7 0x558942439c in mmsd_mm_add_object ../plugins/modemmanager.c:743
#8 0x55894245f4 in mmsd_mm_get_modems ../plugins/modemmanager.c:764
#9 0x5589424f20 in cb_mm_manager_new ../plugins/modemmanager.c:873
#10 0x7f8b2dcf18 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xbff18)
#11 0x7f8b2dcf64 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xbff64)
#12 0x7f8b573ab0 in g_main_context_dispatch (/lib/aarch64-linux-gnu/libglib-2.0.so.0+0x53ab0)
#13 0x7f8b573e58 (/lib/aarch64-linux-gnu/libglib-2.0.so.0+0x53e58)
#14 0x7f8b5741ac in g_main_loop_run (/lib/aarch64-linux-gnu/libglib-2.0.so.0+0x541ac)
#15 0x55893fba98 in main ../src/main.c:164
#16 0x7f8af0a214 in __libc_start_main (/lib/aarch64-linux-gnu/libc.so.6+0x24214)
#17 0x55893fb4c4 (/usr/local/bin/mmsdtng+0x1b4c4)
SUMMARY: AddressSanitizer: heap-use-after-free ../src/service.c:2770 in on_message_done
Shadow bytes around the buggy address:
0x001ff0542410: fd fd fd fd fd fd fd fd fa fa fa fa 00 00 00 00
0x001ff0542420: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00
0x001ff0542430: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa
0x001ff0542440: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
0x001ff0542450: 00 00 00 00 fa fa fa fa fd fd fd fd fd fd fd fd
=>0x001ff0542460: fa fa fa fa fd fd fd fd fd[fd]fd fd fa fa fa fa
0x001ff0542470: 00 00 00 00 00 00 00 02 fa fa fa fa fd fd fd fd
0x001ff0542480: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd
0x001ff0542490: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
0x001ff05424a0: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
0x001ff05424b0: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==1173==ABORTINGusing the following for configuration.
Code:
[Modem Manager]
CarrierMMSC=http://aliasredirect.net/proxy/mmsc
MMS_APN=sp.telus.com
CarrierMMSProxy=mmscproxy.mobility.ca:8799
DefaultModemNumber=NULL
AutoProcessOnConnection=true
AutoProcessSMSWAP=true
[Settings]
UseDeliveryReports=false
TotalMaxAttachmentSize=1100000
MaxAttachments=25
AutoCreateSMIL=falseThe error is more or less identical when using the proxy set to 74.49.0.18:80
This is with no messages on the modem.
Where are the running logs for mmsd-tng?
Here is the output of mmsdtng -d
Code:
mobian@mobian:~$ mmsdtng -d
mmsd-tng[4543]: MMSD-TNG version 1.0~beta2
mmsd-tng[4543]: ../src/main.c:on_bus_acquired() Dbus Bus acquired!
mmsd-tng[4543]: ../src/main.c:on_name_acquired() Dbus name acquired!
mmsd-tng[4543]: ../src/service.c:__mms_service_init() Starting Up MMSD Service Manager
mmsd-tng[4543]: ../src/plugin.c:__mms_plugin_init()
mmsd-tng[4543]: ../plugins/modemmanager.c:modemmanager_init() Starting Modem Manager Plugin!
mmsd-tng[4543]: ../src/service.c:mms_service_create() service 0x7f7f7029b0
mmsd-tng[4543]: ../src/service.c:mms_service_set_identity() service 0x7f7f7029b0 identity modemmanager
mmsd-tng[4543]: ../src/plugin.c:add_plugin() Plugin modemmanager loaded
mmsd-tng[4543]: Ofono plugin needs to be ported to GIO Dbus!
mmsd-tng[4543]: Ofono plugin is disabled until then
mmsd-tng[4543]: ../src/plugin.c:add_plugin() Plugin ofono loaded
mmsd-tng[4543]: ../plugins/modemmanager.c:mmsd_mm_state() MMSD_MM_STATE_MANAGER_FOUND
mmsd-tng[4543]: ../plugins/modemmanager.c:cb_mm_manager_new() ModemManager found: :1.15
mmsd-tng[4543]: ../plugins/modemmanager.c:mmsd_mm_add_object() Not checking for a default Modem
mmsd-tng[4543]: ../plugins/modemmanager.c:mmsd_mm_add_object() Added device at: /org/freedesktop/ModemManager1/Modem/0
mmsd-tng[4543]: ../plugins/modemmanager.c:mmsd_mm_init_modem() mmsd_mm_init_modem
mmsd-tng[4543]: ../plugins/modemmanager.c:mmsd_modem_available() Registering Modem Manager MMS Service
mmsd-tng[4543]: ../src/service.c:mms_service_register() service 0x7f7f7029b0
mmsd-tng[4543]: ../src/service.c:emit_service_added() Service Added 0x7f7f7029b0
mmsd-tng[4543]: ../src/service.c:mms_load_settings() Maximum Attachment Total Size (in bytes): 1100000
mmsd-tng[4543]: ../src/service.c:mms_load_settings() Maximum Number of Attachments: 25
mmsd-tng[4543]: ../src/service.c:mms_load_settings() AutoCreateSMIL is set to: 0
mmsd-tng[4543]: src/service.c:load_message_from_store() There is no date stamp!
mmsd-tng[4543]: src/service.c:load_message_from_store() Setting time to now.
mmsd-tng[4543]: src/service.c:load_message_from_store() Time is 2021-05-16T18:01:29-0400.
mmsd-tng[4543]: ../src/mmsutil.c:mms_message_decode() about to check well known
mmsd-tng[4543]: ../src/mmsutil.c:mms_message_decode() about to extract short
mmsd-tng[4543]: ../src/mmsutil.c:mms_message_decode() octet 130
mmsd-tng[4543]: ../src/mmsutil.c:mms_message_decode() MMS_MESSAGE_TYPE_NOTIFICATION_IND
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() saw header of type 24
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() running handler for type 24
mmsd-tng[4543]: ../src/mmsutil.c:decode_text() claimed len: 18
mmsd-tng[4543]: ../src/mmsutil.c:decode_text() val: Ag108iod66o77NZyP
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() handler for type 24 was success
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() saw header of type 13
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() running handler for type 13
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() handler for type 13 was success
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() saw header of type 9
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() running handler for type 9
mmsd-tng[4543]: ../src/mmsutil.c:extract_from() trying to decode text of length 22: +**********/TYPE=PLMN
mmsd-tng[4543]: ../src/mmsutil.c:extract_from() text="+**********/TYPE=PLMN"
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() handler for type 9 was success
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() saw header of type 6
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() saw header of type 10
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() running handler for type 10
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() handler for type 10 was success
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() saw header of type 14
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() running handler for type 14
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() handler for type 14 was success
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() saw header of type 8
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() running handler for type 8
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() handler for type 8 was success
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() saw header of type 3
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() running handler for type 3
mmsd-tng[4543]: ../src/mmsutil.c:decode_text() claimed len: 58
mmsd-tng[4543]: ../src/mmsutil.c:decode_text() val: http://mmschoodmm1.telus.com:8790/ammsc?Ag108iod66o77NZyP
mmsd-tng[4543]: ../src/mmsutil.c:mms_parse_headers() handler for type 3 was success
mmsd-tng[4543]: ../src/service.c:activate_bearer() service 0x7f7f7029b0 setup 0 active 0
mmsd-tng[4543]: ../plugins/modemmanager.c:mmsd_modem_available() Got SIM Path: /org/freedesktop/ModemManager1/SIM/0 Identifier: 302220022714611, imsi: 302220022714611
mmsd-tng[4543]: ../src/service.c:mms_service_set_country_code() Service Country Code set to CA
mmsd-tng[4543]: ../plugins/modemmanager.c:mmsd_connect_to_sms_wap() Watching for new SMS WAPs
mmsd-tng[4543]: ../plugins/modemmanager.c:mmsd_mm_get_modem_state() MM_MODEM_GOOD_STATE: 11
mmsd-tng[4543]: ../plugins/modemmanager.c:mmsd_mm_state() MMSD_MM_STATE_READY
mmsd-tng[4543]: ../plugins/modemmanager.c:mmsd_mm_state() Setting Bearer Handler
mmsd-tng[4543]: ../src/service.c:mms_service_set_bearer_handler() service 0x7f7f7029b0 handler 0x557dcc63e0
mmsd-tng[4543]: ../plugins/modemmanager.c:mmsd_get_all_sms() Searching for any new SMS WAPs...
mmsd-tng[4543]: ../plugins/modemmanager.c:mmsd_get_all_sms() Adding timeout to mmsd_get_all_sms()
mmsd-tng[4543]: ../plugins/modemmanager.c:process_mms_process_message_queue() Processing any unsent/unreceived MMS messages.
mmsd-tng[4543]: ../src/service.c:activate_bearer() service 0x7f7f7029b0 setup 0 active 0
mmsd-tng[4543]: ../src/service.c:activate_bearer() service 0x7f7f7029b0 waiting for 20 seconds
mmsd-tng[4543]: ../plugins/modemmanager.c:set_context() Setting Context...
mmsd-tng[4543]: ../src/service.c:mms_service_set_mmsc() service 0x7f7f7029b0 mmsc http://aliasredirect.net/proxy/mmsc
mmsd-tng[4543]: ../plugins/modemmanager.c:set_context() Max number of bearers: 1
mmsd-tng[4543]: ../plugins/modemmanager.c:set_context() Current Context APN: sp.telus.com, mmsd-tng settings MMS APN: sp.telus.com
mmsd-tng[4543]: ../plugins/modemmanager.c:set_context() You are connected to the correct APN! Enabling context...
mmsd-tng[4543]: ../plugins/modemmanager.c:bearer_handler() At Bearer Handler: path /org/freedesktop/ModemManager1/Modem/0 active 1 context_active 1
mmsd-tng[4543]: ../plugins/modemmanager.c:bearer_handler() active and context_active, bearer_notify
mmsd-tng[4543]: ../src/service.c:mms_service_bearer_notify() service=0x7f7f7029b0 active=1 iface=wwan0 proxy=74.49.0.18:80
mmsd-tng[4543]: ../src/service.c:mms_service_bearer_notify() interface wwan0 proxy 74.49.0.18:80
mmsd-tng[4543]: ../src/service.c:mms_service_bearer_notify() Proxy URL: http://74.49.0.18:80/
mmsd-tng[4543]: ../src/service.c:process_request_queue() service 0x7f7f7029b0
mmsd-tng[4543]: ../src/service.c:process_request_queue() location http://mmschoodmm1.telus.com:8790/ammsc?Ag108iod66o77NZyP
mmsd-tng[4543]: ../src/service.c:resolve_host() Binding resolver queries to interface wwan0
mmsd-tng[4543]: ../src/service.c:resolve_callback() Found IP for 'mmschoodmm1.telus.com': 2001:568:202:b::1
mmsd-tng[4543]: ../src/service.c:resolve_host() Using URI for request: http://[2001:568:202:b::1]:8790/ammsc?Ag108iod66o77NZyP
mmsd-tng[4543]: ../plugins/modemmanager.c:handle_method_call() All Settings: ({'CarrierMMSC': <'http://aliasredirect.net/proxy/mmsc'>, 'MMS_APN': <'sp.telus.com'>, 'CarrierMMSProxy': <'74.49.0.18:80'>, 'DefaultModemNumber': <'NULL'>, 'AutoProcessOnConnection': <true>, 'AutoProcessSMSWAP': <true>},)
mmsd-tng[4543]: ../src/service.c:handle_method_call_manager() At Get Services Method Call
> GET /ammsc?Ag108iod66o77NZyP HTTP/1.1
> Soup-Debug-Timestamp: 1621202491
> Soup-Debug: SoupSession 1 (0x7f7e5e4100), SoupMessage 1 (0x7f7e9350c0), SoupSocket 1 (0x7f7e91fe80)
> Host: aliasredirect.net
> Accept-Encoding: gzip, deflate
> Connection: Keep-Alive
< HTTP/1.1 7 Connection terminated unexpectedly
< Soup-Debug-Timestamp: 1621202491
< Soup-Debug: SoupMessage 1 (0x7f7e9350c0)
mmsd-tng[4543]: Fail to get data (http status = 007)
mmsd-tng[4543]: ../src/service.c:on_message_done() status: 007
mmsd-tng[4543]: ../src/service.c:on_message_done() data size = 0
mmsd-tng[4543]: ../src/service.c:on_message_done() request->result_cb=0x557dca884c vs. retrieve_conf=0x557dca884c/send_conf=0x557dca2758/notify_resp=0x557dca84a8
mmsd-tng[4543]: Fail to get data (http status = 007)
mmsd-tng[4543]: retry later
mmsd-tng[4543]: ../src/service.c:process_request_queue() service 0x7f7f7029b0
mmsd-tng[4543]: ../src/service.c:process_request_queue() location http://mmschoodmm1.telus.com:8790/ammsc?Ag108iod66o77NZyP
mmsd-tng[4543]: ../src/service.c:resolve_host() Binding resolver queries to interface wwan0
mmsd-tng[4543]: ../src/service.c:resolve_callback() Found IP for 'mmschoodmm1.telus.com': 2001:568:202:b::1
mmsd-tng[4543]: ../src/service.c:resolve_host() Using URI for request: http://[2001:568:202:b::1]:8790/ammsc?Ag108iod66o77NZyP
> GET /ammsc?Ag108iod66o77NZyP HTTP/1.1
> Soup-Debug-Timestamp: 1621202491
> Soup-Debug: SoupSession 1 (0x7f7e5e4100), SoupMessage 2 (0x7f7e9352a0), SoupSocket 2 (0x7f7e91ff50)
> Host: aliasredirect.net
> Accept-Encoding: gzip, deflate
> Connection: Keep-Alive
< HTTP/1.1 7 Connection terminated unexpectedly
< Soup-Debug-Timestamp: 1621202491
< Soup-Debug: SoupMessage 2 (0x7f7e9352a0)
mmsd-tng[4543]: Fail to get data (http status = 007)
mmsd-tng[4543]: ../src/service.c:on_message_done() status: 007
mmsd-tng[4543]: ../src/service.c:on_message_done() data size = 0
mmsd-tng[4543]: ../src/service.c:on_message_done() request->result_cb=0x557dca884c vs. retrieve_conf=0x557dca884c/send_conf=0x557dca2758/notify_resp=0x557dca84a8
mmsd-tng[4543]: Fail to get data (http status = 007)
mmsd-tng[4543]: retry later
mmsd-tng[4543]: ../src/service.c:process_request_queue() service 0x7f7f7029b0
mmsd-tng[4543]: ../src/service.c:process_request_queue() location http://mmschoodmm1.telus.com:8790/ammsc?Ag108iod66o77NZyP
mmsd-tng[4543]: ../src/service.c:resolve_host() Binding resolver queries to interface wwan0
mmsd-tng[4543]: ../src/service.c:resolve_callback() Found IP for 'mmschoodmm1.telus.com': 2001:568:202:b::1
mmsd-tng[4543]: ../src/service.c:resolve_host() Using URI for request: http://[2001:568:202:b::1]:8790/ammsc?Ag108iod66o77NZyP
> GET /ammsc?Ag108iod66o77NZyP HTTP/1.1
> Soup-Debug-Timestamp: 1621202491
> Soup-Debug: SoupSession 1 (0x7f7e5e4100), SoupMessage 3 (0x7f7e935480), SoupSocket 3 (0x7f7e93f120)
> Host: aliasredirect.net
> Accept-Encoding: gzip, deflate
> Connection: Keep-Alive
< HTTP/1.1 7 Connection terminated unexpectedly
< Soup-Debug-Timestamp: 1621202492
< Soup-Debug: SoupMessage 3 (0x7f7e935480)
mmsd-tng[4543]: Fail to get data (http status = 007)
mmsd-tng[4543]: ../src/service.c:on_message_done() status: 007
mmsd-tng[4543]: ../src/service.c:on_message_done() data size = 0
mmsd-tng[4543]: ../src/service.c:on_message_done() request->result_cb=0x557dca884c vs. retrieve_conf=0x557dca884c/send_conf=0x557dca2758/notify_resp=0x557dca84a8
mmsd-tng[4543]: Fail to get data (http status = 007)
=================================================================
==4543==ERROR: AddressSanitizer: heap-use-after-free on address 0x007f7fb12408 at pc 0x00557dca950c bp 0x007ff993b1b0 sp 0x007ff993b1c8
READ of size 8 at 0x007f7fb12408 thread T0
#0 0x557dca9508 in on_message_done ../src/service.c:2770
#1 0x7f881b8e48 (/lib/aarch64-linux-gnu/libsoup-2.4.so.1+0x5de48)
#2 0x7f881b9294 (/lib/aarch64-linux-gnu/libsoup-2.4.so.1+0x5e294)
#3 0x7f881b9348 (/lib/aarch64-linux-gnu/libsoup-2.4.so.1+0x5e348)
#4 0x7f88607ab0 in g_main_context_dispatch (/lib/aarch64-linux-gnu/libglib-2.0.so.0+0x53ab0)
#5 0x7f88607e58 (/lib/aarch64-linux-gnu/libglib-2.0.so.0+0x53e58)
#6 0x7f886081ac in g_main_loop_run (/lib/aarch64-linux-gnu/libglib-2.0.so.0+0x541ac)
#7 0x557dc9ba98 in main ../src/main.c:164
#8 0x7f87f9e214 in __libc_start_main (/lib/aarch64-linux-gnu/libc.so.6+0x24214)
#9 0x557dc9b4c4 (/usr/local/bin/mmsdtng+0x1b4c4)
0x007f7fb12408 is located 40 bytes inside of 64-byte region [0x007f7fb123e0,0x007f7fb12420)
freed by thread T0 here:
#0 0x7f88795bbc in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:123
#1 0x557dc9ed7c in mms_request_destroy ../src/service.c:758
#2 0x557dca94e4 in on_message_done ../src/service.c:2766
#3 0x7f881b8e48 (/lib/aarch64-linux-gnu/libsoup-2.4.so.1+0x5de48)
#4 0x7f881b9294 (/lib/aarch64-linux-gnu/libsoup-2.4.so.1+0x5e294)
#5 0x7f881b9348 (/lib/aarch64-linux-gnu/libsoup-2.4.so.1+0x5e348)
#6 0x7f88607ab0 in g_main_context_dispatch (/lib/aarch64-linux-gnu/libglib-2.0.so.0+0x53ab0)
#7 0x7f88607e58 (/lib/aarch64-linux-gnu/libglib-2.0.so.0+0x53e58)
#8 0x7f886081ac in g_main_loop_run (/lib/aarch64-linux-gnu/libglib-2.0.so.0+0x541ac)
#9 0x557dc9ba98 in main ../src/main.c:164
#10 0x7f87f9e214 in __libc_start_main (/lib/aarch64-linux-gnu/libc.so.6+0x24214)
#11 0x557dc9b4c4 (/usr/local/bin/mmsdtng+0x1b4c4)
previously allocated by thread T0 here:
#0 0x7f8879600c in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x557dca1f20 in create_request ../src/service.c:1336
#2 0x557dca4c78 in process_message_on_start ../src/service.c:1879
#3 0x557dca51c0 in load_messages ../src/service.c:1959
#4 0x557dca55f0 in mms_service_register ../src/service.c:2013
#5 0x557dcc73c8 in mmsd_modem_available ../plugins/modemmanager.c:1184
#6 0x557dcc5890 in mmsd_mm_state ../plugins/modemmanager.c:960
#7 0x557dcc439c in mmsd_mm_add_object ../plugins/modemmanager.c:743
#8 0x557dcc45f4 in mmsd_mm_get_modems ../plugins/modemmanager.c:764
#9 0x557dcc4f20 in cb_mm_manager_new ../plugins/modemmanager.c:873
#10 0x7f88370f18 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xbff18)
#11 0x7f88370f64 (/lib/aarch64-linux-gnu/libgio-2.0.so.0+0xbff64)
#12 0x7f88607ab0 in g_main_context_dispatch (/lib/aarch64-linux-gnu/libglib-2.0.so.0+0x53ab0)
#13 0x7f88607e58 (/lib/aarch64-linux-gnu/libglib-2.0.so.0+0x53e58)
#14 0x7f886081ac in g_main_loop_run (/lib/aarch64-linux-gnu/libglib-2.0.so.0+0x541ac)
#15 0x557dc9ba98 in main ../src/main.c:164
#16 0x7f87f9e214 in __libc_start_main (/lib/aarch64-linux-gnu/libc.so.6+0x24214)
#17 0x557dc9b4c4 (/usr/local/bin/mmsdtng+0x1b4c4)
SUMMARY: AddressSanitizer: heap-use-after-free ../src/service.c:2770 in on_message_done
Shadow bytes around the buggy address:
0x001feff62430: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa
0x001feff62440: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
0x001feff62450: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00
0x001feff62460: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa
0x001feff62470: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
=>0x001feff62480: fd[fd]fd fd fa fa fa fa 00 00 00 00 00 00 00 02
0x001feff62490: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
0x001feff624a0: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
0x001feff624b0: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fa
0x001feff624c0: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
0x001feff624d0: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==4543==ABORTINGRe: Chatty. Used the branch specified above and it did build and runs as well.
