panic due to a malformed INFO_REPLY submessage
squizz617 opened this issue · comments
Hi, a malformed INFO_REPLY submessage sent to the METATRAFFIC_UNICAST_LOCATOR triggers panic in message_receiver.rs:411. Please see below for details. Thanks!
- message_receiver.rs:407-416:
InterpreterSubmessage::InfoReply(info_reply, flags) => {
self.unicast_reply_locator_list = info_reply.unicast_locator_list;
if flags.contains(INFOREPLY_Flags::Multicast) {
self.multicast_reply_locator_list = info_reply
.multicast_locator_list
.expect("InfoReply flag indicates multicast locator is present but none found.");
// TODO: Convert the above error to warning only.
} else {
self.multicast_reply_locator_list.clear();
}
}
- INFO_DST submessage. Multicast flag is set (flag: 0x02), but the submessage doesn't contain the multicast locator list.
0000 0f 02 00 09 00 00 00 00 00 00 00 00 00
- stderr:
thread 'RustDDS Participant 0 event loop' panicked at 'InfoReply flag indicates multicast locator is present but none found.', src/rtps/message_receiver.rs:411:14
- Full backtrace:
stack backtrace:
0: 0x5635efa949da - std::backtrace_rs::backtrace::libunwind::trace::h9a6b80bbf328ba5d
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/../../backtrace/src/backtrace/libunwind.rs:93:5
1: 0x5635efa949da - std::backtrace_rs::backtrace::trace_unsynchronized::hd162ec543a11886b
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
2: 0x5635efa949da - std::sys_common::backtrace::_print_fmt::h78a5099be12f51a6
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/sys_common/backtrace.rs:65:5
3: 0x5635efa949da - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::ha1c5390454d74f71
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/sys_common/backtrace.rs:44:22
4: 0x5635efaba52f - core::fmt::write::h9ffde816c577717b
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/core/src/fmt/mod.rs:1254:17
5: 0x5635efa91a55 - std::io::Write::write_fmt::h88186074961638e4
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/io/mod.rs:1698:15
6: 0x5635efa947a5 - std::sys_common::backtrace::_print::h184198273ed08d59
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/sys_common/backtrace.rs:47:5
7: 0x5635efa947a5 - std::sys_common::backtrace::print::h1b4d8e7add699453
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/sys_common/backtrace.rs:34:9
8: 0x5635efa95e4e - std::panicking::default_hook::{{closure}}::h393bcea75423915a
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panicking.rs:269:22
9: 0x5635efa95bf5 - std::panicking::default_hook::h48c64f31d8b3fd03
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panicking.rs:288:9
10: 0x5635efa963ae - std::panicking::rust_panic_with_hook::hafdc493a79370062
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panicking.rs:691:13
11: 0x5635efa962a9 - std::panicking::begin_panic_handler::{{closure}}::h0a64bc82e36bedc7
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panicking.rs:582:13
12: 0x5635efa94e46 - std::sys_common::backtrace::__rust_end_short_backtrace::hc203444fb7416a16
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/sys_common/backtrace.rs:150:18
13: 0x5635efa96002 - rust_begin_unwind
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panicking.rs:578:5
14: 0x5635ef24e193 - core::panicking::panic_fmt::h0f6ef0178afce4f2
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/core/src/panicking.rs:67:14
15: 0x5635ef24e153 - core::panicking::panic_display::h01701c1a3a28d8fa
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/core/src/panicking.rs:150:5
16: 0x5635ef24e153 - core::panicking::panic_str::h7d8fffbb2324dc68
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/core/src/panicking.rs:134:5
17: 0x5635ef24e153 - core::option::expect_failed::h18c286e2b6fe8852
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/core/src/option.rs:2025:5
18: 0x5635ef3b75bd - core::option::Option<T>::expect::he2380802c3b2bc4a
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/core/src/option.rs:913:21
19: 0x5635ef830d84 - rustdds::rtps::message_receiver::MessageReceiver::handle_interpreter_submessage::h526b3c87365ad9ce
at /home/seulbae/ddssecurity/targets/rustdds-0.8.3/src/rtps/message_receiver.rs:409:47
20: 0x5635ef82e3cd - rustdds::rtps::message_receiver::MessageReceiver::handle_parsed_message::h0a8165bccbf2ada7
at /home/seulbae/ddssecurity/targets/rustdds-0.8.3/src/rtps/message_receiver.rs:194:43
21: 0x5635ef82dcef - rustdds::rtps::message_receiver::MessageReceiver::handle_received_packet::hc7a36f69f3a2e87d
at /home/seulbae/ddssecurity/targets/rustdds-0.8.3/src/rtps/message_receiver.rs:183:5
22: 0x5635ef6cfa2e - rustdds::rtps::dp_event_loop::DPEventLoop::event_loop::h05601bd6c3c2ae31
at /home/seulbae/ddssecurity/targets/rustdds-0.8.3/src/rtps/dp_event_loop.rs:250:19
23: 0x5635ef402aa3 - rustdds::dds::participant::DomainParticipantInner::new::{{closure}}::had0cef772e58f041
at /home/seulbae/ddssecurity/targets/rustdds-0.8.3/src/dds/participant.rs:768:9
24: 0x5635ef714709 - std::sys_common::backtrace::__rust_begin_short_backtrace::h3c1e3fbec170011b
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/sys_common/backtrace.rs:134:18
25: 0x5635ef734660 - std::thread::Builder::spawn_unchecked_::{{closure}}::{{closure}}::heed9327ed729ac05
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/thread/mod.rs:526:17
26: 0x5635ef812764 - <core::panic::unwind_safe::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once::hd3ac06514cc9e0f4
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/core/src/panic/unwind_safe.rs:271:9
27: 0x5635ef72fe78 - std::panicking::try::do_call::hed72e5162abcf112
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panicking.rs:485:40
28: 0x5635ef73016b - __rust_try
29: 0x5635ef72fc78 - std::panicking::try::h5292baa88e55de58
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panicking.rs:449:19
30: 0x5635ef69de4a - std::panic::catch_unwind::hdcd6626c135e20a9
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panic.rs:140:14
31: 0x5635ef73440a - std::thread::Builder::spawn_unchecked_::{{closure}}::h97b9c2e3d6394ccc
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/thread/mod.rs:525:30
32: 0x5635ef416f9f - core::ops::function::FnOnce::call_once{{vtable.shim}}::h8e1e1ae7ba09c97b
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/core/src/ops/function.rs:250:5
33: 0x5635efa99505 - <alloc::boxed::Box<F,A> as core::ops::function::FnOnce<Args>>::call_once::ha1f2224656a778fb
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/alloc/src/boxed.rs:1973:9
34: 0x5635efa99505 - <alloc::boxed::Box<F,A> as core::ops::function::FnOnce<Args>>::call_once::haa29ed9703f354b7
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/alloc/src/boxed.rs:1973:9
35: 0x5635efa99505 - std::sys::unix::thread::Thread::new::thread_start::h33b6dae3e3692197
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/sys/unix/thread.rs:108:17
36: 0x7fdedd212609 - start_thread
at /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477:8
This is a genuine bug again. It has been fixed in the security branch already, but apparently was not in master.
Fixed in Release 0.8.4 .