Detailed Description of the Problem
*** h1 debug|==5501==ERROR: AddressSanitizer: stack-buffer-overflow on address 0xe8743830 at pc 0xeab12c2e bp 0xffd24c38 sp 0xffd24810
*** h1 debug|READ of size 24 at 0xe8743830 thread T0
**** dT 0.270
*** h1 debug| #0 0xeab12c2d in timer_settime.part.0 (/lib/libasan.so.8+0x6ec2d) (BuildId: dd96e6e7a4b15635a72f9e4dfead4d3603051679)
*** h1 debug| #1 0x08e3faef in wdt_ping src/wdt.c:62
*** h1 debug| #2 0x08e3faef in init_wdt_per_thread src/wdt.c:251
*** h1 debug| #3 0x08acad15 in run_thread_poll_loop src/haproxy.c:3149
*** h1 debug| #4 0x082ce916 in main src/haproxy.c:3853
*** h1 debug| #5 0xea07212b in __libc_start_call_main (/lib/libc.so.6+0x312b) (BuildId: 0fa94f77af2f396a76550c65a51c7d05147b2e08)
*** h1 debug| #6 0xea072267 in __libc_start_main@@GLIBC_2.34 (/lib/libc.so.6+0x3267) (BuildId: 0fa94f77af2f396a76550c65a51c7d05147b2e08)
*** h1 debug| #7 0x082d66e7 in _start (/__w/haproxy/haproxy/haproxy+0x82d66e7) (BuildId: 263908743bfbd81d5fea42dce3acef881c19da72)
*** h1 debug|
*** h1 debug|Address 0xe8743830 is located in stack of thread T0 at offset 48 in frame
*** h1 debug| #0 0x08e3f8cf in init_wdt_per_thread src/wdt.c:247
*** h1 debug|
*** h1 debug| This frame has 1 object(s):
*** h1 debug| [32, 48) 'its' (line 57) <== Memory access at offset 48 overflows this variable
*** h1 debug|HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
*** h1 debug| (longjmp and C++ exceptions are supported)
*** h1 debug|SUMMARY: AddressSanitizer: stack-buffer-overflow src/wdt.c:62 in wdt_ping
*** h1 debug|Shadow bytes around the buggy address:
*** h1 debug| 0xe8743580: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
*** h1 debug| 0xe8743600: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
*** h1 debug| 0xe8743680: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
*** h1 debug| 0xe8743700: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
*** h1 debug| 0xe8743780: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
*** h1 debug|=>0xe8743800: f1 f1 f1 f1 00 00[f3]f3 f5 f5 f5 f5 f5 f5 f5 f5
*** h1 debug| 0xe8743880: f5 f5 f5 f5 f5 f5 f5 f5 00 00 00 00 00 00 00 00
*** h1 debug| 0xe8743900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*** h1 debug| 0xe8743980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*** h1 debug| 0xe8743a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*** h1 debug| 0xe8743a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*** h1 debug|Shadow byte legend (one shadow byte represents 8 application bytes):
*** h1 debug| Addressable: 00
*** h1 debug| Partially addressable: 01 02 03 04 05 06 07
*** h1 debug| Heap left redzone: fa
*** h1 debug| Freed heap region: fd
*** h1 debug| Stack left redzone: f1
*** h1 debug| Stack mid redzone: f2
*** h1 debug| Stack right redzone: f3
*** h1 debug| Stack after return: f5
*** h1 debug| Stack use after scope: f8
*** h1 debug| Global redzone: f9
*** h1 debug| Global init order: f6
*** h1 debug| Poisoned by user: f7
*** h1 debug| Container overflow: fc
*** h1 debug| Array cookie: ac
*** h1 debug| Intra object redzone: bb
*** h1 debug| ASan internal: fe
*** h1 debug| Left alloca redzone: ca
*** h1 debug| Right alloca redzone: cb
*** h1 debug|==5501==ABORTING
running tests on x86 with ASAN enabled
Expected Behavior
no stack overflow
Steps to Reproduce the Behavior
run tests on x86 with asan enabled
https://github.com/chipitsine/haproxy/actions/runs/25970312647/job/76341021389
Do you have any idea what may have caused this?
No response
Do you have an idea how to solve the issue?
No response
What is your configuration?
Output of haproxy -vv
Last Outputs and Backtraces
Additional Information
No response
Detailed Description of the Problem
*** h1 debug|==5501==ERROR: AddressSanitizer: stack-buffer-overflow on address 0xe8743830 at pc 0xeab12c2e bp 0xffd24c38 sp 0xffd24810
*** h1 debug|READ of size 24 at 0xe8743830 thread T0
**** dT 0.270
*** h1 debug| #0 0xeab12c2d in timer_settime.part.0 (/lib/libasan.so.8+0x6ec2d) (BuildId: dd96e6e7a4b15635a72f9e4dfead4d3603051679)
*** h1 debug| #1 0x08e3faef in wdt_ping src/wdt.c:62
*** h1 debug| #2 0x08e3faef in init_wdt_per_thread src/wdt.c:251
*** h1 debug| #3 0x08acad15 in run_thread_poll_loop src/haproxy.c:3149
*** h1 debug| #4 0x082ce916 in main src/haproxy.c:3853
*** h1 debug| #5 0xea07212b in __libc_start_call_main (/lib/libc.so.6+0x312b) (BuildId: 0fa94f77af2f396a76550c65a51c7d05147b2e08)
*** h1 debug| #6 0xea072267 in __libc_start_main@@GLIBC_2.34 (/lib/libc.so.6+0x3267) (BuildId: 0fa94f77af2f396a76550c65a51c7d05147b2e08)
*** h1 debug| #7 0x082d66e7 in _start (/__w/haproxy/haproxy/haproxy+0x82d66e7) (BuildId: 263908743bfbd81d5fea42dce3acef881c19da72)
*** h1 debug|
*** h1 debug|Address 0xe8743830 is located in stack of thread T0 at offset 48 in frame
*** h1 debug| #0 0x08e3f8cf in init_wdt_per_thread src/wdt.c:247
*** h1 debug|
*** h1 debug| This frame has 1 object(s):
*** h1 debug| [32, 48) 'its' (line 57) <== Memory access at offset 48 overflows this variable
*** h1 debug|HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
*** h1 debug| (longjmp and C++ exceptions are supported)
*** h1 debug|SUMMARY: AddressSanitizer: stack-buffer-overflow src/wdt.c:62 in wdt_ping
*** h1 debug|Shadow bytes around the buggy address:
*** h1 debug| 0xe8743580: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
*** h1 debug| 0xe8743600: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
*** h1 debug| 0xe8743680: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
*** h1 debug| 0xe8743700: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
*** h1 debug| 0xe8743780: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
*** h1 debug|=>0xe8743800: f1 f1 f1 f1 00 00[f3]f3 f5 f5 f5 f5 f5 f5 f5 f5
*** h1 debug| 0xe8743880: f5 f5 f5 f5 f5 f5 f5 f5 00 00 00 00 00 00 00 00
*** h1 debug| 0xe8743900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*** h1 debug| 0xe8743980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*** h1 debug| 0xe8743a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*** h1 debug| 0xe8743a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*** h1 debug|Shadow byte legend (one shadow byte represents 8 application bytes):
*** h1 debug| Addressable: 00
*** h1 debug| Partially addressable: 01 02 03 04 05 06 07
*** h1 debug| Heap left redzone: fa
*** h1 debug| Freed heap region: fd
*** h1 debug| Stack left redzone: f1
*** h1 debug| Stack mid redzone: f2
*** h1 debug| Stack right redzone: f3
*** h1 debug| Stack after return: f5
*** h1 debug| Stack use after scope: f8
*** h1 debug| Global redzone: f9
*** h1 debug| Global init order: f6
*** h1 debug| Poisoned by user: f7
*** h1 debug| Container overflow: fc
*** h1 debug| Array cookie: ac
*** h1 debug| Intra object redzone: bb
*** h1 debug| ASan internal: fe
*** h1 debug| Left alloca redzone: ca
*** h1 debug| Right alloca redzone: cb
*** h1 debug|==5501==ABORTING
running tests on x86 with ASAN enabled
Expected Behavior
no stack overflow
Steps to Reproduce the Behavior
run tests on x86 with asan enabled
https://github.com/chipitsine/haproxy/actions/runs/25970312647/job/76341021389
Do you have any idea what may have caused this?
No response
Do you have an idea how to solve the issue?
No response
What is your configuration?
Output of
haproxy -vvLast Outputs and Backtraces
Additional Information
No response