SEGV
A null pointer dereference vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). When multiple threads enqueue elements concurrently via IEC10X_PrioEnQueue, the function may dereference a null or freed queue pointer, resulting in a segmentation fault and potential denial-of-service.
./iec104_monitor -m client -n 100 -p 10000 (-m: client mode; -n: 100 threads to trigger race conditions; -p: port 10000)================================================================= ==7676==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x0000004ce9b6 bp 0x606000015fe0 sp 0x7f9b0c4e4dc0 T28) ==7676==The signal is caused by a WRITE memory access. ==7676==Hint: address points to the zero page. #0 0x4ce9b5 in IEC10X_PrioEnQueue /IEC104-master/test/..//IEC10X/PRIO_QUEUE_Iec10x.c:69:30 #1 0x4d0037 in IEC10X_Enqueue /IEC104-master/test/..//IEC10X/Iec10x.c:95:5 #2 0x4cd9a5 in IEC104_Build_U /IEC104-master/test/..//IEC10X/Iec104.c:687:5 #3 0x4cd9a5 in Iec104_StateMachine /IEC104-master/test/..//IEC10X/Iec104.c:1436:13 #4 0x4d149c in Iec104_Task /IEC104-master/test/main.c:66:9 #5 0x7f9b1d09c183 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8183) #6 0x7f9b1c4a103c in clone (/lib/x86_64-linux-gnu/libc.so.6+0xfe03c) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /IEC104-master/test/..//IEC10X/PRIO_QUEUE_Iec10x.c:69:30 in IEC10X_PrioEnQueue Thread T28 created by T26 here: #0 0x47d8fa in pthread_create /tmp/final/llvm.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:209:3 #1 0x4d237d in Iec104_Client /IEC104-master/test/main.c:168:9 #2 0x7f9b1d09c183 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8183) Thread T26 created by T0 here: #0 0x47d8fa in pthread_create /tmp/final/llvm.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:209:3 #1 0x4d34bb in main /IEC104-master/test/main.c:311:11 #2 0x7f9b1c3c4f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) ==7676==ABORTING