bug-gsl
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #59834] Misaligned memory access error in deque.c

From: Patrick Alken
Subject: [bug #59834] Misaligned memory access error in deque.c
Date: Wed, 6 Jan 2021 10:50:59 -0500 (EST)
User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0 
URL:
  <https://savannah.gnu.org/bugs/?59834>

                 Summary: Misaligned memory access error in deque.c
                 Project: GNU Scientific Library
            Submitted by: psa
            Submitted on: Wed 06 Jan 2021 03:50:58 PM UTC
                Category: Runtime error
                Severity: 3 - Normal
        Operating System: 
                  Status: None
             Assigned to: None
             Open/Closed: Open
                 Release: 
         Discussion Lock: Any

    _______________________________________________________

Details:

reported by zhoulai.fu =at= gmail =dot= com

Running doc/examples/filt_edge.c with the Undefined Sanitizer enabled
reveals many unaligned memory access errors in deque.c. (See
https://www.kernel.org/doc/Documentation/unaligned-memory-access.txt
for unaligned memory access.)

deque.c:58:11: runtime error: member access within misaligned address
0x0000024010f4 for type 'struct deque', which requires 8 byte alignment
0x0000024010f4: note: pointer points here
  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00
              ^
deque.c:59:11: runtime error: member access within misaligned address
0x0000024010f4 for type 'struct deque', which requires 8 byte alignment
0x0000024010f4: note: pointer points here
  00 00 00 00 ff ff ff ff  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00
              ^
deque.c:60:11: runtime error: member access within misaligned address
0x0000024010f4 for type 'struct deque', which requires 8 byte alignment
0x0000024010f4: note: pointer points here
  00 00 00 00 ff ff ff ff  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00
              ^
deque.c:61:12: runtime error: member access within misaligned address
0x0000024010f4 for type 'struct deque', which requires 8 byte alignment
0x0000024010f4: note: pointer points here
  00 00 00 00 ff ff ff ff  00 00 00 00 05 00 00 00  00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00
              ^
...

To reproduce the error, compile GSL and filt_edge.c with
"-fsanitize=undefined" flag and run the binary.

See the attached error.txt for the full error messages.

*Preliminary diagnosis:*

Gdb shows the following backtrace at the place where the error occurs:

(gdb) bt
#0  deque_init (n=5, d=0x6d20f4) at deque.c:59
#1  0x000000000040cd71 in mmacc_init (n=4, vstate=0x6d2060) at mmacc.c:88
#2  0x0000000000401d59 in rmedian_init (n=4, vstate=0x6d2050) at
rmedian.c:175
#3  0x0000000000404aeb in gsl_movstat_apply_accum
(endtype=GSL_MOVSTAT_END_PADVALUE, x=0x7fffffffd960, accum=0x66d9c0
<rmedian_accum_type>,
    accum_params=0x7fffffffd950, y=0x7fffffffd990, z=0x0, w=0x6d2010) at
apply.c:74
#4  0x0000000000401bba in gsl_filter_rmedian
(endtype=GSL_FILTER_END_PADVALUE, x=0x6d4100, y=0x6d8040, w=0x6d1eb0) at
rmedian.c:147
#5  0x000000000040108d in main () at filt_edge.c:38


That is, the error occurs at in the function

 static int
 deque_init(const size_t n, deque * d)

of deque.c. In the function, the compiler expects the  pointer of type
deque, d, to be 8-aligned. Yet d got an address 0x6d20f4 that is not
8-aligned.

The cause of the error should closely relate to mmann.c:84

  state->maxque = (deque *) ((unsigned char *) state->minque + deque_size(n
+ 1));

In this operation of pointer casting, if we assume that the first term
above, state->minque, is a multiple of 8, then, the second term above,
deque_size(n + 1), should be a multiple of 8 as well, in order to meet the
8-alignment requirement. Now, take a look at the function deque_size in
deque.c:

 static size_t
 deque_size(const size_t n)
 {
   size_t size = 0;

   size += sizeof(deque);
   size += n * sizeof(deque_type_t); /* array */

   return size;
 }

The function returns 24 + n * 4, since sizeof(deque) is determined to be
24 at compile time, and sizeof(deque_type_t) is 4 as deque_type_t is a
typedef of int. This number, 24 + n * 4, is a multiple of 8 if and only if
n is even. In other words, the misalignment should occur whenever n
is odd.

Note that the kind of
misaligned memory access can cause undefined behavior, triggering
performance
penalty, crash or incorrect results. See
https://developer.ibm.com/technologies/systems/articles/pa-dalign/.



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Wed 06 Jan 2021 03:50:58 PM UTC  Name: error.txt  Size: 13KiB   By: psa

<http://savannah.gnu.org/bugs/download.php?file_id=50667>

    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?59834>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]