[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #55432] clang w/ ASAN: stack-use-after-scope (
|
From: |
Dmitri A. Sergatskov |
|
Subject: |
[Octave-bug-tracker] [bug #55432] clang w/ ASAN: stack-use-after-scope (starting octave) |
|
Date: |
Wed, 9 Jan 2019 19:00:56 -0500 (EST) |
|
User-agent: |
Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0 |
URL:
<https://savannah.gnu.org/bugs/?55432>
Summary: clang w/ ASAN: stack-use-after-scope (starting
octave)
Project: GNU Octave
Submitted by: dasergatskov
Submitted on: Thu 10 Jan 2019 12:00:54 AM UTC
Category: None
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: Segfault, Bus Error, etc.
Status: None
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: 5.0.1
Operating System: GNU/Linux
_______________________________________________________
Details:
I tried to compile octave with clang and asan.
I cannot start the compiled binary:
ASAN_OPTIONS=detect_stack_use_after_scope=0 ./run-octave -f -q
=================================================================
==18596==ERROR: AddressSanitizer: stack-use-after-scope on address
0x7fffc2144420 at pc 0x7fcc26dcb1f1 bp 0x7fffc2143d30 sp 0x7fffc2143d28
READ of size 8 at 0x7fffc2144420 thread T0
#0 0x7fcc26dcb1f0 in std::__shared_ptr<octave::symbol_scope_rep,
(__gnu_cxx::_Lock_policy)2>::operator bool() const
/usr/bin/../lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/shared_ptr_base.h:1291:16
#1 0x7fcc2728847e in octave::symbol_scope::unbind_script_symbols()
/home/dima/src/octave/clang_asan_min/../libinterp/corefcn/symscope.h:1007:11
#2 0x7fcc2729c83f in void std::__invoke_impl<void, void
(octave::symbol_scope::*&)(),
octave::symbol_scope*&>(std::__invoke_memfun_deref, void
(octave::symbol_scope::*&)(), octave::symbol_scope*&)
/usr/bin/../lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/invoke.h:73:14
#3 0x7fcc2729c6d1 in std::__invoke_result<void
(octave::symbol_scope::*&)(), octave::symbol_scope*&>::type std::__invoke<void
(octave::symbol_scope::*&)(), octave::symbol_scope*&>(void
(octave::symbol_scope::*&)(), octave::symbol_scope*&)
/usr/bin/../lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/invoke.h:95:14
#4 0x7fcc2729c645 in void std::_Bind<void (octave::symbol_scope::*
(octave::symbol_scope*))()>::__call<void, 0ul>(std::tuple<>&&,
std::_Index_tuple<0ul>)
/usr/bin/../lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/functional:400:11
#5 0x7fcc2729c4b6 in void std::_Bind<void (octave::symbol_scope::*
(octave::symbol_scope*))()>::operator()<void>()
/usr/bin/../lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/functional:482:17
#6 0x7fcc2729bf6c in std::_Function_handler<void (), std::_Bind<void
(octave::symbol_scope::* (octave::symbol_scope*))()>
>::_M_invoke(std::_Any_data const&)
/usr/bin/../lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/std_function.h:297:2
#7 0x7fcc26cc404e in std::function<void ()>::operator()() const
/usr/bin/../lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/std_function.h:687:14
#8 0x7fcc26cc3158 in octave::action_container::fcn_elem::run()
/home/dima/src/octave/clang_asan_min/../liboctave/util/action-container.h:76:25
#9 0x7fcc26cbe2b7 in octave::unwind_protect::run_first()
/home/dima/src/octave/clang_asan_min/../liboctave/util/unwind-prot.h:67:16
#10 0x7fcc26cc1f8b in octave::action_container::run(unsigned long)
/home/dima/src/octave/clang_asan_min/../liboctave/util/action-container.h:200:9
#11 0x7fcc26cc1e09 in octave::action_container::run()
/home/dima/src/octave/clang_asan_min/../liboctave/util/action-container.h:203:23
#12 0x7fcc26cbc9f2 in octave::unwind_protect::~unwind_protect()
/home/dima/src/octave/clang_asan_min/../liboctave/util/unwind-prot.h:56:30
#13 0x7fcc272699ae in
octave::tree_evaluator::execute_user_script(octave_user_script&, int,
octave_value_list const&)
/home/dima/src/octave/clang_asan_min/../libinterp/parse-tree/pt-eval.cc:1522:3
#14 0x7fcc26f9df71 in octave_user_script::call(octave::tree_evaluator&,
int, octave_value_list const&)
/home/dima/src/octave/clang_asan_min/../libinterp/octave-value/ov-usr-fcn.cc:168:13
#15 0x7fcc271e437a in octave::source_file(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>
> const&, bool, bool, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&)
/home/dima/src/octave/clang_asan_min/../libinterp/parse-tree/oct-parse.yy:5065:11
#16 0x7fcc27b87f58 in
octave::load_path::execute_pkg_add_or_del(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>
> const&)
/home/dima/src/octave/clang_asan_min/../libinterp/corefcn/load-path.cc:856:7
#17 0x7fcc27b87acc in
octave::load_path::execute_pkg_add(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&)
/home/dima/src/octave/clang_asan_min/../libinterp/corefcn/load-path.cc:834:5
#18 0x7fcc27b58aee in
octave::interpreter::execute_pkg_add(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&)
/home/dima/src/octave/clang_asan_min/../libinterp/corefcn/interpreter.cc:1224:21
#19 0x7fcc27b59564 in
octave::interpreter::initialize_load_path(bool)::$_0::operator()(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&) const
/home/dima/src/octave/clang_asan_min/../libinterp/corefcn/interpreter.cc:607:43
#20 0x7fcc27b593a1 in std::_Function_handler<void
(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>
> const&),
octave::interpreter::initialize_load_path(bool)::$_0>::_M_invoke(std::_Any_data
const&, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&)
/usr/bin/../lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/std_function.h:297:2
#21 0x7fcc27b9b288 in std::function<void (std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >
const&)>::operator()(std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&) const
/usr/bin/../lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/std_function.h:687:14
#22 0x7fcc27b79990 in
octave::load_path::set(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, bool, bool)
/home/dima/src/octave/clang_asan_min/../libinterp/corefcn/load-path.cc:291:11
#23 0x7fcc27b7893c in octave::load_path::initialize(bool)
/home/dima/src/octave/clang_asan_min/../libinterp/corefcn/load-path.cc:234:5
#24 0x7fcc27b530c1 in octave::interpreter::initialize_load_path(bool)
/home/dima/src/octave/clang_asan_min/../libinterp/corefcn/interpreter.cc:609:21
#25 0x7fcc27b5362b in octave::interpreter::initialize()
/home/dima/src/octave/clang_asan_min/../libinterp/corefcn/interpreter.cc:636:5
#26 0x7fcc27b53c1b in octave::interpreter::execute()
/home/dima/src/octave/clang_asan_min/../libinterp/corefcn/interpreter.cc:648:9
#27 0x7fcc26120f61 in octave::cli_application::execute()
/home/dima/src/octave/clang_asan_min/../libinterp/octave.cc:391:25
#28 0x52ce3c in main
/home/dima/src/octave/clang_asan_min/../src/main-cli.cc:92:14
#29 0x7fcc1fb32412 in __libc_start_main (/lib64/libc.so.6+0x24412)
#30 0x41c4fd in _start
(/home/dima/src/octave/clang_asan_min/src/.libs/lt-octave-cli+0x41c4fd)
Address 0x7fffc2144420 is located in stack of thread T0 at offset 384 in
frame
#0 0x7fcc27268cef in
octave::tree_evaluator::execute_user_script(octave_user_script&, int,
octave_value_list const&)
/home/dima/src/octave/clang_asan_min/../libinterp/parse-tree/pt-eval.cc:1466
This frame has 9 object(s):
[32, 64) 'file_name' (line 1469)
[96, 184) 'frame' (line 1479)
[224, 228) 'ref.tmp' (line 1482)
[240, 256) 'coerce'
[272, 288) 'coerce30'
[304, 352) 'block' (line 1504)
[384, 400) 'script_scope' (line 1506) <== Memory access at offset 384 is
inside this variable
[416, 432) 'coerce41'
[448, 464) 'ref.tmp44' (line 1508)
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope
/usr/bin/../lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/shared_ptr_base.h:1291:16
in std::__shared_ptr<octave::symbol_scope_rep,
(__gnu_cxx::_Lock_policy)2>::operator bool() const
Shadow bytes around the buggy address:
0x100078420830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100078420840: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100078420850: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 f2 f2 f2 f2
0x100078420860: 00 00 00 00 00 00 00 00 00 00 00 f2 f2 f2 f2 f2
0x100078420870: f8 f2 00 00 f2 f2 00 00 f2 f2 f8 f8 f8 f8 f8 f8
=>0x100078420880: f2 f2 f2 f2[f8]f8 f2 f2 00 00 f2 f2 f8 f8 f3 f3
0x100078420890: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000784208a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000784208b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000784208c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000784208d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==18596==ABORTING
May be it is an issue with clang (7.0.1) -- the detect_stack_use_after_scope=0
should suppress this diagnostic
but it does not.
But may be there is something in
../libinterp/corefcn/symscope.h:1007:11
Dmitri.
--
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?55432>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
- [Octave-bug-tracker] [bug #55432] clang w/ ASAN: stack-use-after-scope (starting octave),
Dmitri A. Sergatskov <=
- [Octave-bug-tracker] [bug #55432] clang w/ ASAN: stack-use-after-scope (starting octave), Rik, 2019/01/09
- [Octave-bug-tracker] [bug #55432] clang w/ ASAN: stack-use-after-scope (starting octave), Rik, 2019/01/22
- [Octave-bug-tracker] [bug #55432] clang w/ ASAN: stack-use-after-scope (starting octave), Dmitri A. Sergatskov, 2019/01/22
- [Octave-bug-tracker] [bug #55432] clang w/ ASAN: stack-use-after-scope (starting octave), Rik, 2019/01/22
- [Octave-bug-tracker] [bug #55432] clang w/ ASAN: stack-use-after-scope (starting octave), Dmitri A. Sergatskov, 2019/01/22
- [Octave-bug-tracker] [bug #55432] clang w/ ASAN: stack-use-after-scope (starting octave), Dmitri A. Sergatskov, 2019/01/22
- [Octave-bug-tracker] [bug #55432] clang w/ ASAN: stack-use-after-scope (starting octave), Rik, 2019/01/22
- [Octave-bug-tracker] [bug #55432] clang w/ ASAN: stack-use-after-scope (starting octave), Dmitri A. Sergatskov, 2019/01/22
- [Octave-bug-tracker] [bug #55432] clang w/ ASAN: stack-use-after-scope (starting octave), Rik, 2019/01/22