octave-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Octave-bug-tracker] [bug #63682] mat2cell returns incorrect value when

From: Dmitri A. Sergatskov
Subject: [Octave-bug-tracker] [bug #63682] mat2cell returns incorrect value when only one output dimensions is specified and input is N-D array
Date: Sun, 19 Feb 2023 08:01:47 -0500 (EST) 
Follow-up Comment #11, bug #63682 (project octave):

Still crashes for me:


octave:1> version -hgid
ans = 0e046fefbffa
octave:2> test libinterp/corefcn/cellfun.cc-tst
warning: inline is obsolete; use anonymous functions instead
=================================================================
==300334==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x602000dbc420 at pc 0x7fc5b3b08a73 bp 0x7fc58f64b810 sp 0x7fc58f64b800
READ of size 8 at 0x602000dbc420 thread T7 (QThread)
    #0 0x7fc5b3b08a72 in Cell octave::do_mat2cell_nd<NDArray>(NDArray const&,
Array<long, std::allocator<long> > const*, int)
../libinterp/corefcn/cellfun.cc:2088
    #1 0x7fc5b3b06aab in Cell octave::do_mat2cell<NDArray>(NDArray const&,
Array<long, std::allocator<long> > const*, int)
../libinterp/corefcn/cellfun.cc:2106
    #2 0x7fc5b3aceabc in octave::Fmat2cell(octave_value_list const&, int)
../libinterp/corefcn/cellfun.cc:2276
    #3 0x7fc5b38f665c in
octave::tree_evaluator::execute_builtin_function(octave_builtin&, int,
octave_value_list const&) ../libinterp/parse-tree/pt-eval.cc:3362
    #4 0x7fc5b34da61a in octave_builtin::execute(octave::tree_evaluator&, int,
octave_value_list const&) ../libinterp/octave-value/ov-builtin.cc:49
    #5 0x7fc5b35c2fd9 in octave_function::call(octave::tree_evaluator&, int,
octave_value_list const&) ../libinterp/octave-value/ov-fcn.cc:57
    #6 0x7fc5b394269c in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.cc:427
    #7 0x7fc5b3947c89 in
octave::tree_index_expression::evaluate(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.h:104
    #8 0x7fc5b38bfd04 in
octave::tree_simple_assignment::evaluate(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-assign.cc:101
    #9 0x7fc5b38fa6c3 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
../libinterp/parse-tree/pt-eval.cc:3863
    #10 0x7fc5b395f4f4 in octave::tree_statement::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:120
    #11 0x7fc5b38fb212 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
../libinterp/parse-tree/pt-eval.cc:3948
    #12 0x7fc5b341a04c in
octave::tree_statement_list::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:193
    #13 0x7fc5b38f85e9 in
octave::tree_evaluator::execute_user_function(octave_user_function&, int,
octave_value_list const&) ../libinterp/parse-tree/pt-eval.cc:3587
    #14 0x7fc5b36c8556 in
octave_user_function::execute(octave::tree_evaluator&, int, octave_value_list
const&) ../libinterp/octave-value/ov-usr-fcn.cc:495
    #15 0x7fc5b36c83e7 in octave_user_function::call(octave::tree_evaluator&,
int, octave_value_list const&) ../libinterp/octave-value/ov-usr-fcn.cc:488
    #16 0x7fc5b394269c in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.cc:427
    #17 0x7fc5b38e1c2a in
octave::tree_evaluator::eval_string(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, bool, int&, int)
../libinterp/parse-tree/pt-eval.cc:1053
    #18 0x7fc5b38e27d9 in
octave::tree_evaluator::eval(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, int)
../libinterp/parse-tree/pt-eval.cc:1112
    #19 0x7fc5b41cd611 in
octave::interpreter::eval(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, int)
../libinterp/corefcn/interpreter.cc:1478
    #20 0x7fc5b387f32d in octave::Feval(octave::interpreter&,
octave_value_list const&, int) ../libinterp/parse-tree/oct-parse.yy:6466
    #21 0x7fc5b38f677c in
octave::tree_evaluator::execute_builtin_function(octave_builtin&, int,
octave_value_list const&) ../libinterp/parse-tree/pt-eval.cc:3367
    #22 0x7fc5b34da61a in octave_builtin::execute(octave::tree_evaluator&,
int, octave_value_list const&) ../libinterp/octave-value/ov-builtin.cc:49
    #23 0x7fc5b35c2fd9 in octave_function::call(octave::tree_evaluator&, int,
octave_value_list const&) ../libinterp/octave-value/ov-fcn.cc:57
    #24 0x7fc5b394269c in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.cc:427
    #25 0x7fc5b3947c89 in
octave::tree_index_expression::evaluate(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.h:104
    #26 0x7fc5b38fa6c3 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
../libinterp/parse-tree/pt-eval.cc:3863
    #27 0x7fc5b395f4f4 in octave::tree_statement::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:120
    #28 0x7fc5b38fb212 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
../libinterp/parse-tree/pt-eval.cc:3948
    #29 0x7fc5b341a04c in
octave::tree_statement_list::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:193
    #30 0x7fc5b38fbdd4 in
octave::tree_evaluator::visit_try_catch_command(octave::tree_try_catch_command&)
../libinterp/parse-tree/pt-eval.cc:4063
    #31 0x7fc5b3938efe in
octave::tree_try_catch_command::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-except.h:80
    #32 0x7fc5b38fa465 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
../libinterp/parse-tree/pt-eval.cc:3838
    #33 0x7fc5b395f4f4 in octave::tree_statement::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:120
    #34 0x7fc5b38fb212 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
../libinterp/parse-tree/pt-eval.cc:3948
    #35 0x7fc5b341a04c in
octave::tree_statement_list::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:193
    #36 0x7fc5b38f99b2 in
octave::tree_evaluator::visit_if_command_list(octave::tree_if_command_list&)
../libinterp/parse-tree/pt-eval.cc:3711
    #37 0x7fc5b391114e in
octave::tree_if_command_list::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-select.h:111
    #38 0x7fc5b38f95c9 in
octave::tree_evaluator::visit_if_command(octave::tree_if_command&)
../libinterp/parse-tree/pt-eval.cc:3689
    #39 0x7fc5b395c10e in
octave::tree_if_command::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-select.h:141
    #40 0x7fc5b38fa465 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
../libinterp/parse-tree/pt-eval.cc:3838
    #41 0x7fc5b395f4f4 in octave::tree_statement::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:120
    #42 0x7fc5b38fb212 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
../libinterp/parse-tree/pt-eval.cc:3948
    #43 0x7fc5b341a04c in
octave::tree_statement_list::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:193
    #44 0x7fc5b38fd436 in
octave::tree_evaluator::visit_unwind_protect_command(octave::tree_unwind_protect_command&)
../libinterp/parse-tree/pt-eval.cc:4208
    #45 0x7fc5b3938f72 in
octave::tree_unwind_protect_command::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-except.h:142
    #46 0x7fc5b38fa465 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
../libinterp/parse-tree/pt-eval.cc:3838
    #47 0x7fc5b395f4f4 in octave::tree_statement::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:120
    #48 0x7fc5b38fb212 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
../libinterp/parse-tree/pt-eval.cc:3948
    #49 0x7fc5b341a04c in
octave::tree_statement_list::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:193
    #50 0x7fc5b3914fbd in void
octave::tree_evaluator::execute_range_loop<double>(octave::range<double, void>
const&, int, octave::octave_lvalue&, octave::tree_statement_list*)
../libinterp/parse-tree/pt-eval.cc:3028
    #51 0x7fc5b38f3116 in
octave::tree_evaluator::visit_simple_for_command(octave::tree_simple_for_command&)
../libinterp/parse-tree/pt-eval.cc:3075
    #52 0x7fc5b394f8a0 in
octave::tree_simple_for_command::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-loop.h:179
    #53 0x7fc5b38fa465 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
../libinterp/parse-tree/pt-eval.cc:3838
    #54 0x7fc5b395f4f4 in octave::tree_statement::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:120
    #55 0x7fc5b38fb212 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
../libinterp/parse-tree/pt-eval.cc:3948
    #56 0x7fc5b341a04c in
octave::tree_statement_list::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:193
    #57 0x7fc5b38f85e9 in
octave::tree_evaluator::execute_user_function(octave_user_function&, int,
octave_value_list const&) ../libinterp/parse-tree/pt-eval.cc:3587
    #58 0x7fc5b36c8556 in
octave_user_function::execute(octave::tree_evaluator&, int, octave_value_list
const&) ../libinterp/octave-value/ov-usr-fcn.cc:495
    #59 0x7fc5b36c83e7 in octave_user_function::call(octave::tree_evaluator&,
int, octave_value_list const&) ../libinterp/octave-value/ov-usr-fcn.cc:488
    #60 0x7fc5b394269c in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.cc:427
    #61 0x7fc5b3947c89 in
octave::tree_index_expression::evaluate(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.h:104
    #62 0x7fc5b38fa6c3 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
../libinterp/parse-tree/pt-eval.cc:3863
    #63 0x7fc5b395f4f4 in octave::tree_statement::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:120
    #64 0x7fc5b38fb212 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
../libinterp/parse-tree/pt-eval.cc:3948
    #65 0x7fc5b341a04c in
octave::tree_statement_list::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:193
    #66 0x7fc5b38e15c3 in
octave::tree_evaluator::eval(std::shared_ptr<octave::tree_statement_list>&,
bool) ../libinterp/parse-tree/pt-eval.cc:985
    #67 0x7fc5b38e02b1 in octave::tree_evaluator::repl()
../libinterp/parse-tree/pt-eval.cc:804
    #68 0x7fc5b41cc2aa in octave::interpreter::main_loop()
../libinterp/corefcn/interpreter.cc:1316
    #69 0x7fc5b41bed44 in octave::interpreter::execute()
../libinterp/corefcn/interpreter.cc:882
    #70 0x7fc5b5516f80 in octave::interpreter_qobject::execute()
../libgui/src/interpreter-qobject.cc:87
    #71 0x7fc5b579f834 in
octave::interpreter_qobject::qt_static_metacall(QObject*, QMetaObject::Call,
int, void**) libgui/src/moc-interpreter-qobject.cc:88
    #72 0x7fc5b0ed1a98 in QObject::event(QEvent*)
(/lib64/libQt5Core.so.5+0x2d1a98)
    #73 0x7fc5b1bae422 in QApplicationPrivate::notify_helper(QObject*,
QEvent*) (/lib64/libQt5Widgets.so.5+0x1ae422)
    #74 0x7fc5b561f0be in octave::octave_qapplication::notify(QObject*,
QEvent*) ../libgui/src/octave-qobject.cc:146
    #75 0x7fc5b0ea7357 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/lib64/libQt5Core.so.5+0x2a7357)
    #76 0x7fc5b0eaa8b5 in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) (/lib64/libQt5Core.so.5+0x2aa8b5)
    #77 0x7fc5b0ef8fa6 in postEventSourceDispatch(_GSource*, int (*)(void*),
void*) (/lib64/libQt5Core.so.5+0x2f8fa6)
    #78 0x7fc5acd1ae2e in g_main_context_dispatch
(/lib64/libglib-2.0.so.0+0x54e2e)
    #79 0x7fc5acd6f507 in g_main_context_iterate.constprop.0
(/lib64/libglib-2.0.so.0+0xa9507)
    #80 0x7fc5acd185f2 in g_main_context_iteration
(/lib64/libglib-2.0.so.0+0x525f2)
    #81 0x7fc5b0ef8a47 in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/lib64/libQt5Core.so.5+0x2f8a47)
    #82 0x7fc5b0ea5d61 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/lib64/libQt5Core.so.5+0x2a5d61)
    #83 0x7fc5b0ce89c9 in QThread::exec() (/lib64/libQt5Core.so.5+0xe89c9)
    #84 0x7fc5b0ce9bf8 in QThreadPrivate::start(void*)
(/lib64/libQt5Core.so.5+0xe9bf8)
    #85 0x7fc5ace9f801 in start_thread (/lib64/libc.so.6+0x9f801)
    #86 0x7fc5ace3f44f in __GI___clone3 (/lib64/libc.so.6+0x3f44f)

0x602000dbc420 is located 0 bytes to the right of 16-byte region
[0x602000dbc410,0x602000dbc420)
allocated by thread T7 (QThread) here:
    #0 0x7fc5b60b64d7 in operator new[](unsigned long)
(/lib64/libasan.so.6+0xb64d7)
    #1 0x7fc5b32d2258 in std::_MakeUniq<long []>::__array
std::make_unique<long []>(unsigned long)
/usr/include/c++/11/bits/unique_ptr.h:968
    #2 0x7fc5b3b087eb in Cell octave::do_mat2cell_nd<NDArray>(NDArray const&,
Array<long, std::allocator<long> > const*, int)
../libinterp/corefcn/cellfun.cc:2079
    #3 0x7fc5b3b06aab in Cell octave::do_mat2cell<NDArray>(NDArray const&,
Array<long, std::allocator<long> > const*, int)
../libinterp/corefcn/cellfun.cc:2106
    #4 0x7fc5b3aceabc in octave::Fmat2cell(octave_value_list const&, int)
../libinterp/corefcn/cellfun.cc:2276
    #5 0x7fc5b38f665c in
octave::tree_evaluator::execute_builtin_function(octave_builtin&, int,
octave_value_list const&) ../libinterp/parse-tree/pt-eval.cc:3362
    #6 0x7fc5b34da61a in octave_builtin::execute(octave::tree_evaluator&, int,
octave_value_list const&) ../libinterp/octave-value/ov-builtin.cc:49
    #7 0x7fc5b35c2fd9 in octave_function::call(octave::tree_evaluator&, int,
octave_value_list const&) ../libinterp/octave-value/ov-fcn.cc:57
    #8 0x7fc5b394269c in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.cc:427
    #9 0x7fc5b3947c89 in
octave::tree_index_expression::evaluate(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.h:104
    #10 0x7fc5b38bfd04 in
octave::tree_simple_assignment::evaluate(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-assign.cc:101
    #11 0x7fc5b38fa6c3 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
../libinterp/parse-tree/pt-eval.cc:3863
    #12 0x7fc5b395f4f4 in octave::tree_statement::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:120
    #13 0x7fc5b38fb212 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
../libinterp/parse-tree/pt-eval.cc:3948
    #14 0x7fc5b341a04c in
octave::tree_statement_list::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:193
    #15 0x7fc5b38f85e9 in
octave::tree_evaluator::execute_user_function(octave_user_function&, int,
octave_value_list const&) ../libinterp/parse-tree/pt-eval.cc:3587
    #16 0x7fc5b36c8556 in
octave_user_function::execute(octave::tree_evaluator&, int, octave_value_list
const&) ../libinterp/octave-value/ov-usr-fcn.cc:495
    #17 0x7fc5b36c83e7 in octave_user_function::call(octave::tree_evaluator&,
int, octave_value_list const&) ../libinterp/octave-value/ov-usr-fcn.cc:488
    #18 0x7fc5b394269c in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.cc:427
    #19 0x7fc5b38e1c2a in
octave::tree_evaluator::eval_string(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, bool, int&, int)
../libinterp/parse-tree/pt-eval.cc:1053
    #20 0x7fc5b38e27d9 in
octave::tree_evaluator::eval(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, int)
../libinterp/parse-tree/pt-eval.cc:1112
    #21 0x7fc5b41cd611 in
octave::interpreter::eval(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, int)
../libinterp/corefcn/interpreter.cc:1478
    #22 0x7fc5b387f32d in octave::Feval(octave::interpreter&,
octave_value_list const&, int) ../libinterp/parse-tree/oct-parse.yy:6466
    #23 0x7fc5b38f677c in
octave::tree_evaluator::execute_builtin_function(octave_builtin&, int,
octave_value_list const&) ../libinterp/parse-tree/pt-eval.cc:3367
    #24 0x7fc5b34da61a in octave_builtin::execute(octave::tree_evaluator&,
int, octave_value_list const&) ../libinterp/octave-value/ov-builtin.cc:49
    #25 0x7fc5b35c2fd9 in octave_function::call(octave::tree_evaluator&, int,
octave_value_list const&) ../libinterp/octave-value/ov-fcn.cc:57
    #26 0x7fc5b394269c in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.cc:427
    #27 0x7fc5b3947c89 in
octave::tree_index_expression::evaluate(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.h:104
    #28 0x7fc5b38fa6c3 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
../libinterp/parse-tree/pt-eval.cc:3863
    #29 0x7fc5b395f4f4 in octave::tree_statement::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:120

Thread T7 (QThread) created by T0 here:
    #0 0x7fc5b60587d5 in pthread_create (/lib64/libasan.so.6+0x587d5)
    #1 0x7fc5b0ce969e in QThread::start(QThread::Priority)
(/lib64/libQt5Core.so.5+0xe969e)

SUMMARY: AddressSanitizer: heap-buffer-overflow
../libinterp/corefcn/cellfun.cc:2088 in Cell
octave::do_mat2cell_nd<NDArray>(NDArray const&, Array<long,
std::allocator<long> > const*, int)
Shadow bytes around the buggy address:
  0x0c04801af830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c04801af840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c04801af850: fa fa fa fa fa fa fd fd fa fa fd fd fa fa 00 00
  0x0c04801af860: fa fa fd fd fa fa fa fa fa fa fa fa fa fa 00 00
  0x0c04801af870: fa fa fd fd fa fa 00 00 fa fa fd fd fa fa fd fd
=>0x0c04801af880: fa fa 00 00[fa]fa 00 fa fa fa fd fd fa fa fd fd
  0x0c04801af890: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fd
  0x0c04801af8a0: fa fa 00 00 fa fa fd fd fa fa fd fa fa fa fd fd
  0x0c04801af8b0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa 00 fa
  0x0c04801af8c0: fa fa 00 00 fa fa fd fd fa fa fd fd fa fa 00 00
  0x0c04801af8d0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==300334==ABORTING


Dmitri. 
-- 



    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?63682>

_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]