[Octave-bug-tracker] [bug #63682] mat2cell returns incorrect value when

octave-bug-tracker
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #63682] mat2cell returns incorrect value when

From:	Dmitri A. Sergatskov
Subject:	[Octave-bug-tracker] [bug #63682] mat2cell returns incorrect value when only one output dimensions is specified and input is N-D array
Date:	Sun, 19 Feb 2023 12:46:41 -0500 (EST)
Follow-up Comment #17, bug #63682 (project octave):

It still crashes with ASAN:


octave:1> version -hgid
ans = 79abf4cdcd95
octave:2> test libinterp/corefcn/cellfun.cc-tst
warning: inline is obsolete; use anonymous functions instead
=================================================================
==318865==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x602000dbf1a0 at pc 0x7f11412722da bp 0x7f111df217e0 sp 0x7f111df217d0
READ of size 8 at 0x602000dbf1a0 thread T7 (QThread)
    #0 0x7f11412722d9 in octave_value::operator=(octave_value&&)
../libinterp/octave-value/ov.h:403
    #1 0x7f1142308c9c in Cell octave::do_mat2cell_nd<NDArray>(NDArray const&,
Array<long, std::allocator<long> > const*, int)
../libinterp/corefcn/cellfun.cc:2112
    #2 0x7f1142306aab in Cell octave::do_mat2cell<NDArray>(NDArray const&,
Array<long, std::allocator<long> > const*, int)
../libinterp/corefcn/cellfun.cc:2128
    #3 0x7f11422ceabc in octave::Fmat2cell(octave_value_list const&, int)
../libinterp/corefcn/cellfun.cc:2298
    #4 0x7f11420f665c in
octave::tree_evaluator::execute_builtin_function(octave_builtin&, int,
octave_value_list const&) ../libinterp/parse-tree/pt-eval.cc:3362
    #5 0x7f1141cda61a in octave_builtin::execute(octave::tree_evaluator&, int,
octave_value_list const&) ../libinterp/octave-value/ov-builtin.cc:49
    #6 0x7f1141dc2fd9 in octave_function::call(octave::tree_evaluator&, int,
octave_value_list const&) ../libinterp/octave-value/ov-fcn.cc:57
    #7 0x7f114214269c in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.cc:427
    #8 0x7f1142147c89 in
octave::tree_index_expression::evaluate(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.h:104
    #9 0x7f11420bfd04 in
octave::tree_simple_assignment::evaluate(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-assign.cc:101
    #10 0x7f11420fa6c3 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
../libinterp/parse-tree/pt-eval.cc:3863
    #11 0x7f114215f4f4 in octave::tree_statement::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:120
    #12 0x7f11420fb212 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
../libinterp/parse-tree/pt-eval.cc:3948
    #13 0x7f1141c1a04c in
octave::tree_statement_list::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:193
    #14 0x7f11420f85e9 in
octave::tree_evaluator::execute_user_function(octave_user_function&, int,
octave_value_list const&) ../libinterp/parse-tree/pt-eval.cc:3587
    #15 0x7f1141ec8556 in
octave_user_function::execute(octave::tree_evaluator&, int, octave_value_list
const&) ../libinterp/octave-value/ov-usr-fcn.cc:495
    #16 0x7f1141ec83e7 in octave_user_function::call(octave::tree_evaluator&,
int, octave_value_list const&) ../libinterp/octave-value/ov-usr-fcn.cc:488
    #17 0x7f114214269c in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.cc:427
    #18 0x7f11420e1c2a in
octave::tree_evaluator::eval_string(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, bool, int&, int)
../libinterp/parse-tree/pt-eval.cc:1053
    #19 0x7f11420e27d9 in
octave::tree_evaluator::eval(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, int)
../libinterp/parse-tree/pt-eval.cc:1112
    #20 0x7f11429ce441 in
octave::interpreter::eval(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, int)
../libinterp/corefcn/interpreter.cc:1478
    #21 0x7f114207f32d in octave::Feval(octave::interpreter&,
octave_value_list const&, int) ../libinterp/parse-tree/oct-parse.yy:6466
    #22 0x7f11420f677c in
octave::tree_evaluator::execute_builtin_function(octave_builtin&, int,
octave_value_list const&) ../libinterp/parse-tree/pt-eval.cc:3367
    #23 0x7f1141cda61a in octave_builtin::execute(octave::tree_evaluator&,
int, octave_value_list const&) ../libinterp/octave-value/ov-builtin.cc:49
    #24 0x7f1141dc2fd9 in octave_function::call(octave::tree_evaluator&, int,
octave_value_list const&) ../libinterp/octave-value/ov-fcn.cc:57
    #25 0x7f114214269c in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.cc:427
    #26 0x7f1142147c89 in
octave::tree_index_expression::evaluate(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.h:104
    #27 0x7f11420fa6c3 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
../libinterp/parse-tree/pt-eval.cc:3863
    #28 0x7f114215f4f4 in octave::tree_statement::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:120
    #29 0x7f11420fb212 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
../libinterp/parse-tree/pt-eval.cc:3948
    #30 0x7f1141c1a04c in
octave::tree_statement_list::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:193
    #31 0x7f11420fbdd4 in
octave::tree_evaluator::visit_try_catch_command(octave::tree_try_catch_command&)
../libinterp/parse-tree/pt-eval.cc:4063
    #32 0x7f1142138efe in
octave::tree_try_catch_command::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-except.h:80
    #33 0x7f11420fa465 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
../libinterp/parse-tree/pt-eval.cc:3838
    #34 0x7f114215f4f4 in octave::tree_statement::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:120
    #35 0x7f11420fb212 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
../libinterp/parse-tree/pt-eval.cc:3948
    #36 0x7f1141c1a04c in
octave::tree_statement_list::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:193
    #37 0x7f11420f99b2 in
octave::tree_evaluator::visit_if_command_list(octave::tree_if_command_list&)
../libinterp/parse-tree/pt-eval.cc:3711
    #38 0x7f114211114e in
octave::tree_if_command_list::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-select.h:111
    #39 0x7f11420f95c9 in
octave::tree_evaluator::visit_if_command(octave::tree_if_command&)
../libinterp/parse-tree/pt-eval.cc:3689
    #40 0x7f114215c10e in
octave::tree_if_command::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-select.h:141
    #41 0x7f11420fa465 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
../libinterp/parse-tree/pt-eval.cc:3838
    #42 0x7f114215f4f4 in octave::tree_statement::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:120
    #43 0x7f11420fb212 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
../libinterp/parse-tree/pt-eval.cc:3948
    #44 0x7f1141c1a04c in
octave::tree_statement_list::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:193
    #45 0x7f11420fd436 in
octave::tree_evaluator::visit_unwind_protect_command(octave::tree_unwind_protect_command&)
../libinterp/parse-tree/pt-eval.cc:4208
    #46 0x7f1142138f72 in
octave::tree_unwind_protect_command::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-except.h:142
    #47 0x7f11420fa465 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
../libinterp/parse-tree/pt-eval.cc:3838
    #48 0x7f114215f4f4 in octave::tree_statement::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:120
    #49 0x7f11420fb212 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
../libinterp/parse-tree/pt-eval.cc:3948
    #50 0x7f1141c1a04c in
octave::tree_statement_list::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:193
    #51 0x7f1142114fbd in void
octave::tree_evaluator::execute_range_loop<double>(octave::range<double, void>
const&, int, octave::octave_lvalue&, octave::tree_statement_list*)
../libinterp/parse-tree/pt-eval.cc:3028
    #52 0x7f11420f3116 in
octave::tree_evaluator::visit_simple_for_command(octave::tree_simple_for_command&)
../libinterp/parse-tree/pt-eval.cc:3075
    #53 0x7f114214f8a0 in
octave::tree_simple_for_command::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-loop.h:179
    #54 0x7f11420fa465 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
../libinterp/parse-tree/pt-eval.cc:3838
    #55 0x7f114215f4f4 in octave::tree_statement::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:120
    #56 0x7f11420fb212 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
../libinterp/parse-tree/pt-eval.cc:3948
    #57 0x7f1141c1a04c in
octave::tree_statement_list::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:193
    #58 0x7f11420f85e9 in
octave::tree_evaluator::execute_user_function(octave_user_function&, int,
octave_value_list const&) ../libinterp/parse-tree/pt-eval.cc:3587
    #59 0x7f1141ec8556 in
octave_user_function::execute(octave::tree_evaluator&, int, octave_value_list
const&) ../libinterp/octave-value/ov-usr-fcn.cc:495
    #60 0x7f1141ec83e7 in octave_user_function::call(octave::tree_evaluator&,
int, octave_value_list const&) ../libinterp/octave-value/ov-usr-fcn.cc:488
    #61 0x7f114214269c in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.cc:427
    #62 0x7f1142147c89 in
octave::tree_index_expression::evaluate(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.h:104
    #63 0x7f11420fa6c3 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
../libinterp/parse-tree/pt-eval.cc:3863
    #64 0x7f114215f4f4 in octave::tree_statement::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:120
    #65 0x7f11420fb212 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
../libinterp/parse-tree/pt-eval.cc:3948
    #66 0x7f1141c1a04c in
octave::tree_statement_list::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:193
    #67 0x7f11420e15c3 in
octave::tree_evaluator::eval(std::shared_ptr<octave::tree_statement_list>&,
bool) ../libinterp/parse-tree/pt-eval.cc:985
    #68 0x7f11420e02b1 in octave::tree_evaluator::repl()
../libinterp/parse-tree/pt-eval.cc:804
    #69 0x7f11429cd0da in octave::interpreter::main_loop()
../libinterp/corefcn/interpreter.cc:1316
    #70 0x7f11429bfb74 in octave::interpreter::execute()
../libinterp/corefcn/interpreter.cc:882
    #71 0x7f1143d16f80 in octave::interpreter_qobject::execute()
../libgui/src/interpreter-qobject.cc:87
    #72 0x7f1143f9f834 in
octave::interpreter_qobject::qt_static_metacall(QObject*, QMetaObject::Call,
int, void**) libgui/src/moc-interpreter-qobject.cc:88
    #73 0x7f113f6d1a98 in QObject::event(QEvent*)
(/lib64/libQt5Core.so.5+0x2d1a98)
    #74 0x7f11403ae422 in QApplicationPrivate::notify_helper(QObject*,
QEvent*) (/lib64/libQt5Widgets.so.5+0x1ae422)
    #75 0x7f1143e1f0be in octave::octave_qapplication::notify(QObject*,
QEvent*) ../libgui/src/octave-qobject.cc:146
    #76 0x7f113f6a7357 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/lib64/libQt5Core.so.5+0x2a7357)
    #77 0x7f113f6aa8b5 in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) (/lib64/libQt5Core.so.5+0x2aa8b5)
    #78 0x7f113f6f8fa6 in postEventSourceDispatch(_GSource*, int (*)(void*),
void*) (/lib64/libQt5Core.so.5+0x2f8fa6)
    #79 0x7f113b51ae2e in g_main_context_dispatch
(/lib64/libglib-2.0.so.0+0x54e2e)
    #80 0x7f113b56f507 in g_main_context_iterate.constprop.0
(/lib64/libglib-2.0.so.0+0xa9507)
    #81 0x7f113b5185f2 in g_main_context_iteration
(/lib64/libglib-2.0.so.0+0x525f2)
    #82 0x7f113f6f8a47 in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/lib64/libQt5Core.so.5+0x2f8a47)
    #83 0x7f113f6a5d61 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/lib64/libQt5Core.so.5+0x2a5d61)
    #84 0x7f113f4e89c9 in QThread::exec() (/lib64/libQt5Core.so.5+0xe89c9)
    #85 0x7f113f4e9bf8 in QThreadPrivate::start(void*)
(/lib64/libQt5Core.so.5+0xe9bf8)
    #86 0x7f113b69f801 in start_thread (/lib64/libc.so.6+0x9f801)
    #87 0x7f113b63f44f in __GI___clone3 (/lib64/libc.so.6+0x3f44f)

0x602000dbf1a0 is located 0 bytes to the right of 16-byte region
[0x602000dbf190,0x602000dbf1a0)
allocated by thread T7 (QThread) here:
    #0 0x7f11448b6367 in operator new(unsigned long)
(/lib64/libasan.so.6+0xb6367)
    #1 0x7f114123bc1b in
__gnu_cxx::new_allocator<octave_value>::allocate(unsigned long, void const*)
/usr/include/c++/11/ext/new_allocator.h:127
    #2 0x7f114123b2be in std::allocator_traits<std::allocator<octave_value>
>::allocate(std::allocator<octave_value>&, unsigned long)
/usr/include/c++/11/bits/alloc_traits.h:464
    #3 0x7f1141aaf4c0 in Array<octave_value, std::allocator<octave_value>
>::ArrayRep::allocate(unsigned long) ../liboctave/array/Array.h:198
    #4 0x7f1141aaf063 in Array<octave_value, std::allocator<octave_value>
>::ArrayRep::ArrayRep(long) ../liboctave/array/Array.h:167
    #5 0x7f1141a9fe43 in Array<octave_value, std::allocator<octave_value>
>::clear(dim_vector const&)
(/home/dima/src/dev/octave/gcc_asan/libinterp/.libs/liboctinterp.so.11+0xe9fe43)
    #6 0x7f1142308639 in Cell octave::do_mat2cell_nd<NDArray>(NDArray const&,
Array<long, std::allocator<long> > const*, int)
../libinterp/corefcn/cellfun.cc:2079
    #7 0x7f1142306aab in Cell octave::do_mat2cell<NDArray>(NDArray const&,
Array<long, std::allocator<long> > const*, int)
../libinterp/corefcn/cellfun.cc:2128
    #8 0x7f11422ceabc in octave::Fmat2cell(octave_value_list const&, int)
../libinterp/corefcn/cellfun.cc:2298
    #9 0x7f11420f665c in
octave::tree_evaluator::execute_builtin_function(octave_builtin&, int,
octave_value_list const&) ../libinterp/parse-tree/pt-eval.cc:3362
    #10 0x7f1141cda61a in octave_builtin::execute(octave::tree_evaluator&,
int, octave_value_list const&) ../libinterp/octave-value/ov-builtin.cc:49
    #11 0x7f1141dc2fd9 in octave_function::call(octave::tree_evaluator&, int,
octave_value_list const&) ../libinterp/octave-value/ov-fcn.cc:57
    #12 0x7f114214269c in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.cc:427
    #13 0x7f1142147c89 in
octave::tree_index_expression::evaluate(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.h:104
    #14 0x7f11420bfd04 in
octave::tree_simple_assignment::evaluate(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-assign.cc:101
    #15 0x7f11420fa6c3 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
../libinterp/parse-tree/pt-eval.cc:3863
    #16 0x7f114215f4f4 in octave::tree_statement::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:120
    #17 0x7f11420fb212 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
../libinterp/parse-tree/pt-eval.cc:3948
    #18 0x7f1141c1a04c in
octave::tree_statement_list::accept(octave::tree_walker&)
../libinterp/parse-tree/pt-stmt.h:193
    #19 0x7f11420f85e9 in
octave::tree_evaluator::execute_user_function(octave_user_function&, int,
octave_value_list const&) ../libinterp/parse-tree/pt-eval.cc:3587
    #20 0x7f1141ec8556 in
octave_user_function::execute(octave::tree_evaluator&, int, octave_value_list
const&) ../libinterp/octave-value/ov-usr-fcn.cc:495
    #21 0x7f1141ec83e7 in octave_user_function::call(octave::tree_evaluator&,
int, octave_value_list const&) ../libinterp/octave-value/ov-usr-fcn.cc:488
    #22 0x7f114214269c in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
../libinterp/parse-tree/pt-idx.cc:427
    #23 0x7f11420e1c2a in
octave::tree_evaluator::eval_string(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, bool, int&, int)
../libinterp/parse-tree/pt-eval.cc:1053
    #24 0x7f11420e27d9 in
octave::tree_evaluator::eval(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, int)
../libinterp/parse-tree/pt-eval.cc:1112
    #25 0x7f11429ce441 in
octave::interpreter::eval(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, int)
../libinterp/corefcn/interpreter.cc:1478
    #26 0x7f114207f32d in octave::Feval(octave::interpreter&,
octave_value_list const&, int) ../libinterp/parse-tree/oct-parse.yy:6466
    #27 0x7f11420f677c in
octave::tree_evaluator::execute_builtin_function(octave_builtin&, int,
octave_value_list const&) ../libinterp/parse-tree/pt-eval.cc:3367
    #28 0x7f1141cda61a in octave_builtin::execute(octave::tree_evaluator&,
int, octave_value_list const&) ../libinterp/octave-value/ov-builtin.cc:49
    #29 0x7f1141dc2fd9 in octave_function::call(octave::tree_evaluator&, int,
octave_value_list const&) ../libinterp/octave-value/ov-fcn.cc:57

Thread T7 (QThread) created by T0 here:
    #0 0x7f11448587d5 in pthread_create (/lib64/libasan.so.6+0x587d5)
    #1 0x7f113f4e969e in QThread::start(QThread::Priority)
(/lib64/libQt5Core.so.5+0xe969e)

SUMMARY: AddressSanitizer: heap-buffer-overflow
../libinterp/octave-value/ov.h:403 in octave_value::operator=(octave_value&&)
Shadow bytes around the buggy address:
  0x0c04801afde0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c04801afdf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c04801afe00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c04801afe10: fa fa fd fd fa fa fd fd fa fa 00 00 fa fa fd fd
  0x0c04801afe20: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
=>0x0c04801afe30: fa fa 00 00[fa]fa fd fd fa fa 00 00 fa fa fd fd
  0x0c04801afe40: fa fa 00 fa fa fa fd fd fa fa fd fd fa fa fd fa
  0x0c04801afe50: fa fa fd fd fa fa fd fd fa fa fd fd fa fa 00 00
  0x0c04801afe60: fa fa fd fd fa fa fd fa fa fa fd fd fa fa fd fd
  0x0c04801afe70: fa fa fd fd fa fa fd fd fa fa 00 fa fa fa 00 00
  0x0c04801afe80: fa fa fd fd fa fa fd fd fa fa 00 00 fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==318865==ABORTING



Dmitri.
-- 



    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?63682>

_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
[Prev in Thread]
Current Thread
[Next in Thread]
[Octave-bug-tracker] [bug #63682] mat2cell returns incorrect value when only one output dimensions is specified and input is N-D array, (continued)
Prev by Date: [Octave-bug-tracker] [bug #63682] mat2cell returns incorrect value when only one output dimensions is specified and input is N-D array
Next by Date: [Octave-bug-tracker] [bug #63813] Can't print plot directly to printer
Previous by thread: [Octave-bug-tracker] [bug #63682] mat2cell returns incorrect value when only one output dimensions is specified and input is N-D array
Next by thread: [Octave-bug-tracker] [bug #63682] mat2cell returns incorrect value when only one output dimensions is specified and input is N-D array
Index(es):
- Date
- Thread