octave-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Octave-bug-tracker] [bug #46449] Address-sanitizer triggered in scripts

From: John W. Eaton
Subject: [Octave-bug-tracker] [bug #46449] Address-sanitizer triggered in scripts/sparse/ichol.m
Date: Wed, 18 Nov 2015 20:56:47 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.2.1 
Follow-up Comment #6, bug #46449 (project octave):

I checked in the following change:

http://hg.savannah.gnu.org/hgweb/octave/rev/4a25c398ffa2

With these options, I can't build Octave because it crashes for me when
attempting to generate figures.

If I use disable-docs, then it builds, but make check fails when trying to
test some graphics features.  The failure is happening in the OpenGL driver
code.  Sweet.

Here is the output at the point when make check stops for me:


  libinterp/corefcn/graphics.cc-tst
...........................=================================================================
==6093==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000067ff4
at pc 0x7f3c9d0cc3bd bp 0x7ffcbe4e3fe0 sp 0x7ffcbe4e3790
READ of size 1 at 0x604000067ff4 thread T0
    #0 0x7f3c9d0cc3bc  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x463bc)
    #1 0x7f3c66e88fb4  (/usr/lib/x86_64-linux-gnu/dri/r600_dri.so+0x3cffb4)
    #2 0x7f3c8e773959  (/lib/x86_64-linux-gnu/libexpat.so.1+0xa959)
    #3 0x7f3c8e77466b  (/lib/x86_64-linux-gnu/libexpat.so.1+0xb66b)
    #4 0x7f3c8e7729b8  (/lib/x86_64-linux-gnu/libexpat.so.1+0x99b8)
    #5 0x7f3c8e773134  (/lib/x86_64-linux-gnu/libexpat.so.1+0xa134)
    #6 0x7f3c8e7766cf in XML_ParseBuffer
(/lib/x86_64-linux-gnu/libexpat.so.1+0xd6cf)
    #7 0x7f3c66e895a4  (/usr/lib/x86_64-linux-gnu/dri/r600_dri.so+0x3d05a4)
    #8 0x7f3c66d6e23c  (/usr/lib/x86_64-linux-gnu/dri/r600_dri.so+0x2b523c)
    #9 0x7f3c66d6ff4c  (/usr/lib/x86_64-linux-gnu/dri/r600_dri.so+0x2b6f4c)
    #10 0x7f3c66d6c932  (/usr/lib/x86_64-linux-gnu/dri/r600_dri.so+0x2b3932)
    #11 0x7f3c94779532  (/usr/lib/x86_64-linux-gnu/libGL.so.1+0x45532)
    #12 0x7f3c94751803  (/usr/lib/x86_64-linux-gnu/libGL.so.1+0x1d803)
    #13 0x7f3c9474db8a  (/usr/lib/x86_64-linux-gnu/libGL.so.1+0x19b8a)
    #14 0x7f3c9474dced in glXChooseVisual
(/usr/lib/x86_64-linux-gnu/libGL.so.1+0x19ced)
    #15 0x7f3c966992fe  (/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0xaa2fe)
    #16 0x7f3c9661f37f  (/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0x3037f)
    #17 0x7f3c966975ac in QGLContext::chooseVisual()
(/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0xa85ac)
    #18 0x7f3c9669a8e3 in QGLContext::chooseContext(QGLContext const*)
(/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0xab8e3)
    #19 0x7f3c9661dcac in QGLContext::create(QGLContext const*)
(/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0x2ecac)
    #20 0x7f3c96699606 in QGLWidget::setContext(QGLContext*, QGLContext
const*, bool) (/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0xaa606)
    #21 0x7f3c9661dad4  (/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0x2ead4)
    #22 0x7f3c966981df  (/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0xa91df)
    #23 0x7f3c9661d50d in QGLWidget::QGLWidget(QGLFormat const&, QWidget*,
QGLWidget const*, QFlags<Qt::WindowType>)
(/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0x2e50d)
    #24 0x7f3c9cc152ba in QtHandles::GLCanvas::GLCanvas(QWidget*,
octave_handle const&) /home/jwe/src/octave/libgui/graphics/GLCanvas.cc:45
    #25 0x7f3c9cc000e8 in
QtHandles::Canvas::create(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, QWidget*, octave_handle
const&) /home/jwe/src/octave/libgui/graphics/Canvas.cc:1014
    #26 0x7f3c9cc039f4 in QtHandles::Container::canvas(octave_handle const&,
bool) /home/jwe/src/octave/libgui/graphics/Container.cc:62
    #27 0x7f3c9cc10932 in QtHandles::Figure::enableMouseTracking()
/home/jwe/src/octave/libgui/graphics/Figure.cc:985
    #28 0x7f3c9cc096f8 in QtHandles::Figure::Figure(graphics_object const&,
QtHandles::FigureWindow*) /home/jwe/src/octave/libgui/graphics/Figure.cc:167
    #29 0x7f3c9cc08c8c in QtHandles::Figure::create(graphics_object const&)
/home/jwe/src/octave/libgui/graphics/Figure.cc:123
    #30 0x7f3c9cc224db in QtHandles::ObjectFactory::createObject(double)
/home/jwe/src/octave/libgui/graphics/ObjectFactory.cc:97
    #31 0x7f3c9cbd7dc7 in
QtHandles::ObjectFactory::qt_static_metacall(QObject*, QMetaObject::Call, int,
void**) libgui/graphics/moc-ObjectFactory.cc:52
    #32 0x7f3c955aff60 in QObject::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x1a4f60)
    #33 0x7f3c95ac28db in QApplicationPrivate::notify_helper(QObject*,
QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c48db)
    #34 0x7f3c95ac9815 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1cb815)
    #35 0x7f3c95595abc in QCoreApplication::notifyInternal(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18aabc)
    #36 0x7f3c95599575 in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18e575)
    #37 0x7f3c955c6292  (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x1bb292)
    #38 0x7f3c8f694fe6 in g_main_context_dispatch
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49fe6)
    #39 0x7f3c8f69523f  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a23f)
    #40 0x7f3c8f6952eb in g_main_context_iteration
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a2eb)
    #41 0x7f3c955c63e3 in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x1bb3e3)
    #42 0x7f3c95b6ca35  (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x26ea35)
    #43 0x7f3c95594330 in
QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x189330)
    #44 0x7f3c955946a4 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x1896a4)
    #45 0x7f3c9559a688 in QCoreApplication::exec()
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18f688)
    #46 0x7f3c9cb368be in octave_start_gui(int, char**, bool)
/home/jwe/src/octave/libgui/src/octave-gui.cc:201
    #47 0x402a91 in main /home/jwe/src/octave/src/main-gui.cc:43
    #48 0x7f3c96e6bb44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
    #49 0x402978 
(/scratch/jwe/build/octave/src/.libs/lt-octave-gui+0x402978)

0x604000067ff4 is located 36 bytes inside of 46-byte region
[0x604000067fd0,0x604000067ffe)
freed by thread T1 (QThread) here:
    #0 0x7f3c9d11b62a in operator delete(void*)
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9562a)
    #1 0x7f3c9bb59ac6 in out_of_date_check(octave_value&,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>
> const&, bool) /home/jwe/src/octave/libinterp/corefcn/symtab.cc:223
    #2 0x7f3c9bb5dfa9 in
symbol_table::fcn_info::fcn_info_rep::find_user_function()
/home/jwe/src/octave/libinterp/corefcn/symtab.cc:1077
    #3 0x7f3c9bb5a648 in
symbol_table::fcn_info::fcn_info_rep::load_class_constructor()
/home/jwe/src/octave/libinterp/corefcn/symtab.cc:448
    #4 0x7f3c9bb5c6e0 in
symbol_table::fcn_info::fcn_info_rep::xfind(octave_value_list const&, bool)
/home/jwe/src/octave/libinterp/corefcn/symtab.cc:798
    #5 0x7f3c9bb5c021 in
symbol_table::fcn_info::fcn_info_rep::find(octave_value_list const&, bool)
/home/jwe/src/octave/libinterp/corefcn/symtab.cc:697
    #6 0x7f3c9bb6426a in symbol_table::fcn_info::find(octave_value_list
const&, bool) /home/jwe/src/octave/libinterp/corefcn/symtab.h:1022
    #7 0x7f3c9bb58a76 in symbol_table::symbol_record::find(octave_value_list
const&) const /home/jwe/src/octave/libinterp/corefcn/symtab.cc:140
    #8 0x7f3c9b582d7f in tree_identifier::do_lookup(octave_value_list const&)
/home/jwe/src/octave/libinterp/parse-tree/pt-id.h:91
    #9 0x7f3c9b57fdef in tree_index_expression::rvalue(int,
std::__cxx11::list<octave_lvalue, std::allocator<octave_lvalue> > const*)
/home/jwe/src/octave/libinterp/parse-tree/pt-idx.cc:316
    #10 0x7f3c9b57f542 in tree_index_expression::rvalue(int)
/home/jwe/src/octave/libinterp/parse-tree/pt-idx.cc:269
    #11 0x7f3c9b580f63 in tree_index_expression::rvalue1(int)
/home/jwe/src/octave/libinterp/parse-tree/pt-idx.cc:461
    #12 0x7f3c9b574b74 in tree_evaluator::visit_statement(tree_statement&)
/home/jwe/src/octave/libinterp/parse-tree/pt-eval.cc:716
    #13 0x7f3c9b5ae15e in tree_statement::accept(tree_walker&)
/home/jwe/src/octave/libinterp/parse-tree/pt-stmt.cc:178
    #14 0x7f3c9b574ee8 in
tree_evaluator::visit_statement_list(tree_statement_list&)
/home/jwe/src/octave/libinterp/parse-tree/pt-eval.cc:756
    #15 0x7f3c9b5af03a in tree_statement_list::accept(tree_walker&)
/home/jwe/src/octave/libinterp/parse-tree/pt-stmt.cc:291
    #16 0x7f3c9b4adb2f in octave_user_function::do_multi_index_op(int,
octave_value_list const&, std::__cxx11::list<octave_lvalue,
std::allocator<octave_lvalue> > const*)
/home/jwe/src/octave/libinterp/octave-value/ov-usr-fcn.cc:612
    #17 0x7f3c9b4acb52 in
octave_user_function::subsref(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&,
std::__cxx11::list<octave_value_list, std::allocator<octave_value_list> >
const&, int, std::__cxx11::list<octave_lvalue, std::allocator<octave_lvalue> >
const*) /home/jwe/src/octave/libinterp/octave-value/ov-usr-fcn.cc:435
    #18 0x7f3c9b4bf881 in
octave_value::subsref(std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&, std::__cxx11::list<octave_value_list,
std::allocator<octave_value_list> > const&, int,
std::__cxx11::list<octave_lvalue, std::allocator<octave_lvalue> > const*)
/home/jwe/src/octave/libinterp/octave-value/ov.cc:1311
    #19 0x7f3c9b5807a4 in tree_index_expression::rvalue(int,
std::__cxx11::list<octave_lvalue, std::allocator<octave_lvalue> > const*)
/home/jwe/src/octave/libinterp/parse-tree/pt-idx.cc:428
    #20 0x7f3c9b55aec6 in tree_multi_assignment::rvalue(int)
/home/jwe/src/octave/libinterp/parse-tree/pt-assign.cc:222
    #21 0x7f3c9b5ddf0b in eval_string(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, bool, int&, int)
libinterp/parse-tree/oct-parse.yy:4844
    #22 0x7f3c9b5de1de in eval_string libinterp/parse-tree/oct-parse.yy:4890
    #23 0x7f3c9b5de34f in Feval(octave_value_list const&, int)
libinterp/parse-tree/oct-parse.yy:4964
    #24 0x7f3c9b34374f in octave_builtin::do_multi_index_op(int,
octave_value_list const&, std::__cxx11::list<octave_lvalue,
std::allocator<octave_lvalue> > const*)
/home/jwe/src/octave/libinterp/octave-value/ov-builtin.cc:126
    #25 0x7f3c9b3432a8 in
octave_builtin::subsref(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&,
std::__cxx11::list<octave_value_list, std::allocator<octave_value_list> >
const&, int, std::__cxx11::list<octave_lvalue, std::allocator<octave_lvalue> >
const*) /home/jwe/src/octave/libinterp/octave-value/ov-builtin.cc:63
    #26 0x7f3c9b3430a5 in
octave_builtin::subsref(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&,
std::__cxx11::list<octave_value_list, std::allocator<octave_value_list> >
const&, int) /home/jwe/src/octave/libinterp/octave-value/ov-builtin.cc:46
    #27 0x7f3c9b4bf799 in
octave_value::subsref(std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&, std::__cxx11::list<octave_value_list,
std::allocator<octave_value_list> > const&, int)
/home/jwe/src/octave/libinterp/octave-value/ov.cc:1302
    #28 0x7f3c9b4bf8a1 in
octave_value::subsref(std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&, std::__cxx11::list<octave_value_list,
std::allocator<octave_value_list> > const&, int,
std::__cxx11::list<octave_lvalue, std::allocator<octave_lvalue> > const*)
/home/jwe/src/octave/libinterp/octave-value/ov.cc:1313
    #29 0x7f3c9b5807a4 in tree_index_expression::rvalue(int,
std::__cxx11::list<octave_lvalue, std::allocator<octave_lvalue> > const*)
/home/jwe/src/octave/libinterp/parse-tree/pt-idx.cc:428

previously allocated by thread T1 (QThread) here:
    #0 0x7f3c9d11b0ea in operator new(unsigned long)
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x950ea)
    #1 0x7f3c97c64706 in void std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >::_M_construct<char*>(char*,
char*, std::forward_iterator_tag)
(/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x11b706)
    #2 0x60b00164422f  (<unknown module>)
    #3 0x7f3c785076ff  (<unknown module>)

Thread T1 (QThread) created by T0 here:
    #0 0x7f3c9d0bc3d4 in pthread_create
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x363d4)
    #1 0x7f3c95485469 in QThread::start(QThread::Priority)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x7a469)

SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
Shadow bytes around the buggy address:
  0x0c0880004fa0: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 00 00
  0x0c0880004fb0: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
  0x0c0880004fc0: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 00 fa
  0x0c0880004fd0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
  0x0c0880004fe0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fa
=>0x0c0880004ff0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd[fd]fd
  0x0c0880005000: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
  0x0c0880005010: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
  0x0c0880005020: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
  0x0c0880005030: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
  0x0c0880005040: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==6093==ABORTING

=================================================================
==5960==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 112 byte(s) in 1 object(s) allocated from:
    #0 0x7f039c45023a in operator new[](unsigned long)
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9523a)
    #1 0x404c15 in main src/main.cc:447
    #2 0x7f039ae1cb44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b44)

Indirect leak of 38 byte(s) in 1 object(s) allocated from:
    #0 0x7f039c45023a in operator new[](unsigned long)
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9523a)
    #1 0x404a98 in strsave src/main.cc:420
    #2 0x405190 in main src/main.cc:518
    #3 0x7f039ae1cb44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b44)

SUMMARY: AddressSanitizer: 150 byte(s) leaked in 2 allocation(s).
Makefile:28278: recipe for target 'check-local' failed
make[3]: *** [check-local] Error 23
make[3]: Leaving directory '/scratch/jwe/build/octave'
Makefile:26136: recipe for target 'check-am' failed
make[2]: *** [check-am] Error 2
make[2]: Leaving directory '/scratch/jwe/build/octave'
Makefile:25846: recipe for target 'check-recursive' failed
make[1]: *** [check-recursive] Error 1
make[1]: Leaving directory '/scratch/jwe/build/octave'
Makefile:26138: recipe for target 'check' failed
make: *** [check] Error 2


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?46449>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]