octave-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Octave-bug-tracker] [bug #51533] heap-buffer-overflow in Sparse.cc-tst

From: Dmitri A. Sergatskov
Subject: [Octave-bug-tracker] [bug #51533] heap-buffer-overflow in Sparse.cc-tst
Date: Sat, 22 Jul 2017 13:41:33 -0400 (EDT)
User-agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0 
Follow-up Comment #4, bug #51533 (project octave):


../configure --disable-java --disable-docs --without-qt --without-fltk
--enable-address-sanitizer-flags


   HG ID for this build is "d891b6a16a4d"


ASAN_OPTIONS=leak_check_at_exit=0:verbose=1 ./run-octave 


'-fno-omit-frame-pointer' seems to help with diagnostic (gives line numbers).
But the errors still there.



octave:1> test liboctave/array/Sparse.cc-tst
=================================================================
==1045==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x611000045eff at pc 0x7f8f97a4cb7c bp 0x7ffd8dfe6e90 sp 0x7ffd8dfe6e80
READ of size 1 at 0x611000045eff thread T0
    #0 0x7f8f97a4cb7b in octave::lexer::fill_flex_buffer(char*, unsigned int)
../libinterp/parse-tree/lex.ll:3667
    #1 0x7f8f97a548e8 in yy_get_next_buffer libinterp/parse-tree/lex.cc:3434
    #2 0x7f8f97a6c8a4 in octave_lex(OCTAVE_STYPE*, void*)
libinterp/parse-tree/lex.cc:3274
    #3 0x7f8f97abf4b5 in octave_pull_parse(octave_pstate*,
octave::base_parser&) libinterp/parse-tree/oct-parse.cc:2990
 (...deleted... full log attached)

SUMMARY: AddressSanitizer: heap-buffer-overflow
../libinterp/parse-tree/lex.ll:3667 in octave::lexer::fill_flex_buffer(char*,
unsigned int)


Also the same in 


octave:1> test libinterp/octave-value/ov-fcn-handle.cc-tst verbose
>>>>>
/home/dima/src/octave/gcc_asan/libinterp/octave-value/ov-fcn-handle.cc-tst
***** test <*33857>
 a = 2;
 f = @(x) a + x;
 g = @(x) 2 * x;
 hm = @version;
 hdld = @svd;
 hbi = @log2;
 f2 = f;
 g2 = g;
 hm2 = hm;
 hdld2 = hdld;
 hbi2 = hbi;
 modes = {"-text", "-binary"};
 if (isfield (__octave_config_info__, "HAVE_HDF5")
     && __octave_config_info__ ("HAVE_HDF5"))
   modes(end+1) = "-hdf5";
 endif
 for i = 1:numel (modes)
   mode = modes{i};
   nm = tempname ();
   unwind_protect
     f2 (1);
     save (mode, nm, "f2", "g2", "hm2", "hdld2", "hbi2");
     clear f2 g2 hm2 hdld2 hbi2
     load (nm);
     assert (f (2), f2 (2));
     assert (g (2), g2 (2));
     assert (g (3), g2 (3));
     unlink (nm);
     save (mode, nm, "f2", "g2", "hm2", "hdld2", "hbi2");
   unwind_protect_cleanup
     unlink (nm);
   end_unwind_protect
 endfor
***** function fcn_handle_save_recurse (n, mode, nm, f2, g2, hm2, hdld2,
hbi2)
  if (n == 0)
    save (mode, nm, "f2", "g2", "hm2", "hdld2", "hbi2");
  else
    fcn_handle_save_recurse (n - 1, mode, nm, f2, g2, hm2, hdld2, hbi2);
  endif
=================================================================
==1561==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x611000052bff at pc 0x7f75bf7f8b7c bp 0x7ffdc75d0990 sp 0x7ffdc75d0980
READ of size 1 at 0x611000052bff thread T0
    #0 0x7f75bf7f8b7b in octave::lexer::fill_flex_buffer(char*, unsigned int)
../libinterp/parse-tree/lex.ll:3667
    #1 0x7f75bf8008e8 in yy_get_next_buffer libinterp/parse-tree/lex.cc:3434
    #2 0x7f75bf8188a4 in octave_lex(OCTAVE_STYPE*, void*)
libinterp/parse-tree/lex.cc:3274
    #3 0x7f75bf86b4b5 in octave_pull_parse(octave_pstate*,
octave::base_parser&) libinterp/parse-tree/oct-parse.cc:2990
    #4 0x7f75bf86b658 in octave::parser::run()
libinterp/parse-tree/oct-parse.yy:4286

(....deleted......)


and few others like that.

Dmitri.
-- 




(file #41291)
    _______________________________________________________

Additional Item Attachment:

File name: sparse_overflow_err_2.txt      Size:8 KB


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?51533>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]