[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #51533] heap-buffer-overflow in Sparse.cc-tst
From: |
Dmitri A. Sergatskov |
Subject: |
[Octave-bug-tracker] [bug #51533] heap-buffer-overflow in Sparse.cc-tst |
Date: |
Sat, 22 Jul 2017 13:41:33 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0 |
Follow-up Comment #4, bug #51533 (project octave):
../configure --disable-java --disable-docs --without-qt --without-fltk
--enable-address-sanitizer-flags
HG ID for this build is "d891b6a16a4d"
ASAN_OPTIONS=leak_check_at_exit=0:verbose=1 ./run-octave
'-fno-omit-frame-pointer' seems to help with diagnostic (gives line numbers).
But the errors still there.
octave:1> test liboctave/array/Sparse.cc-tst
=================================================================
==1045==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x611000045eff at pc 0x7f8f97a4cb7c bp 0x7ffd8dfe6e90 sp 0x7ffd8dfe6e80
READ of size 1 at 0x611000045eff thread T0
#0 0x7f8f97a4cb7b in octave::lexer::fill_flex_buffer(char*, unsigned int)
../libinterp/parse-tree/lex.ll:3667
#1 0x7f8f97a548e8 in yy_get_next_buffer libinterp/parse-tree/lex.cc:3434
#2 0x7f8f97a6c8a4 in octave_lex(OCTAVE_STYPE*, void*)
libinterp/parse-tree/lex.cc:3274
#3 0x7f8f97abf4b5 in octave_pull_parse(octave_pstate*,
octave::base_parser&) libinterp/parse-tree/oct-parse.cc:2990
(...deleted... full log attached)
SUMMARY: AddressSanitizer: heap-buffer-overflow
../libinterp/parse-tree/lex.ll:3667 in octave::lexer::fill_flex_buffer(char*,
unsigned int)
Also the same in
octave:1> test libinterp/octave-value/ov-fcn-handle.cc-tst verbose
>>>>>
/home/dima/src/octave/gcc_asan/libinterp/octave-value/ov-fcn-handle.cc-tst
***** test <*33857>
a = 2;
f = @(x) a + x;
g = @(x) 2 * x;
hm = @version;
hdld = @svd;
hbi = @log2;
f2 = f;
g2 = g;
hm2 = hm;
hdld2 = hdld;
hbi2 = hbi;
modes = {"-text", "-binary"};
if (isfield (__octave_config_info__, "HAVE_HDF5")
&& __octave_config_info__ ("HAVE_HDF5"))
modes(end+1) = "-hdf5";
endif
for i = 1:numel (modes)
mode = modes{i};
nm = tempname ();
unwind_protect
f2 (1);
save (mode, nm, "f2", "g2", "hm2", "hdld2", "hbi2");
clear f2 g2 hm2 hdld2 hbi2
load (nm);
assert (f (2), f2 (2));
assert (g (2), g2 (2));
assert (g (3), g2 (3));
unlink (nm);
save (mode, nm, "f2", "g2", "hm2", "hdld2", "hbi2");
unwind_protect_cleanup
unlink (nm);
end_unwind_protect
endfor
***** function fcn_handle_save_recurse (n, mode, nm, f2, g2, hm2, hdld2,
hbi2)
if (n == 0)
save (mode, nm, "f2", "g2", "hm2", "hdld2", "hbi2");
else
fcn_handle_save_recurse (n - 1, mode, nm, f2, g2, hm2, hdld2, hbi2);
endif
=================================================================
==1561==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x611000052bff at pc 0x7f75bf7f8b7c bp 0x7ffdc75d0990 sp 0x7ffdc75d0980
READ of size 1 at 0x611000052bff thread T0
#0 0x7f75bf7f8b7b in octave::lexer::fill_flex_buffer(char*, unsigned int)
../libinterp/parse-tree/lex.ll:3667
#1 0x7f75bf8008e8 in yy_get_next_buffer libinterp/parse-tree/lex.cc:3434
#2 0x7f75bf8188a4 in octave_lex(OCTAVE_STYPE*, void*)
libinterp/parse-tree/lex.cc:3274
#3 0x7f75bf86b4b5 in octave_pull_parse(octave_pstate*,
octave::base_parser&) libinterp/parse-tree/oct-parse.cc:2990
#4 0x7f75bf86b658 in octave::parser::run()
libinterp/parse-tree/oct-parse.yy:4286
(....deleted......)
and few others like that.
Dmitri.
--
(file #41291)
_______________________________________________________
Additional Item Attachment:
File name: sparse_overflow_err_2.txt Size:8 KB
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?51533>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Octave-bug-tracker] [bug #51533] heap-buffer-overflow in Sparse.cc-tst, Dmitri A. Sergatskov, 2017/07/21
- [Octave-bug-tracker] [bug #51533] heap-buffer-overflow in Sparse.cc-tst, Dmitri A. Sergatskov, 2017/07/21
- [Octave-bug-tracker] [bug #51533] heap-buffer-overflow in Sparse.cc-tst, Rik, 2017/07/22
- [Octave-bug-tracker] [bug #51533] heap-buffer-overflow in Sparse.cc-tst, Dmitri A. Sergatskov, 2017/07/22
- [Octave-bug-tracker] [bug #51533] heap-buffer-overflow in Sparse.cc-tst,
Dmitri A. Sergatskov <=
- [Octave-bug-tracker] [bug #51533] heap-buffer-overflow in Sparse.cc-tst, Dmitri A. Sergatskov, 2017/07/22
- [Octave-bug-tracker] [bug #51533] heap-buffer-overflow in Sparse.cc-tst, Dmitri A. Sergatskov, 2017/07/22
- [Octave-bug-tracker] [bug #51533] heap-buffer-overflow in Sparse.cc-tst, Rik, 2017/07/22
- [Octave-bug-tracker] [bug #51533] heap-buffer-overflow in Sparse.cc-tst, Dmitri A. Sergatskov, 2017/07/22
- [Octave-bug-tracker] [bug #51533] heap-buffer-overflow in Sparse.cc-tst, Rik, 2017/07/23
- [Octave-bug-tracker] [bug #51533] heap-buffer-overflow in Sparse.cc-tst, Dmitri A. Sergatskov, 2017/07/23
- [Octave-bug-tracker] [bug #51533] heap-buffer-overflow in Sparse.cc-tst, Rik, 2017/07/23