[Octave-bug-tracker] [bug #52080] Segmentation fault when calling clear

octave-bug-tracker

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Octave-bug-tracker] [bug #52080] Segmentation fault when calling clear

From:	Rik
Subject:	[Octave-bug-tracker] [bug #52080] Segmentation fault when calling clear all on classdef with local functions that cause parse error
Date:	Thu, 21 Sep 2017 00:57:43 -0400 (EDT)
User-agent:	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0

Follow-up Comment #2, bug #52080 (project octave):

Here is a back trace from the Address Sanitizer which may help in debugging.


==11669==ERROR: AddressSanitizer: heap-use-after-free on address
0x61400002ae48 at pc 0x7fd3415e3f28 bp 0x7ffc67501360 sp 0x7ffc67501350
WRITE of size 8 at 0x61400002ae48 thread T0
    #0 0x7fd3415e3f27 in octave::refcount<long>::operator--()
liboctave/util/oct-refcount.h:96
    #1 0x7fd3415e02a3 in octave_value::~octave_value()
libinterp/octave-value/ov.h:319
    #2 0x7fd34160eb23 in std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value>::~pair()
/usr/include/c++/5/bits/stl_pair.h:96
    #3 0x7fd34160eb4f in void
__gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value> >
>::destroy<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const, octave_value>
>(std::pair<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const, octave_value>*)
/usr/include/c++/5/ext/new_allocator.h:124
    #4 0x7fd34160e93c in void
std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value> > >
>::destroy<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const, octave_value>
>(std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value> > >&,
std::pair<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const, octave_value>*)
/usr/include/c++/5/bits/alloc_traits.h:542
    #5 0x7fd34160e082 in std::_Rb_tree<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >,
std::pair<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const, octave_value>,
std::_Select1st<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value> >,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value> >
>::_M_destroy_node(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value> >*)
/usr/include/c++/5/bits/stl_tree.h:553
    #6 0x7fd34160d01a in std::_Rb_tree<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >,
std::pair<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const, octave_value>,
std::_Select1st<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value> >,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value> >
>::_M_drop_node(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value> >*)
/usr/include/c++/5/bits/stl_tree.h:561
    #7 0x7fd341b9bc7a in std::_Rb_tree<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >,
std::pair<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const, octave_value>,
std::_Select1st<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value> >,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value> >
>::_M_erase_aux(std::_Rb_tree_const_iterator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value> >)
/usr/include/c++/5/bits/stl_tree.h:2249
    #8 0x7fd341b94df8 in std::_Rb_tree<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >,
std::pair<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const, octave_value>,
std::_Select1st<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value> >,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value> >
>::erase[abi:cxx11](std::_Rb_tree_iterator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value> >)
/usr/include/c++/5/bits/stl_tree.h:1035
    #9 0x7fd341b8e750 in std::map<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >, octave_value,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value> >
>::erase[abi:cxx11](std::_Rb_tree_iterator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value> >)
/usr/include/c++/5/bits/stl_map.h:715
    #10 0x7fd3424d7935 in void
octave::symbol_table::fcn_info::fcn_info_rep::clear_map<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >
>(std::map<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >, octave_value,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const, octave_value> > >&,
bool) libinterp/corefcn/symtab.h:894
    #11 0x7fd3424d5659 in
octave::symbol_table::fcn_info::fcn_info_rep::clear(bool)
libinterp/corefcn/symtab.h:932
    #12 0x7fd3424d59d2 in octave::symbol_table::fcn_info::clear(bool)
libinterp/corefcn/symtab.h:1091
    #13 0x7fd3424d5f57 in octave::symbol_table::clear_functions(bool)
libinterp/corefcn/symtab.h:1435
    #14 0x7fd3424d5d87 in octave::symbol_table::clear_all(bool)
libinterp/corefcn/symtab.h:1423
    #15 0x7fd3424cfbd4 in octave::symbol_table::cleanup()
libinterp/corefcn/symtab.cc:1496
    #16 0x7fd3422a8bae in octave::interpreter::cleanup()
libinterp/corefcn/interpreter.cc:1144
    #17 0x7fd3422a4bdb in octave::interpreter::~interpreter()
libinterp/corefcn/interpreter.cc:536
    #18 0x7fd3415debb5 in octave::application::delete_interpreter()
libinterp/octave.cc:340
    #19 0x7fd3415df206 in octave::cli_application::execute()
libinterp/octave.cc:386
    #20 0x401d7c in main src/main-cli.cc:90
    #21 0x7fd33ed5782f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #22 0x401808 in _start
(/home/rik/wip/Projects_Mine/octave-dbg/src/.libs/lt-octave-cli+0x401808)

0x61400002ae48 is located 8 bytes inside of 416-byte region
[0x61400002ae40,0x61400002afe0)
freed by thread T0 here:
    #0 0x7fd342dcbb2a in operator delete(void*)
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99b2a)
    #1 0x7fd341c9bb89 in octave_user_function::~octave_user_function()
libinterp/octave-value/ov-usr-fcn.cc:284
    #2 0x7fd3415e033b in octave_value::~octave_value()
libinterp/octave-value/ov.h:320
    #3 0x7fd341df5102 in octave::tree_function_def::~tree_function_def()
libinterp/parse-tree/pt-cmd.h:110
    #4 0x7fd341df513d in octave::tree_function_def::~tree_function_def()
libinterp/parse-tree/pt-cmd.h:110
    #5 0x7fd341e5c26d in octave::tree_statement::~tree_statement()
libinterp/parse-tree/pt-stmt.cc:55
    #6 0x7fd341e5c3cb in octave::tree_statement::~tree_statement()
libinterp/parse-tree/pt-stmt.cc:58
    #7 0x7fd341de36a4 in octave::tree_statement_list::~tree_statement_list()
libinterp/parse-tree/pt-stmt.h:154
    #8 0x7fd341de3763 in octave::tree_statement_list::~tree_statement_list()
libinterp/parse-tree/pt-stmt.h:157
    #9 0x7fd341db039e in yydestruct libinterp/parse-tree/oct-parse.yy:345
    #10 0x7fd341dc4bd0 in octave_push_parse(octave_pstate*, int, OCTAVE_STYPE
const*, octave::base_parser&) libinterp/parse-tree/oct-parse.cc:5954
    #11 0x7fd341db313c in octave_pull_parse(octave_pstate*,
octave::base_parser&) libinterp/parse-tree/oct-parse.cc:2994
    #12 0x7fd341dd3a2d in octave::parser::run()
libinterp/parse-tree/oct-parse.yy:4319
    #13 0x7fd341dd4664 in parse_fcn_file
libinterp/parse-tree/oct-parse.yy:4477
    #14 0x7fd341dd67c7 in
octave::load_fcn_from_file(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>
> const&, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&, std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>
> const&, bool) libinterp/parse-tree/oct-parse.yy:4714
    #15 0x7fd3424cd1a0 in
octave::symbol_table::fcn_info::fcn_info_rep::find_user_function()
libinterp/corefcn/symtab.cc:1215
    #16 0x7fd3424c911b in
octave::symbol_table::fcn_info::fcn_info_rep::load_class_constructor()
libinterp/corefcn/symtab.cc:576
    #17 0x7fd3424cb505 in
octave::symbol_table::fcn_info::fcn_info_rep::xfind(octave_value_list const&,
bool) libinterp/corefcn/symtab.cc:928
    #18 0x7fd3424cab9b in
octave::symbol_table::fcn_info::fcn_info_rep::find(octave_value_list const&,
bool) libinterp/corefcn/symtab.cc:808
    #19 0x7fd3424d5901 in
octave::symbol_table::fcn_info::find(octave_value_list const&, bool)
libinterp/corefcn/symtab.h:1020
    #20 0x7fd3424d03e3 in
octave::symbol_table::scope::find(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, octave_value_list
const&, bool, bool) libinterp/corefcn/symtab.cc:1574
    #21 0x7fd3424ce681 in
octave::symbol_table::find(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, octave_value_list
const&, bool, bool) libinterp/corefcn/symtab.cc:1358
    #22 0x7fd3424ceae9 in
octave::symbol_table::find_function(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, octave_value_list
const&, bool) libinterp/corefcn/symtab.cc:1392
    #23 0x7fd3424c6d73 in
octave::symbol_table::symbol_record::find(octave_value_list const&) const
libinterp/corefcn/symtab.cc:241
    #24 0x7fd341e18aee in
octave::tree_evaluator::visit_identifier(octave::tree_identifier&)
libinterp/parse-tree/pt-eval.cc:985
    #25 0x7fd341ddfabe in
octave::tree_identifier::accept(octave::tree_walker&)
libinterp/parse-tree/pt-id.h:128
    #26 0x7fd341b8ad7a in
octave::tree_evaluator::evaluate(octave::tree_expression*, int)
libinterp/parse-tree/pt-eval.h:271
    #27 0x7fd341e1fa76 in
octave::tree_evaluator::visit_simple_assignment(octave::tree_simple_assignment&)
libinterp/parse-tree/pt-eval.cc:2085
    #28 0x7fd341e05242 in
octave::tree_simple_assignment::accept(octave::tree_walker&)
libinterp/parse-tree/pt-assign.h:83
    #29 0x7fd341b8ad7a in
octave::tree_evaluator::evaluate(octave::tree_expression*, int)
libinterp/parse-tree/pt-eval.h:271

previously allocated by thread T0 here:
    #0 0x7fd342dcb532 in operator new(unsigned long)
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
    #1 0x7fd341dcc2fb in
octave::base_parser::start_function(octave::tree_identifier*,
octave::tree_parameter_list*, octave::tree_statement_list*,
octave::tree_statement*) libinterp/parse-tree/oct-parse.yy:3315
    #2 0x7fd341dcbe69 in octave::base_parser::make_function(octave::token*,
octave::tree_parameter_list*, octave::tree_identifier*,
octave::tree_parameter_list*, octave::tree_statement_list*,
octave::tree_statement*, octave::comment_list*)
libinterp/parse-tree/oct-parse.yy:3277
    #3 0x7fd341dc087c in octave_push_parse(octave_pstate*, int, OCTAVE_STYPE
const*, octave::base_parser&) libinterp/parse-tree/oct-parse.yy:1611
    #4 0x7fd341db313c in octave_pull_parse(octave_pstate*,
octave::base_parser&) libinterp/parse-tree/oct-parse.cc:2994
    #5 0x7fd341dd3a2d in octave::parser::run()
libinterp/parse-tree/oct-parse.yy:4319
    #6 0x7fd341dd4664 in parse_fcn_file
libinterp/parse-tree/oct-parse.yy:4477
    #7 0x7fd341dd67c7 in
octave::load_fcn_from_file(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>
> const&, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&, std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>
> const&, bool) libinterp/parse-tree/oct-parse.yy:4714
    #8 0x7fd3424cd1a0 in
octave::symbol_table::fcn_info::fcn_info_rep::find_user_function()
libinterp/corefcn/symtab.cc:1215
    #9 0x7fd3424c911b in
octave::symbol_table::fcn_info::fcn_info_rep::load_class_constructor()
libinterp/corefcn/symtab.cc:576
    #10 0x7fd3424cb505 in
octave::symbol_table::fcn_info::fcn_info_rep::xfind(octave_value_list const&,
bool) libinterp/corefcn/symtab.cc:928
    #11 0x7fd3424cab9b in
octave::symbol_table::fcn_info::fcn_info_rep::find(octave_value_list const&,
bool) libinterp/corefcn/symtab.cc:808
    #12 0x7fd3424d5901 in
octave::symbol_table::fcn_info::find(octave_value_list const&, bool)
libinterp/corefcn/symtab.h:1020
    #13 0x7fd3424d03e3 in
octave::symbol_table::scope::find(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, octave_value_list
const&, bool, bool) libinterp/corefcn/symtab.cc:1574
    #14 0x7fd3424ce681 in
octave::symbol_table::find(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, octave_value_list
const&, bool, bool) libinterp/corefcn/symtab.cc:1358
    #15 0x7fd3424ceae9 in
octave::symbol_table::find_function(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, octave_value_list
const&, bool) libinterp/corefcn/symtab.cc:1392
    #16 0x7fd3424c6d73 in
octave::symbol_table::symbol_record::find(octave_value_list const&) const
libinterp/corefcn/symtab.cc:241
    #17 0x7fd341e18aee in
octave::tree_evaluator::visit_identifier(octave::tree_identifier&)
libinterp/parse-tree/pt-eval.cc:985
    #18 0x7fd341ddfabe in
octave::tree_identifier::accept(octave::tree_walker&)
libinterp/parse-tree/pt-id.h:128
    #19 0x7fd341b8ad7a in
octave::tree_evaluator::evaluate(octave::tree_expression*, int)
libinterp/parse-tree/pt-eval.h:271
    #20 0x7fd341e1fa76 in
octave::tree_evaluator::visit_simple_assignment(octave::tree_simple_assignment&)
libinterp/parse-tree/pt-eval.cc:2085
    #21 0x7fd341e05242 in
octave::tree_simple_assignment::accept(octave::tree_walker&)
libinterp/parse-tree/pt-assign.h:83
    #22 0x7fd341b8ad7a in
octave::tree_evaluator::evaluate(octave::tree_expression*, int)
libinterp/parse-tree/pt-eval.h:271
    #23 0x7fd341e20990 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
libinterp/parse-tree/pt-eval.cc:2209
    #24 0x7fd341e5e8dc in octave::tree_statement::accept(octave::tree_walker&)
libinterp/parse-tree/pt-stmt.h:112
    #25 0x7fd341e20cab in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
libinterp/parse-tree/pt-eval.cc:2251
    #26 0x7fd341b8b618 in
octave::tree_statement_list::accept(octave::tree_walker&)
libinterp/parse-tree/pt-stmt.h:187
    #27 0x7fd3422a7ab0 in octave::interpreter::main_loop()
libinterp/corefcn/interpreter.cc:974
    #28 0x7fd3422a5943 in octave::interpreter::execute()
libinterp/corefcn/interpreter.cc:695
    #29 0x7fd3415df1ab in octave::cli_application::execute()
libinterp/octave.cc:384

SUMMARY: AddressSanitizer: heap-use-after-free
liboctave/util/oct-refcount.h:96 octave::refcount<long>::operator--()
Shadow bytes around the buggy address:
  0x0c287fffd570: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
  0x0c287fffd580: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c287fffd590: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c287fffd5a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c287fffd5b0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
=>0x0c287fffd5c0: fa fa fa fa fa fa fa fa fd[fd]fd fd fd fd fd fd
  0x0c287fffd5d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c287fffd5e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c287fffd5f0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x0c287fffd600: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c287fffd610: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==11669==ABORTING



    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?52080>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[Octave-bug-tracker] [bug #52080] Segmentation fault when calling clear all on classdef with local functions that cause parse error, Piotr Held, 2017/09/20
- [Octave-bug-tracker] [bug #52080] Segmentation fault when calling clear all on classdef with local functions that cause parse error, Rik, 2017/09/20
  - [Octave-bug-tracker] [bug #52080] Segmentation fault when calling clear all on classdef with local functions that cause parse error, Rik <=
    - [Octave-bug-tracker] [bug #52080] Segmentation fault when calling clear all on classdef with local functions that cause parse error, Dan Sebald, 2017/09/21
    - [Octave-bug-tracker] [bug #52080] Segmentation fault when calling clear all on classdef with local functions that cause parse error, John W. Eaton, 2017/09/21
    - [Octave-bug-tracker] [bug #52080] Segmentation fault when calling clear all on classdef with local functions that cause parse error, John W. Eaton, 2017/09/21
    - [Octave-bug-tracker] [bug #52080] Segmentation fault when calling clear all on classdef with local functions that cause parse error, Piotr Held, 2017/09/21
    - [Octave-bug-tracker] [bug #52080] Segmentation fault when calling clear all on classdef with local functions that cause parse error, John W. Eaton, 2017/09/21
    - [Octave-bug-tracker] [bug #52080] Segmentation fault when calling clear all on classdef with local functions that cause parse error, Dan Sebald, 2017/09/21

Prev by Date: [Octave-bug-tracker] [bug #43922] Renaming/deleting a file/directory in the command line should silently close/reload affected editor files
Next by Date: [Octave-bug-tracker] [bug #52069] [MXE] delete (<filename>) or unlink (<filename>) leads to crash
Previous by thread: [Octave-bug-tracker] [bug #52080] Segmentation fault when calling clear all on classdef with local functions that cause parse error
Next by thread: [Octave-bug-tracker] [bug #52080] Segmentation fault when calling clear all on classdef with local functions that cause parse error
Index(es):
- Date
- Thread