octave-maintainers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: octave w/ fsanitize=undefined

From: John W. Eaton
Subject: Re: octave w/ fsanitize=undefined
Date: Fri, 14 Apr 2017 13:30:22 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.6.0 
On 04/14/2017 11:34 AM, Dmitri A. Sergatskov wrote:



On Fri, Apr 14, 2017 at 9:46 AM, John W. Eaton <address@hidden
<mailto:address@hidden>> wrote:


    Maybe that last one explains the io.tst failure when using LTO?

    I'll try to check them out, but help is also welcome, especially in
    determining exactly which tests show the errors.


​Any ("easy") way to run a subtest? E.g. with demo one can do "demo plot
2" , but test does not seem to have this option.

Setting "more off" and running
test ../test/io.tst verbose I get:
<...>
​***** testif HAVE_ZLIB

 [save_status, save_files] = testls (0);
 [load_status, load_files] = testls (1);

 for f = [save_files, load_files]
   unlink (f{1});
 endfor

 assert (save_status && load_status);
../libinterp/corefcn/ls-mat5.cc:2418:12: runtime error: null pointer
passed as argument 1, which is declared to never be null
../libinterp/corefcn/ls-mat5.cc:2419:13: runtime error: null pointer
passed as argument 1, which is declared to never be null
***** testif HAVE_HDF5

 s8  =   int8 (fix ((2^8  - 1) * (rand (2, 2) - 0.5)));
 u8  =  uint8 (fix ((2^8  - 1) * (rand (2, 2) - 0.5)));
 s16 =  int16 (fix ((2^16 - 1) * (rand (2, 2) - 0.5)));
 u16 = uint16 (fix ((2^16 - 1) * (rand (2, 2) - 0.5)));
 s32 =  int32 (fix ((2^32 - 1) * (rand (2, 2) - 0.5)));
 u32 = uint32 (fix ((2^32 - 1) * (rand (2, 2) - 0.5)));
 s64 =  int64 (fix ((2^64 - 1) * (rand (2, 2) - 0.5)));
 u64 = uint64 (fix ((2^64 - 1) * (rand (2, 2) - 0.5)));
 s8t = s8; u8t = u8; s16t = s16; u16t = u16; s32t = s32; u32t = u32;
 s64t = s64; u64t = u64;
 h5file = tempname ();
 unwind_protect
   eval (sprintf ("save -hdf5 %s %s", h5file, "s8 u8 s16 u16 s32 u32 s64
u64"));
   clear s8 u8 s16 u16 s32 u32 s64 u64;
   load (h5file);
   assert (s8, s8t);
   assert (u8, u8t);
   assert (s16, s16t);
   assert (u16, u16t);
   assert (s32, s32t);
   assert (u32, u32t);
   assert (s64, s64t);
   assert (u64, u64t);
 unwind_protect_cleanup
   unlink (h5file);
 end_unwind_protect
***** test


Thanks.
Now I see that the error messages from the address sanitizer already point to source line numbers so at least in some cases it's possible to tell what is wrong without knowing exactly what the test is. In this case, the code in ls-mat5.cc is 

    int paddedlength = PAD (namelen);

    write_mat5_tag (os, miINT8, namelen);
    OCTAVE_LOCAL_BUFFER (char, paddedname, paddedlength);
    memset (paddedname, 0, paddedlength);
    strncpy (paddedname, name.c_str (), namelen);
    os.write (paddedname, paddedlength);
and the problem happens when namelen is 0 and paddedlength is also 0. unlike operator new, OCTAVE_LOCAL_BUFFER just returns 0 for zero size allocations, so the calls to memset and strncpy are incorrect. The attached change to the local buffer code should fix this problem and I think it's probably best to just have local buffer allocation act more like operator new. We are not saving many cycles with this optimization, so I don't think it really matters. 

jwe

Attachment: diffs.txt
Description: Text document

reply via email to
[Prev in Thread] Current Thread [Next in Thread]