[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[BUG] Memory error
From: |
Marc Nieper-Wißkirchen |
Subject: |
[BUG] Memory error |
Date: |
Thu, 1 Dec 2022 17:03:17 +0100 |
The following example causes a segmentation fault (interestingly,
there's no segmentation fault if I remove the `jit_indirect();'
statement).
$ cat crash.c
#include <lightning.h>
int main (int argc, char *argv[])
{
init_jit (argv[0]);
jit_state_t *_jit = jit_new_state ();
jit_prolog ();
jit_indirect ();
jit_node_t *fwd = jit_forward ();
jit_link (fwd);
jit_patch_at (jit_movi (JIT_R0, 0), fwd);
jit_retr (JIT_R0);
jit_epilog ();
jit_emit ();
jit_clear_state ();
jit_disassemble ();
jit_destroy_state ();
finish_jit ();
}
$ gcc -llightning -o crash crash.c
$ valgrind ./crash
$ valgrind ./crash
==60038== Memcheck, a memory error detector
==60038== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==60038== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==60038== Command: ./crash
==60038==
==60038== Invalid write of size 4
==60038== at 0x48753C0: _simplify_movi (lightning.c:3441)
==60038== by 0x487BB7B: _simplify (lightning.c:3663)
==60038== by 0x487BB7B: _jit_optimize (lightning.c:1850)
==60038== by 0x487CEA4: _jit_realize (lightning.c:2168)
==60038== by 0x489C417: _jit_emit (lightning.c:2323)
==60038== by 0x4012C6: main (in /home/mnieper/tmp/crash)
==60038== Address 0x4df0ec0 is 141,856 bytes inside an unallocated
block of size 4,037,440 in arena "client"
==60038==
L0: /* prolog */
0x485b000 sub $0x30,%rsp
0x485b004 mov %rbp,(%rsp)
0x485b008 mov %rsp,%rbp
0x485b00b sub $0x18,%rsp
L1:
0x485b00f nop
movi ==60038== Invalid read of size 1
==60038== at 0x484ED16: strlen (in
/usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==60038== by 0x4929A98: fputs (iofputs.c:33)
==60038== by 0x4871D6D: _jit_print_node (jit_print.c:167)
==60038== by 0x486FF7A: _disassemble (jit_disasm.c:363)
==60038== by 0x486FF7A: _jit_disassemble (jit_disasm.c:224)
==60038== by 0x4012DE: main (in /home/mnieper/tmp/crash)
==60038== Address 0x8e0c0 is not stack'd, malloc'd or (recently) free'd
==60038==
==60038==
==60038== Process terminating with default action of signal 11 (SIGSEGV)
==60038== Access not within mapped region at address 0x8E0C0
==60038== at 0x484ED16: strlen (in
/usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==60038== by 0x4929A98: fputs (iofputs.c:33)
==60038== by 0x4871D6D: _jit_print_node (jit_print.c:167)
==60038== by 0x486FF7A: _disassemble (jit_disasm.c:363)
==60038== by 0x486FF7A: _jit_disassemble (jit_disasm.c:224)
==60038== by 0x4012DE: main (in /home/mnieper/tmp/crash)
==60038== If you believe this happened as a result of a stack
==60038== overflow in your program's main thread (unlikely but
==60038== possible), you can try to increase the size of the
==60038== main thread stack using the --main-stacksize= flag.
==60038== The main thread stack size used in this run was 8388608.
==60038==
==60038== HEAP SUMMARY:
==60038== in use at exit: 147,024 bytes in 28 blocks
==60038== total heap usage: 35 allocs, 7 frees, 154,488 bytes allocated
==60038==
==60038== LEAK SUMMARY:
==60038== definitely lost: 0 bytes in 0 blocks
==60038== indirectly lost: 0 bytes in 0 blocks
==60038== possibly lost: 0 bytes in 0 blocks
==60038== still reachable: 147,024 bytes in 28 blocks
==60038== suppressed: 0 bytes in 0 blocks
==60038== Rerun with --leak-check=full to see details of leaked memory
==60038==
==60038== For lists of detected and suppressed errors, rerun with: -s
==60038== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
Segmentation fault
- [BUG] Memory error,
Marc Nieper-Wißkirchen <=