[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #66471] polymorphic allocator memory issues
|
From: |
Dmitri A. Sergatskov |
|
Subject: |
[Octave-bug-tracker] [bug #66471] polymorphic allocator memory issues |
|
Date: |
Fri, 13 Dec 2024 14:10:23 -0500 (EST) |
Follow-up Comment #9, bug #66471 (group octave):
Pretty much the same on MacOS:
octave:1> pkg load stk
octave:2> __stk_sampling_vdc_rr2__ (2,1)
ans = <2x1 stk_dataframe array>
=================================================================
==61297==ERROR: AddressSanitizer: heap-use-after-free on address
0x6020004f6650 at pc 0x00010388e1ec bp 0x00016dd73220 sp 0x00016dd729d0
READ of size 16 at 0x6020004f6650 thread T0
#0 0x10388e1e8 in __asan_memmove+0x2a4
(libclang_rt.asan_osx_dynamic.dylib:arm64e+0x521e8)
#1 0x10ad022a8 in double*
std::__1::__constexpr_memmove[abi:ne180100]<double, double const, 0>(double*,
double const*, std::__1::__element_count) constexpr_c_functions.h:212
#2 0x10ad020a4 in std::__1::pair<double const*, double*>
std::__1::__copy_trivial_impl[abi:ne180100]<double const, double>(double
const*, double const*, double*) copy_move_common.h:66
#3 0x10ad017bc in std::__1::pair<double const*, double*>
std::__1::__copy_trivial::operator()[abi:ne180100]<double const, double,
0>(double const*, double const*, double*) const copy.h:104
#4 0x10ad01044 in std::__1::pair<double const*, double*>
std::__1::__unwrap_and_dispatch[abi:ne180100]<std::__1::__overload<std::__1::__copy_loop<std::__1::_ClassicAlgPolicy>,
std::__1::__copy_trivial>, double const*, double const*, double*, 0>(double
const*, double const*, double*) copy_move_common.h:109
#5 0x10ad00cb8 in std::__1::pair<double const*, double*>
std::__1::__dispatch_copy_or_move[abi:ne180100]<std::__1::_ClassicAlgPolicy,
std::__1::__copy_loop<std::__1::_ClassicAlgPolicy>, std::__1::__copy_trivial,
double const*, double const*, double*>(double const*, double const*, double*)
copy_move_common.h:133
#6 0x10ad00a94 in std::__1::pair<double const*, double*>
std::__1::__copy[abi:ne180100]<std::__1::_ClassicAlgPolicy, double const*,
double const*, double*>(double const*, double const*, double*) copy.h:111
#7 0x10acad518 in double* std::__1::copy[abi:ne180100]<double const*,
double*>(double const*, double const*, double*) copy.h:118
#8 0x10aca3f18 in double* std::__1::copy_n[abi:ne180100]<double const*,
long long, double*, 0>(double const*, long long, double*) copy_n.h:55
#9 0x10aca1044 in long long octave::idx_vector::index<double>(double
const*, long long, double*) const idx-vector.h:595
#10 0x10aca1fe4 in Array<double,
std::__1::pmr::polymorphic_allocator<double>>::index(octave::idx_vector
const&, octave::idx_vector const&) const Array-base.cc:822
#11 0x10aca6d10 in Array<double,
std::__1::pmr::polymorphic_allocator<double>>::index(octave::idx_vector
const&, octave::idx_vector const&, bool, double const&) const
Array-base.cc:1100
#12 0x1075376e8 in Array<double,
std::__1::pmr::polymorphic_allocator<double>>::index(octave::idx_vector
const&, octave::idx_vector const&, bool) const Array.h:731
#13 0x1075368e4 in
octave_base_matrix<NDArray>::do_index_op(octave_value_list const&, bool)
ov-base-mat.cc:204
#14 0x1075347a0 in
octave_base_matrix<NDArray>::subsref(std::__1::basic_string<char,
std::__1::char_traits<char>, std::__1::allocator<char>> const&,
std::__1::list<octave_value_list, std::__1::allocator<octave_value_list>>
const&) ov-base-mat.cc:77
#15 0x10753527c in
octave_base_matrix<NDArray>::subsref(std::__1::basic_string<char,
std::__1::char_traits<char>, std::__1::allocator<char>> const&,
std::__1::list<octave_value_list, std::__1::allocator<octave_value_list>>
const&, int) ov-base-mat.h:103
#16 0x1078cd7fc in octave_value::subsref(std::__1::basic_string<char,
std::__1::char_traits<char>, std::__1::allocator<char>> const&,
std::__1::list<octave_value_list, std::__1::allocator<octave_value_list>>
const&, int) ov.cc:1459
#17 0x107ca64c8 in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
pt-idx.cc:654
#18 0x107ca7c90 in
octave::tree_index_expression::evaluate(octave::tree_evaluator&, int)
pt-idx.h:105
#19 0x107bbbb14 in
octave::tree_evaluator::convert_to_const_vector(octave::tree_argument_list*)
pt-eval.cc:2368
#20 0x107ca4b00 in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
pt-idx.cc:450
#21 0x107ca7c90 in
octave::tree_index_expression::evaluate(octave::tree_evaluator&, int)
pt-idx.h:105
#22 0x107b67974 in
octave::tree_simple_assignment::evaluate(octave::tree_evaluator&, int)
pt-assign.cc:97
#23 0x107bd01cc in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
pt-eval.cc:4072
#24 0x107ce818c in octave::tree_statement::accept(octave::tree_walker&)
pt-stmt.h:125
#25 0x107bd1158 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
pt-eval.cc:4157
#26 0x1072e7070 in
octave::tree_statement_list::accept(octave::tree_walker&) pt-stmt.h:215
#27 0x107bc545c in
octave::tree_evaluator::visit_simple_for_command(octave::tree_simple_for_command&)
pt-eval.cc:3275
#28 0x107cc5c04 in
octave::tree_simple_for_command::accept(octave::tree_walker&) pt-loop.h:154
#29 0x107bcfe4c in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
pt-eval.cc:4047
#30 0x107ce818c in octave::tree_statement::accept(octave::tree_walker&)
pt-stmt.h:125
#31 0x107bd1158 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
pt-eval.cc:4157
#32 0x1072e7070 in
octave::tree_statement_list::accept(octave::tree_walker&) pt-stmt.h:215
#33 0x107bce9dc in
octave::tree_evaluator::visit_if_command_list(octave::tree_if_command_list&)
pt-eval.cc:3920
#34 0x107bce4e4 in
octave::tree_if_command_list::accept(octave::tree_walker&) pt-select.h:139
#35 0x107bce3c4 in
octave::tree_evaluator::visit_if_command(octave::tree_if_command&)
pt-eval.cc:3898
#36 0x107ce1e84 in octave::tree_if_command::accept(octave::tree_walker&)
pt-select.h:168
#37 0x107bcfe4c in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
pt-eval.cc:4047
#38 0x107ce818c in octave::tree_statement::accept(octave::tree_walker&)
pt-stmt.h:125
#39 0x107bd1158 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
pt-eval.cc:4157
#40 0x1072e7070 in
octave::tree_statement_list::accept(octave::tree_walker&) pt-stmt.h:215
#41 0x107bcc728 in
octave::tree_evaluator::execute_user_function(octave_user_function&, int,
octave_value_list const&) pt-eval.cc:3798
#42 0x10789d7f8 in octave_user_function::execute(octave::tree_evaluator&,
int, octave_value_list const&) ov-usr-fcn.cc:569
#43 0x10789d5c0 in octave_user_function::call(octave::tree_evaluator&,
int, octave_value_list const&) ov-usr-fcn.cc:562
#44 0x107ca4ea8 in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
pt-idx.cc:470
#45 0x107ca7c90 in
octave::tree_index_expression::evaluate(octave::tree_evaluator&, int)
pt-idx.h:105
#46 0x107b67974 in
octave::tree_simple_assignment::evaluate(octave::tree_evaluator&, int)
pt-assign.cc:97
#47 0x107bd01cc in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
pt-eval.cc:4072
#48 0x107ce818c in octave::tree_statement::accept(octave::tree_walker&)
pt-stmt.h:125
#49 0x107bd1158 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
pt-eval.cc:4157
#50 0x1072e7070 in
octave::tree_statement_list::accept(octave::tree_walker&) pt-stmt.h:215
#51 0x107bce9dc in
octave::tree_evaluator::visit_if_command_list(octave::tree_if_command_list&)
pt-eval.cc:3920
#52 0x107bce4e4 in
octave::tree_if_command_list::accept(octave::tree_walker&) pt-select.h:139
#53 0x107bce3c4 in
octave::tree_evaluator::visit_if_command(octave::tree_if_command&)
pt-eval.cc:3898
#54 0x107ce1e84 in octave::tree_if_command::accept(octave::tree_walker&)
pt-select.h:168
#55 0x107bcfe4c in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
pt-eval.cc:4047
#56 0x107ce818c in octave::tree_statement::accept(octave::tree_walker&)
pt-stmt.h:125
#57 0x107bd1158 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
pt-eval.cc:4157
#58 0x1072e7070 in
octave::tree_statement_list::accept(octave::tree_walker&) pt-stmt.h:215
#59 0x107bcc728 in
octave::tree_evaluator::execute_user_function(octave_user_function&, int,
octave_value_list const&) pt-eval.cc:3798
#60 0x10789d7f8 in octave_user_function::execute(octave::tree_evaluator&,
int, octave_value_list const&) ov-usr-fcn.cc:569
#61 0x10789d5c0 in octave_user_function::call(octave::tree_evaluator&,
int, octave_value_list const&) ov-usr-fcn.cc:562
#62 0x107ca4ea8 in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
pt-idx.cc:470
#63 0x107ca7c90 in
octave::tree_index_expression::evaluate(octave::tree_evaluator&, int)
pt-idx.h:105
#64 0x107b67974 in
octave::tree_simple_assignment::evaluate(octave::tree_evaluator&, int)
pt-assign.cc:97
#65 0x107bd01cc in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
pt-eval.cc:4072
#66 0x107ce818c in octave::tree_statement::accept(octave::tree_walker&)
pt-stmt.h:125
#67 0x107bd1158 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
pt-eval.cc:4157
#68 0x1072e7070 in
octave::tree_statement_list::accept(octave::tree_walker&) pt-stmt.h:215
#69 0x107bcc728 in
octave::tree_evaluator::execute_user_function(octave_user_function&, int,
octave_value_list const&) pt-eval.cc:3798
#70 0x10789d7f8 in octave_user_function::execute(octave::tree_evaluator&,
int, octave_value_list const&) ov-usr-fcn.cc:569
#71 0x10789d5c0 in octave_user_function::call(octave::tree_evaluator&,
int, octave_value_list const&) ov-usr-fcn.cc:562
#72 0x107ca4ea8 in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
pt-idx.cc:470
#73 0x107ca7c90 in
octave::tree_index_expression::evaluate(octave::tree_evaluator&, int)
pt-idx.h:105
#74 0x107bd01cc in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
pt-eval.cc:4072
#75 0x107ce818c in octave::tree_statement::accept(octave::tree_walker&)
pt-stmt.h:125
#76 0x107bd1158 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
pt-eval.cc:4157
#77 0x1072e7070 in
octave::tree_statement_list::accept(octave::tree_walker&) pt-stmt.h:215
#78 0x107bcc728 in
octave::tree_evaluator::execute_user_function(octave_user_function&, int,
octave_value_list const&) pt-eval.cc:3798
#79 0x10789d7f8 in octave_user_function::execute(octave::tree_evaluator&,
int, octave_value_list const&) ov-usr-fcn.cc:569
#80 0x10789d5c0 in octave_user_function::call(octave::tree_evaluator&,
int, octave_value_list const&) ov-usr-fcn.cc:562
#81 0x1086a2c6c in octave::interpreter::feval(std::__1::basic_string<char,
std::__1::char_traits<char>, std::__1::allocator<char>> const&,
octave_value_list const&, int) interpreter.cc:1577
#82 0x1086a04e4 in octave::interpreter::feval(char const*,
octave_value_list const&, int) interpreter.cc:1562
#83 0x107ba9f3c in octave::tree_evaluator::bind_ans(octave_value const&,
bool) pt-eval.cc:4577
#84 0x107bd03e4 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
pt-eval.cc:4084
#85 0x107ce818c in octave::tree_statement::accept(octave::tree_walker&)
pt-stmt.h:125
#86 0x107bd1158 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
pt-eval.cc:4157
#87 0x1072e7070 in
octave::tree_statement_list::accept(octave::tree_walker&) pt-stmt.h:215
#88 0x107ba48e4 in
octave::tree_evaluator::eval(std::__1::shared_ptr<octave::tree_statement_list>&,
bool) pt-eval.cc:1000
#89 0x107ba6a78 in octave::tree_evaluator::repl() pt-eval.cc:817
#90 0x1086a034c in octave::interpreter::main_loop() interpreter.cc:1336
#91 0x10869ca5c in octave::interpreter::execute() interpreter.cc:897
#92 0x1066d92a0 in octave::cli_application::execute() octave.cc:443
#93 0x10207b188 in main main-cli.cc:150
#94 0x186514270 (<unknown module>)
0x6020004f6650 is located 0 bytes inside of 16-byte region
[0x6020004f6650,0x6020004f6660)
freed by thread T0 here:
#0 0x103890d40 in free+0x98
(libclang_rt.asan_osx_dynamic.dylib:arm64e+0x54d40)
#1 0x10887d2dc in xfree(void*) mxarray.cc:108
#2 0x10887fa64 in mex::free(void*) mxarray.cc:3341
#3 0x10887be3c in mxFree(void*) mxarray.cc:3372
#4 0x1088933f4 in mxArray_base_full::~mxArray_base_full() mxarray.cc:1610
#5 0x1088b2930 in mxArray_separate_full::~mxArray_separate_full()
mxarray.cc:2144
#6 0x1088b190c in mxArray_separate_full::~mxArray_separate_full()
mxarray.cc:2142
#7 0x1088b1938 in mxArray_separate_full::~mxArray_separate_full()
mxarray.cc:2142
#8 0x10887bde0 in mxArray::~mxArray() mxarray.cc:3095
#9 0x10887be74 in mxArray::~mxArray() mxarray.cc:3092
#10 0x10887ccf4 in mex::~mex() mxarray.cc:3243
#11 0x10887e240 in mex::~mex() mxarray.cc:3230
#12 0x108880f18 in octave::call_mex(octave_mex_function&,
octave_value_list const&, int) mxarray.cc:3529
#13 0x107bca010 in
octave::tree_evaluator::execute_mex_function(octave_mex_function&, int,
octave_value_list const&) pt-eval.cc:3596
#14 0x1077fa088 in octave_mex_function::execute(octave::tree_evaluator&,
int, octave_value_list const&) ov-mex-fcn.cc:97
#15 0x107755a54 in octave_function::call(octave::tree_evaluator&, int,
octave_value_list const&) ov-fcn.cc:74
#16 0x107ca4ea8 in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
pt-idx.cc:470
#17 0x107ca7c90 in
octave::tree_index_expression::evaluate(octave::tree_evaluator&, int)
pt-idx.h:105
#18 0x107bd01cc in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
pt-eval.cc:4072
#19 0x107ce818c in octave::tree_statement::accept(octave::tree_walker&)
pt-stmt.h:125
#20 0x107bd1158 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
pt-eval.cc:4157
#21 0x1072e7070 in
octave::tree_statement_list::accept(octave::tree_walker&) pt-stmt.h:215
#22 0x107ba48e4 in
octave::tree_evaluator::eval(std::__1::shared_ptr<octave::tree_statement_list>&,
bool) pt-eval.cc:1000
#23 0x107ba6a78 in octave::tree_evaluator::repl() pt-eval.cc:817
#24 0x1086a034c in octave::interpreter::main_loop() interpreter.cc:1336
#25 0x10869ca5c in octave::interpreter::execute() interpreter.cc:897
#26 0x1066d92a0 in octave::cli_application::execute() octave.cc:443
#27 0x10207b188 in main main-cli.cc:150
#28 0x186514270 (<unknown module>)
previously allocated by thread T0 here:
#0 0x103890c04 in malloc+0x94
(libclang_rt.asan_osx_dynamic.dylib:arm64e+0x54c04)
#1 0x10887e2f8 in xmalloc(unsigned long) mxarray.cc:79
#2 0x10887e274 in mex::malloc_unmarked(unsigned long) mxarray.cc:3278
#3 0x1088801f4 in mex::calloc_unmarked(unsigned long, unsigned long)
mxarray.h:716
#4 0x10888019c in mxArray::calloc(unsigned long, unsigned long)
mxarray.cc:3386
#5 0x108880258 in mxArray::alloc(bool, unsigned long, unsigned long)
mxarray.cc:3392
#6 0x1088b3da8 in mxArray_base_full::mxArray_base_full(bool, bool,
mxClassID, long long, long long, bool) mxarray.cc:1542
#7 0x1088b3e98 in mxArray_separate_full::mxArray_separate_full(mxClassID,
long long, long long, mxComplexity, bool) mxarray.cc:2108
#8 0x10887c2f4 in mxArray_separate_full::mxArray_separate_full(mxClassID,
long long, long long, mxComplexity, bool) mxarray.cc:2112
#9 0x10887a7d8 in mxArray::create_rep(bool, mxClassID, long long, long
long, mxComplexity, bool) mxarray.cc:3154
#10 0x10887a69c in mxArray::mxArray(bool, mxClassID, long long, long long,
mxComplexity, bool) mxarray.cc:3036
#11 0x10887a87c in mxArray::mxArray(bool, mxClassID, long long, long long,
mxComplexity, bool) mxarray.cc:3037
#12 0x1021eb310 in mxCreateDoubleMatrix mex.cc:455
#13 0x1064667f8 in mexFunction+0x520
(__stk_sampling_vdc_rr2__.mex:arm64+0x27f8)
#14 0x108880c9c in octave::call_mex(octave_mex_function&,
octave_value_list const&, int) mxarray.cc:3506
#15 0x107bca010 in
octave::tree_evaluator::execute_mex_function(octave_mex_function&, int,
octave_value_list const&) pt-eval.cc:3596
#16 0x1077fa088 in octave_mex_function::execute(octave::tree_evaluator&,
int, octave_value_list const&) ov-mex-fcn.cc:97
#17 0x107755a54 in octave_function::call(octave::tree_evaluator&, int,
octave_value_list const&) ov-fcn.cc:74
#18 0x107ca4ea8 in
octave::tree_index_expression::evaluate_n(octave::tree_evaluator&, int)
pt-idx.cc:470
#19 0x107ca7c90 in
octave::tree_index_expression::evaluate(octave::tree_evaluator&, int)
pt-idx.h:105
#20 0x107bd01cc in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
pt-eval.cc:4072
#21 0x107ce818c in octave::tree_statement::accept(octave::tree_walker&)
pt-stmt.h:125
#22 0x107bd1158 in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
pt-eval.cc:4157
#23 0x1072e7070 in
octave::tree_statement_list::accept(octave::tree_walker&) pt-stmt.h:215
#24 0x107ba48e4 in
octave::tree_evaluator::eval(std::__1::shared_ptr<octave::tree_statement_list>&,
bool) pt-eval.cc:1000
#25 0x107ba6a78 in octave::tree_evaluator::repl() pt-eval.cc:817
#26 0x1086a034c in octave::interpreter::main_loop() interpreter.cc:1336
#27 0x10869ca5c in octave::interpreter::execute() interpreter.cc:897
#28 0x1066d92a0 in octave::cli_application::execute() octave.cc:443
#29 0x10207b188 in main main-cli.cc:150
SUMMARY: AddressSanitizer: heap-use-after-free
(libclang_rt.asan_osx_dynamic.dylib:arm64e+0x521e8) in __asan_memmove+0x2a4
Shadow bytes around the buggy address:
0x6020004f6380: fa fa 00 fa fa fa fd fa fa fa fd fa fa fa 00 fa
0x6020004f6400: fa fa fd fd fa fa 00 00 fa fa fd fa fa fa fd fa
0x6020004f6480: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x6020004f6500: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x6020004f6580: fa fa fd fd fa fa fd fa fa fa fd fd fa fa fd fd
=>0x6020004f6600: fa fa fd fd fa fa fd fd fa fa[fd]fd fa fa fd fa
0x6020004f6680: fa fa fd fa fa fa fd fa fa fa fd fd fa fa fd fa
0x6020004f6700: fa fa fd fd fa fa fd fd fa fa 00 00 fa fa fd fd
0x6020004f6780: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x6020004f6800: fa fa fd fd fa fa fd fa fa fa fd fa fa fa fd fa
0x6020004f6880: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==61297==ABORTING
fatal: caught signal Abort trap: 6 -- stopping myself...
zsh: abort octave-cli
Dmitri.
--
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?66471>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Octave-bug-tracker] [bug #66471] polymorphic allocator memory issues,
Dmitri A. Sergatskov <=