[Octave-bug-tracker] [bug #51533] heap-buffer-overflow in Sparse.cc-tst

[Dmitri A. Sergatskov]

Follow-up Comment #1, bug #51533 (project octave):

The same (?) problem shows up in some other tests:


octave:1> test libinterp/octave-value/ov-fcn-handle.cc-tst verbose
>>>>>
/home/dima/src/octave/gcc_asan/libinterp/octave-value/ov-fcn-handle.cc-tst
***** test <*33857>
 a = 2;
 f = @(x) a + x;
 g = @(x) 2 * x;
 hm = @version;
 hdld = @svd;
 hbi = @log2;
 f2 = f;
 g2 = g;
 hm2 = hm;
 hdld2 = hdld;
 hbi2 = hbi;
 modes = {"-text", "-binary"};
 if (isfield (__octave_config_info__, "HAVE_HDF5")
     && __octave_config_info__ ("HAVE_HDF5"))
   modes(end+1) = "-hdf5";
 endif
 for i = 1:numel (modes)
   mode = modes{i};
   nm = tempname ();
   unwind_protect
     f2 (1);
     save (mode, nm, "f2", "g2", "hm2", "hdld2", "hbi2");
     clear f2 g2 hm2 hdld2 hbi2
     load (nm);
     assert (f (2), f2 (2));
     assert (g (2), g2 (2));
     assert (g (3), g2 (3));
     unlink (nm);
     save (mode, nm, "f2", "g2", "hm2", "hdld2", "hbi2");
   unwind_protect_cleanup
     unlink (nm);
   end_unwind_protect
 endfor
***** function fcn_handle_save_recurse (n, mode, nm, f2, g2, hm2, hdld2,
hbi2)
  if (n == 0)
    save (mode, nm, "f2", "g2", "hm2", "hdld2", "hbi2");
  else
    fcn_handle_save_recurse (n - 1, mode, nm, f2, g2, hm2, hdld2, hbi2);
  endif
=================================================================
==30622==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6110000535ff at pc 0x7fea234002ee bp 0x7fffb2456ef0 sp 0x7fffb2456ee0
...skip...
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/dima/src/octave/gcc_asan/libinterp/.libs/liboctinterp.so.4+0x155e2ed)
in octave::lexer::fill_flex_buffer(char*, unsigned int)



    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?51533>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/