octave-bug-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Octave-bug-tracker] [bug #52022] Memory issue using "who -file" detecte


From: Rik
Subject: [Octave-bug-tracker] [bug #52022] Memory issue using "who -file" detected by Address Sanitizer
Date: Thu, 14 Sep 2017 15:40:25 -0400 (EDT)
User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0

URL:
  <http://savannah.gnu.org/bugs/?52022>

                 Summary: Memory issue using "who -file" detected by Address
Sanitizer 
                 Project: GNU Octave
            Submitted by: rik5
            Submitted on: Thu 14 Sep 2017 12:40:24 PM PDT
                Category: Interpreter
                Severity: 3 - Normal
                Priority: 5 - Normal
              Item Group: Segfault, Bus Error, etc.
                  Status: None
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: dev
        Operating System: Any

    _______________________________________________________

Details:

Address Sanitizer detected a heap-use-after-free when using "who -file".  To
build Octave with the Address Sanitizer see
http://wiki.octave.org/Finding_Memory_Leaks.

Octave code:


x = magic (3);
save -text foo.var x
who -file foo.var


The resulting backtrace is:


==22757==ERROR: AddressSanitizer: heap-use-after-free on address
0x6070003e6580 at pc 0x7fa83a250ad3 bp 0x7ffe21e4cb30 sp 0x7ffe21e4cb20
READ of size 8 at 0x6070003e6580 thread T0
    #0 0x7fa83a250ad2 in
octave::symbol_table::symbol_record::clear(octave::symbol_table::scope*)
libinterp/corefcn/symtab.h:712
    #1 0x7fa83a250fa6 in octave::symbol_table::scope::clear_variables()
libinterp/corefcn/symtab.h:2057
    #2 0x7fa83a2569fe in
octave::action_container::method_elem<octave::symbol_table::scope>::run()
liboctave/util/action-container.h:147
    #3 0x7fa83a0d31b2 in octave::unwind_protect::run_first()
liboctave/util/unwind-prot.h:72
    #4 0x7fa83a0d2d22 in octave::action_container::run(unsigned long)
liboctave/util/action-container.h:477
    #5 0x7fa83a0d2da3 in octave::action_container::run()
liboctave/util/action-container.h:480
    #6 0x7fa83a0d2fca in octave::unwind_protect::~unwind_protect()
liboctave/util/unwind-prot.h:56
    #7 0x7fa83aad916b in do_who libinterp/corefcn/variables.cc:1648
    #8 0x7fa83aada438 in Fwho(octave::interpreter&, octave_value_list const&,
int) libinterp/corefcn/variables.cc:1854
    #9 0x7fa83a0d24e3 in octave_builtin::call(octave::tree_evaluator&, int,
octave_value_list const&) libinterp/octave-value/ov-builtin.cc:71
    #10 0x7fa83a3c7aa1 in
octave::tree_evaluator::visit_index_expression(octave::tree_index_expression&)
libinterp/parse-tree/pt-eval.cc:1252
    #11 0x7fa83a3fa9ec in
octave::tree_index_expression::accept(octave::tree_walker&)
libinterp/parse-tree/pt-idx.h:101
    #12 0x7fa83a152e92 in
octave::tree_evaluator::evaluate(octave::tree_expression*, int)
libinterp/parse-tree/pt-eval.h:271
    #13 0x7fa83a3ce164 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
libinterp/parse-tree/pt-eval.cc:2209
    #14 0x7fa83a40c13e in octave::tree_statement::accept(octave::tree_walker&)
libinterp/parse-tree/pt-stmt.h:112
    #15 0x7fa83a3ce47f in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
libinterp/parse-tree/pt-eval.cc:2251
    #16 0x7fa83a153730 in
octave::tree_statement_list::accept(octave::tree_walker&)
libinterp/parse-tree/pt-stmt.h:187
    #17 0x7fa83a8556e4 in octave::interpreter::main_loop()
libinterp/corefcn/interpreter.cc:974
    #18 0x7fa83a853577 in octave::interpreter::execute()
libinterp/corefcn/interpreter.cc:695
    #19 0x7fa839baa3eb in octave::cli_application::execute()
libinterp/octave.cc:384
    #20 0x401d7c in main src/main-cli.cc:90
    #21 0x7fa83732f82f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #22 0x401808 in _start
(/home/rik/wip/Projects_Mine/octave-dbg/src/.libs/lt-octave-cli+0x401808)

0x6070003e6580 is located 64 bytes inside of 72-byte region
[0x6070003e6540,0x6070003e6588)
freed by thread T0 here:
    #0 0x7fa83b36cb2a in operator delete(void*)
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99b2a)
    #1 0x7fa83a1bc169 in
__gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >
>::deallocate(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >*, unsigned long)
/usr/include/c++/5/ext/new_allocator.h:110
    #2 0x7fa83a1bb712 in
std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> > >
>::deallocate(std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> > >&,
std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >*, unsigned long)
/usr/include/c++/5/bits/alloc_traits.h:517
    #3 0x7fa83a1ba796 in std::_Rb_tree<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >,
std::pair<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const, octave::symbol_table::symbol_record>,
std::_Select1st<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >
>::_M_put_node(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >*)
/usr/include/c++/5/bits/stl_tree.h:495
    #4 0x7fa83a1b82a3 in std::_Rb_tree<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >,
std::pair<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const, octave::symbol_table::symbol_record>,
std::_Select1st<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >
>::_M_drop_node(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >*)
/usr/include/c++/5/bits/stl_tree.h:562
    #5 0x7fa83a1b5d07 in std::_Rb_tree<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >,
std::pair<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const, octave::symbol_table::symbol_record>,
std::_Select1st<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >
>::_M_erase(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >*)
/usr/include/c++/5/bits/stl_tree.h:1614
    #6 0x7fa83a1b43bb in std::_Rb_tree<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >,
std::pair<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const, octave::symbol_table::symbol_record>,
std::_Select1st<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> > >::~_Rb_tree()
/usr/include/c++/5/bits/stl_tree.h:858
    #7 0x7fa83a1b2515 in std::map<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >,
octave::symbol_table::symbol_record,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> > >::~map()
/usr/include/c++/5/bits/stl_map.h:96
    #8 0x7fa83a1b2579 in octave::symbol_table::scope::~scope()
libinterp/corefcn/symtab.h:1816
    #9 0x7fa83aad915c in do_who libinterp/corefcn/variables.cc:1652
    #10 0x7fa83aada438 in Fwho(octave::interpreter&, octave_value_list const&,
int) libinterp/corefcn/variables.cc:1854
    #11 0x7fa83a0d24e3 in octave_builtin::call(octave::tree_evaluator&, int,
octave_value_list const&) libinterp/octave-value/ov-builtin.cc:71
    #12 0x7fa83a3c7aa1 in
octave::tree_evaluator::visit_index_expression(octave::tree_index_expression&)
libinterp/parse-tree/pt-eval.cc:1252
    #13 0x7fa83a3fa9ec in
octave::tree_index_expression::accept(octave::tree_walker&)
libinterp/parse-tree/pt-idx.h:101
    #14 0x7fa83a152e92 in
octave::tree_evaluator::evaluate(octave::tree_expression*, int)
libinterp/parse-tree/pt-eval.h:271
    #15 0x7fa83a3ce164 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
libinterp/parse-tree/pt-eval.cc:2209
    #16 0x7fa83a40c13e in octave::tree_statement::accept(octave::tree_walker&)
libinterp/parse-tree/pt-stmt.h:112
    #17 0x7fa83a3ce47f in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
libinterp/parse-tree/pt-eval.cc:2251
    #18 0x7fa83a153730 in
octave::tree_statement_list::accept(octave::tree_walker&)
libinterp/parse-tree/pt-stmt.h:187
    #19 0x7fa83a8556e4 in octave::interpreter::main_loop()
libinterp/corefcn/interpreter.cc:974
    #20 0x7fa83a853577 in octave::interpreter::execute()
libinterp/corefcn/interpreter.cc:695
    #21 0x7fa839baa3eb in octave::cli_application::execute()
libinterp/octave.cc:384
    #22 0x401d7c in main src/main-cli.cc:90
    #23 0x7fa83732f82f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

previously allocated by thread T0 here:
    #0 0x7fa83b36c532 in operator new(unsigned long)
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
    #1 0x7fa83a3f2a62 in
__gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> > >::allocate(unsigned long, void const*)
/usr/include/c++/5/ext/new_allocator.h:104
    #2 0x7fa83a3f1da6 in
std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> > >
>::allocate(std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> > >&, unsigned long)
/usr/include/c++/5/bits/alloc_traits.h:491
    #3 0x7fa83a3ee722 in std::_Rb_tree<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >,
std::pair<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const, octave::symbol_table::symbol_record>,
std::_Select1st<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> > >::_M_get_node()
/usr/include/c++/5/bits/stl_tree.h:491
    #4 0x7fa83a3e55b0 in
std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >*
std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >, std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record>,
std::_Select1st<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >
>::_M_create_node<std::piecewise_construct_t const&,
std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&>, std::tuple<> >(std::piecewise_construct_t
const&, std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&>&&, std::tuple<>&&)
/usr/include/c++/5/bits/stl_tree.h:545
    #5 0x7fa83a3dc1f5 in
std::_Rb_tree_iterator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >
std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >, std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record>,
std::_Select1st<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >
>::_M_emplace_hint_unique<std::piecewise_construct_t const&,
std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&>, std::tuple<>
>(std::_Rb_tree_const_iterator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >, std::piecewise_construct_t const&,
std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&>&&, std::tuple<>&&)
/usr/include/c++/5/bits/stl_tree.h:2170
    #6 0x7fa83a3d78d6 in std::map<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >,
octave::symbol_table::symbol_record,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >
>::operator[](std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&) /usr/include/c++/5/bits/stl_map.h:483
    #7 0x7fa83aa7e984 in
octave::symbol_table::scope::insert(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, bool)
libinterp/corefcn/symtab.cc:1628
    #8 0x7fa83a1b2d68 in
octave::symbol_table::scope::assign(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, octave_value const&,
bool) libinterp/corefcn/symtab.h:1932
    #9 0x7fa83a250cba in
octave::symbol_table::scope::assign(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, octave_value const&)
libinterp/corefcn/symtab.h:1943
    #10 0x7fa83a890395 in install_loaded_variable
libinterp/corefcn/load-save.cc:161
    #11 0x7fa83a892237 in do_load(std::istream&,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>
> const&, load_save_format, octave::mach_info::float_format, bool, bool, bool,
string_vector const&, int, int, int) libinterp/corefcn/load-save.cc:456
    #12 0x7fa83a894195 in Fload(octave_value_list const&, int)
libinterp/corefcn/load-save.cc:857
    #13 0x7fa83a0d23fe in octave_builtin::call(octave::tree_evaluator&, int,
octave_value_list const&) libinterp/octave-value/ov-builtin.cc:65
    #14 0x7fa83a386f09 in octave::feval(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, octave_value_list
const&, int) libinterp/parse-tree/oct-parse.yy:5128
    #15 0x7fa83aad9013 in do_who libinterp/corefcn/variables.cc:1661
    #16 0x7fa83aada438 in Fwho(octave::interpreter&, octave_value_list const&,
int) libinterp/corefcn/variables.cc:1854
    #17 0x7fa83a0d24e3 in octave_builtin::call(octave::tree_evaluator&, int,
octave_value_list const&) libinterp/octave-value/ov-builtin.cc:71
    #18 0x7fa83a3c7aa1 in
octave::tree_evaluator::visit_index_expression(octave::tree_index_expression&)
libinterp/parse-tree/pt-eval.cc:1252
    #19 0x7fa83a3fa9ec in
octave::tree_index_expression::accept(octave::tree_walker&)
libinterp/parse-tree/pt-idx.h:101
    #20 0x7fa83a152e92 in
octave::tree_evaluator::evaluate(octave::tree_expression*, int)
libinterp/parse-tree/pt-eval.h:271
    #21 0x7fa83a3ce164 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
libinterp/parse-tree/pt-eval.cc:2209
    #22 0x7fa83a40c13e in octave::tree_statement::accept(octave::tree_walker&)
libinterp/parse-tree/pt-stmt.h:112
    #23 0x7fa83a3ce47f in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
libinterp/parse-tree/pt-eval.cc:2251
    #24 0x7fa83a153730 in
octave::tree_statement_list::accept(octave::tree_walker&)
libinterp/parse-tree/pt-stmt.h:187
    #25 0x7fa83a8556e4 in octave::interpreter::main_loop()
libinterp/corefcn/interpreter.cc:974
    #26 0x7fa83a853577 in octave::interpreter::execute()
libinterp/corefcn/interpreter.cc:695
    #27 0x7fa839baa3eb in octave::cli_application::execute()
libinterp/octave.cc:384
    #28 0x401d7c in main src/main-cli.cc:90
    #29 0x7fa83732f82f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: heap-use-after-free libinterp/corefcn/symtab.h:712
octave::symbol_table::symbol_record::clear(octave::symbol_table::scope*)
Shadow bytes around the buggy address:
  0x0c0e80074c60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0e80074c70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0e80074c80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0e80074c90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0e80074ca0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c0e80074cb0:[fd]fa fa fa fa fa fd fd fd fd fd fd fd fd fd fa
  0x0c0e80074cc0: fa fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa
  0x0c0e80074cd0: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa
  0x0c0e80074ce0: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa 00 00
  0x0c0e80074cf0: 00 00 00 00 00 00 00 fa fa fa fa fa fd fd fd fd
  0x0c0e80074d00: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==22757==ABORTING







    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?52022>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]