[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #52022] Memory issue using "who -file" detecte
From: |
Rik |
Subject: |
[Octave-bug-tracker] [bug #52022] Memory issue using "who -file" detected by Address Sanitizer |
Date: |
Thu, 14 Sep 2017 15:40:25 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0 |
URL:
<http://savannah.gnu.org/bugs/?52022>
Summary: Memory issue using "who -file" detected by Address
Sanitizer
Project: GNU Octave
Submitted by: rik5
Submitted on: Thu 14 Sep 2017 12:40:24 PM PDT
Category: Interpreter
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: Segfault, Bus Error, etc.
Status: None
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: dev
Operating System: Any
_______________________________________________________
Details:
Address Sanitizer detected a heap-use-after-free when using "who -file". To
build Octave with the Address Sanitizer see
http://wiki.octave.org/Finding_Memory_Leaks.
Octave code:
x = magic (3);
save -text foo.var x
who -file foo.var
The resulting backtrace is:
==22757==ERROR: AddressSanitizer: heap-use-after-free on address
0x6070003e6580 at pc 0x7fa83a250ad3 bp 0x7ffe21e4cb30 sp 0x7ffe21e4cb20
READ of size 8 at 0x6070003e6580 thread T0
#0 0x7fa83a250ad2 in
octave::symbol_table::symbol_record::clear(octave::symbol_table::scope*)
libinterp/corefcn/symtab.h:712
#1 0x7fa83a250fa6 in octave::symbol_table::scope::clear_variables()
libinterp/corefcn/symtab.h:2057
#2 0x7fa83a2569fe in
octave::action_container::method_elem<octave::symbol_table::scope>::run()
liboctave/util/action-container.h:147
#3 0x7fa83a0d31b2 in octave::unwind_protect::run_first()
liboctave/util/unwind-prot.h:72
#4 0x7fa83a0d2d22 in octave::action_container::run(unsigned long)
liboctave/util/action-container.h:477
#5 0x7fa83a0d2da3 in octave::action_container::run()
liboctave/util/action-container.h:480
#6 0x7fa83a0d2fca in octave::unwind_protect::~unwind_protect()
liboctave/util/unwind-prot.h:56
#7 0x7fa83aad916b in do_who libinterp/corefcn/variables.cc:1648
#8 0x7fa83aada438 in Fwho(octave::interpreter&, octave_value_list const&,
int) libinterp/corefcn/variables.cc:1854
#9 0x7fa83a0d24e3 in octave_builtin::call(octave::tree_evaluator&, int,
octave_value_list const&) libinterp/octave-value/ov-builtin.cc:71
#10 0x7fa83a3c7aa1 in
octave::tree_evaluator::visit_index_expression(octave::tree_index_expression&)
libinterp/parse-tree/pt-eval.cc:1252
#11 0x7fa83a3fa9ec in
octave::tree_index_expression::accept(octave::tree_walker&)
libinterp/parse-tree/pt-idx.h:101
#12 0x7fa83a152e92 in
octave::tree_evaluator::evaluate(octave::tree_expression*, int)
libinterp/parse-tree/pt-eval.h:271
#13 0x7fa83a3ce164 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
libinterp/parse-tree/pt-eval.cc:2209
#14 0x7fa83a40c13e in octave::tree_statement::accept(octave::tree_walker&)
libinterp/parse-tree/pt-stmt.h:112
#15 0x7fa83a3ce47f in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
libinterp/parse-tree/pt-eval.cc:2251
#16 0x7fa83a153730 in
octave::tree_statement_list::accept(octave::tree_walker&)
libinterp/parse-tree/pt-stmt.h:187
#17 0x7fa83a8556e4 in octave::interpreter::main_loop()
libinterp/corefcn/interpreter.cc:974
#18 0x7fa83a853577 in octave::interpreter::execute()
libinterp/corefcn/interpreter.cc:695
#19 0x7fa839baa3eb in octave::cli_application::execute()
libinterp/octave.cc:384
#20 0x401d7c in main src/main-cli.cc:90
#21 0x7fa83732f82f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#22 0x401808 in _start
(/home/rik/wip/Projects_Mine/octave-dbg/src/.libs/lt-octave-cli+0x401808)
0x6070003e6580 is located 64 bytes inside of 72-byte region
[0x6070003e6540,0x6070003e6588)
freed by thread T0 here:
#0 0x7fa83b36cb2a in operator delete(void*)
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99b2a)
#1 0x7fa83a1bc169 in
__gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >
>::deallocate(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >*, unsigned long)
/usr/include/c++/5/ext/new_allocator.h:110
#2 0x7fa83a1bb712 in
std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> > >
>::deallocate(std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> > >&,
std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >*, unsigned long)
/usr/include/c++/5/bits/alloc_traits.h:517
#3 0x7fa83a1ba796 in std::_Rb_tree<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >,
std::pair<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const, octave::symbol_table::symbol_record>,
std::_Select1st<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >
>::_M_put_node(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >*)
/usr/include/c++/5/bits/stl_tree.h:495
#4 0x7fa83a1b82a3 in std::_Rb_tree<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >,
std::pair<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const, octave::symbol_table::symbol_record>,
std::_Select1st<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >
>::_M_drop_node(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >*)
/usr/include/c++/5/bits/stl_tree.h:562
#5 0x7fa83a1b5d07 in std::_Rb_tree<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >,
std::pair<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const, octave::symbol_table::symbol_record>,
std::_Select1st<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >
>::_M_erase(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >*)
/usr/include/c++/5/bits/stl_tree.h:1614
#6 0x7fa83a1b43bb in std::_Rb_tree<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >,
std::pair<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const, octave::symbol_table::symbol_record>,
std::_Select1st<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> > >::~_Rb_tree()
/usr/include/c++/5/bits/stl_tree.h:858
#7 0x7fa83a1b2515 in std::map<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >,
octave::symbol_table::symbol_record,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> > >::~map()
/usr/include/c++/5/bits/stl_map.h:96
#8 0x7fa83a1b2579 in octave::symbol_table::scope::~scope()
libinterp/corefcn/symtab.h:1816
#9 0x7fa83aad915c in do_who libinterp/corefcn/variables.cc:1652
#10 0x7fa83aada438 in Fwho(octave::interpreter&, octave_value_list const&,
int) libinterp/corefcn/variables.cc:1854
#11 0x7fa83a0d24e3 in octave_builtin::call(octave::tree_evaluator&, int,
octave_value_list const&) libinterp/octave-value/ov-builtin.cc:71
#12 0x7fa83a3c7aa1 in
octave::tree_evaluator::visit_index_expression(octave::tree_index_expression&)
libinterp/parse-tree/pt-eval.cc:1252
#13 0x7fa83a3fa9ec in
octave::tree_index_expression::accept(octave::tree_walker&)
libinterp/parse-tree/pt-idx.h:101
#14 0x7fa83a152e92 in
octave::tree_evaluator::evaluate(octave::tree_expression*, int)
libinterp/parse-tree/pt-eval.h:271
#15 0x7fa83a3ce164 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
libinterp/parse-tree/pt-eval.cc:2209
#16 0x7fa83a40c13e in octave::tree_statement::accept(octave::tree_walker&)
libinterp/parse-tree/pt-stmt.h:112
#17 0x7fa83a3ce47f in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
libinterp/parse-tree/pt-eval.cc:2251
#18 0x7fa83a153730 in
octave::tree_statement_list::accept(octave::tree_walker&)
libinterp/parse-tree/pt-stmt.h:187
#19 0x7fa83a8556e4 in octave::interpreter::main_loop()
libinterp/corefcn/interpreter.cc:974
#20 0x7fa83a853577 in octave::interpreter::execute()
libinterp/corefcn/interpreter.cc:695
#21 0x7fa839baa3eb in octave::cli_application::execute()
libinterp/octave.cc:384
#22 0x401d7c in main src/main-cli.cc:90
#23 0x7fa83732f82f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
previously allocated by thread T0 here:
#0 0x7fa83b36c532 in operator new(unsigned long)
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
#1 0x7fa83a3f2a62 in
__gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> > >::allocate(unsigned long, void const*)
/usr/include/c++/5/ext/new_allocator.h:104
#2 0x7fa83a3f1da6 in
std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> > >
>::allocate(std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> > >&, unsigned long)
/usr/include/c++/5/bits/alloc_traits.h:491
#3 0x7fa83a3ee722 in std::_Rb_tree<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >,
std::pair<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const, octave::symbol_table::symbol_record>,
std::_Select1st<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> > >::_M_get_node()
/usr/include/c++/5/bits/stl_tree.h:491
#4 0x7fa83a3e55b0 in
std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >*
std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >, std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record>,
std::_Select1st<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >
>::_M_create_node<std::piecewise_construct_t const&,
std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&>, std::tuple<> >(std::piecewise_construct_t
const&, std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&>&&, std::tuple<>&&)
/usr/include/c++/5/bits/stl_tree.h:545
#5 0x7fa83a3dc1f5 in
std::_Rb_tree_iterator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >
std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >, std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record>,
std::_Select1st<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >
>::_M_emplace_hint_unique<std::piecewise_construct_t const&,
std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&>, std::tuple<>
>(std::_Rb_tree_const_iterator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >, std::piecewise_construct_t const&,
std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&>&&, std::tuple<>&&)
/usr/include/c++/5/bits/stl_tree.h:2170
#6 0x7fa83a3d78d6 in std::map<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >,
octave::symbol_table::symbol_record,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
std::allocator<std::pair<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const,
octave::symbol_table::symbol_record> >
>::operator[](std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&) /usr/include/c++/5/bits/stl_map.h:483
#7 0x7fa83aa7e984 in
octave::symbol_table::scope::insert(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, bool)
libinterp/corefcn/symtab.cc:1628
#8 0x7fa83a1b2d68 in
octave::symbol_table::scope::assign(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, octave_value const&,
bool) libinterp/corefcn/symtab.h:1932
#9 0x7fa83a250cba in
octave::symbol_table::scope::assign(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, octave_value const&)
libinterp/corefcn/symtab.h:1943
#10 0x7fa83a890395 in install_loaded_variable
libinterp/corefcn/load-save.cc:161
#11 0x7fa83a892237 in do_load(std::istream&,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>
> const&, load_save_format, octave::mach_info::float_format, bool, bool, bool,
string_vector const&, int, int, int) libinterp/corefcn/load-save.cc:456
#12 0x7fa83a894195 in Fload(octave_value_list const&, int)
libinterp/corefcn/load-save.cc:857
#13 0x7fa83a0d23fe in octave_builtin::call(octave::tree_evaluator&, int,
octave_value_list const&) libinterp/octave-value/ov-builtin.cc:65
#14 0x7fa83a386f09 in octave::feval(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, octave_value_list
const&, int) libinterp/parse-tree/oct-parse.yy:5128
#15 0x7fa83aad9013 in do_who libinterp/corefcn/variables.cc:1661
#16 0x7fa83aada438 in Fwho(octave::interpreter&, octave_value_list const&,
int) libinterp/corefcn/variables.cc:1854
#17 0x7fa83a0d24e3 in octave_builtin::call(octave::tree_evaluator&, int,
octave_value_list const&) libinterp/octave-value/ov-builtin.cc:71
#18 0x7fa83a3c7aa1 in
octave::tree_evaluator::visit_index_expression(octave::tree_index_expression&)
libinterp/parse-tree/pt-eval.cc:1252
#19 0x7fa83a3fa9ec in
octave::tree_index_expression::accept(octave::tree_walker&)
libinterp/parse-tree/pt-idx.h:101
#20 0x7fa83a152e92 in
octave::tree_evaluator::evaluate(octave::tree_expression*, int)
libinterp/parse-tree/pt-eval.h:271
#21 0x7fa83a3ce164 in
octave::tree_evaluator::visit_statement(octave::tree_statement&)
libinterp/parse-tree/pt-eval.cc:2209
#22 0x7fa83a40c13e in octave::tree_statement::accept(octave::tree_walker&)
libinterp/parse-tree/pt-stmt.h:112
#23 0x7fa83a3ce47f in
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
libinterp/parse-tree/pt-eval.cc:2251
#24 0x7fa83a153730 in
octave::tree_statement_list::accept(octave::tree_walker&)
libinterp/parse-tree/pt-stmt.h:187
#25 0x7fa83a8556e4 in octave::interpreter::main_loop()
libinterp/corefcn/interpreter.cc:974
#26 0x7fa83a853577 in octave::interpreter::execute()
libinterp/corefcn/interpreter.cc:695
#27 0x7fa839baa3eb in octave::cli_application::execute()
libinterp/octave.cc:384
#28 0x401d7c in main src/main-cli.cc:90
#29 0x7fa83732f82f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-use-after-free libinterp/corefcn/symtab.h:712
octave::symbol_table::symbol_record::clear(octave::symbol_table::scope*)
Shadow bytes around the buggy address:
0x0c0e80074c60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e80074c70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e80074c80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e80074c90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e80074ca0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c0e80074cb0:[fd]fa fa fa fa fa fd fd fd fd fd fd fd fd fd fa
0x0c0e80074cc0: fa fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa
0x0c0e80074cd0: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa
0x0c0e80074ce0: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa 00 00
0x0c0e80074cf0: 00 00 00 00 00 00 00 fa fa fa fa fa fd fd fd fd
0x0c0e80074d00: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==22757==ABORTING
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?52022>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Octave-bug-tracker] [bug #52022] Memory issue using "who -file" detected by Address Sanitizer,
Rik <=