[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and addre
From: |
Rik |
Subject: |
[Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and address sanitizer |
Date: |
Tue, 12 Jul 2016 17:09:58 +0000 (UTC) |
User-agent: |
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 |
Follow-up Comment #7, bug #47914 (project octave):
This still fails for me with cset 5ad67277b007. This is a debug version so I
am setting '-O0 -g' in the flags. I'll try again with a regular build to see
if optimizations stop the segfault.
demo patch 2
patch example 2:
%% Unclosed patch
clf;
t1 = (1/16:1/8:1)' * 2*pi;
t2 = ((1/16:1/16:1)' + 1/32) * 2*pi;
x1 = sin (t1) - 0.8;
y1 = cos (t1);
x2 = sin (t2) + 0.8;
y2 = cos (t2);
patch ([[x1;NaN(8,1)],x2], [[y1;NaN(8,1)],y2], 'r');
=================================================================
==16388==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6180002dafc0 at pc 0x7f2a6837ed95 bp 0x7ffe847f0ac0 sp 0x7ffe847f0268
READ of size 68 at 0x6180002dafc0 thread T0
#0 0x7f2a6837ed94 in __asan_memcpy
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8cd94)
#1 0x7f2a3ad8fbf3 (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x30ebf3)
#2 0x7f2a3ad96d6f (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x315d6f)
#3 0x7f2a3ad960f9 (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x3150f9)
#4 0x7f2a3ad93a7d (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x312a7d)
#5 0x7f2a3ad94b23 (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x313b23)
#6 0x7f2a3ae69034 (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x3e8034)
#7 0x7f2a3ae692b5 (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x3e82b5)
#8 0x7f2a3ada4018 (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x323018)
#9 0x7f2a3ad9cc44 (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x31bc44)
#10 0x7f2a3ad9d168
(/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x31c168)
#11 0x7f2a3b0842ce
(/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x6032ce)
#12 0x7f2a3ac59bde
(/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x1d8bde)
#13 0x7f2a3ac2d989
(/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x1ac989)
#14 0x7f2a3ac1421b
(/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x19321b)
#15 0x7f2a3ac2a7d2
(/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x1a97d2)
#16 0x7f2a3ab38769 (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0xb7769)
#17 0x7f2a66f7faa6 in opengl_renderer::draw_axes_children(axes::properties
const&) libinterp/corefcn/gl-render.cc:1695
#18 0x7f2a66f80724 in opengl_renderer::draw_axes(axes::properties const&)
libinterp/corefcn/gl-render.cc:1777
#19 0x7f2a66f7607b in opengl_renderer::draw(graphics_object const&, bool)
libinterp/corefcn/gl-render.cc:630
#20 0x7f2a67f5e50a in opengl_renderer::draw(Matrix const&, bool)
libinterp/corefcn/gl-render.h:52
#21 0x7f2a66f777c1 in opengl_renderer::draw_figure(figure::properties
const&) libinterp/corefcn/gl-render.cc:700
#22 0x7f2a66f75f7a in opengl_renderer::draw(graphics_object const&, bool)
libinterp/corefcn/gl-render.cc:628
#23 0x7f2a67f350ce in QtHandles::GLCanvas::draw(octave_handle const&)
libgui/graphics/GLCanvas.cc:63
#24 0x7f2a67f160a8 in QtHandles::Canvas::canvasPaintEvent()
libgui/graphics/Canvas.cc:319
#25 0x7f2a67f35701 in QtHandles::GLCanvas::paintGL()
libgui/graphics/GLCanvas.cc:144
#26 0x7f2a6300f2e4 in QGLWidget::glDraw()
(/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0x2d2e4)
#27 0x7f2a6300ed9c in QGLWidget::paintEvent(QPaintEvent*)
(/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0x2cd9c)
#28 0x7f2a62509e1f in QWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x218e1f)
#29 0x7f2a630187a0 in QGLWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0x367a0)
#30 0x7f2a624b5cdb in QApplicationPrivate::notify_helper(QObject*,
QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c4cdb)
#31 0x7f2a624bcc15 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1cbc15)
#32 0x7f2a61f8985c in QCoreApplication::notifyInternal(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18a85c)
#33 0x7f2a62504476 in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion
const&, QPoint const&, int, QPainter*, QWidgetBackingStore*)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x213476)
#34 0x7f2a626d6bfc in QWidgetPrivate::repaint_sys(QRegion const&)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x3e5bfc)
#35 0x7f2a624f7116 in QWidgetPrivate::syncBackingStore()
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x206116)
#36 0x7f2a62509f07 in QWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x218f07)
#37 0x7f2a630187a0 in QGLWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0x367a0)
#38 0x7f2a624b5cdb in QApplicationPrivate::notify_helper(QObject*,
QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c4cdb)
#39 0x7f2a624bcc15 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1cbc15)
#40 0x7f2a61f8985c in QCoreApplication::notifyInternal(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18a85c)
#41 0x7f2a61f8d315 in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18e315)
#42 0x7f2a61fba07d (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x1bb07d)
#43 0x7f2a5ad91ff6 in g_main_context_dispatch
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49ff6)
#44 0x7f2a5ad9224f (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a24f)
#45 0x7f2a5ad922fb in g_main_context_iteration
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a2fb)
#46 0x7f2a61fba1ed in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x1bb1ed)
#47 0x7f2a62560c25 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x26fc25)
#48 0x7f2a61f880d0 in
QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x1890d0)
#49 0x7f2a61f88444 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x189444)
#50 0x7f2a61f8e428 in QCoreApplication::exec()
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18f428)
#51 0x7f2a67e40de9 in octave::gui_application::execute()
libgui/src/octave-gui.cc:224
#52 0x401fb8 in main src/main-gui.cc:104
#53 0x7f2a63d82abf in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x20abf)
#54 0x401998 in _start
(/home/rik/wip/Projects_Mine/octave-dbg/src/.libs/lt-octave-gui+0x401998)
0x6180002dafc0 is located 0 bytes to the right of 832-byte region
[0x6180002dac80,0x6180002dafc0)
allocated by thread T0 here:
#0 0x7f2a6838a9aa in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x989aa)
#1 0x7f2a3ae68cb7 (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x3e7cb7)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 __asan_memcpy
Shadow bytes around the buggy address:
0x0c30800535a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c30800535b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c30800535c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c30800535d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c30800535e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c30800535f0: 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa fa fa
0x0c3080053600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3080053610: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3080053620: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3080053630: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3080053640: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==16388==ABORTING
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?47914>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and address sanitizer, Rik, 2016/07/01
- [Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and address sanitizer, Pantxo Diribarne, 2016/07/12
- [Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and address sanitizer, Pantxo Diribarne, 2016/07/12
- [Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and address sanitizer, Pantxo Diribarne, 2016/07/12
- [Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and address sanitizer, Mike Miller, 2016/07/12
- [Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and address sanitizer,
Rik <=
- [Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and address sanitizer, Rik, 2016/07/12
- [Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and address sanitizer, Mike Miller, 2016/07/12
- [Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and address sanitizer, Rik, 2016/07/12
- [Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and address sanitizer, Dmitri A. Sergatskov, 2016/07/12
- Message not available
- [Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and address sanitizer, Dmitri A. Sergatskov, 2016/07/28
- [Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and address sanitizer, John W. Eaton, 2016/07/28
- [Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and address sanitizer, John W. Eaton, 2016/07/28
- [Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and address sanitizer, Markus Mützel, 2016/07/28