[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and addre
From: |
Rik |
Subject: |
[Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and address sanitizer |
Date: |
Fri, 13 May 2016 17:43:27 +0000 (UTC) |
User-agent: |
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 |
URL:
<http://savannah.gnu.org/bugs/?47914>
Summary: segfault with OpenGL patches and address sanitizer
Project: GNU Octave
Submitted by: rik5
Submitted on: Fri 13 May 2016 10:43:26 AM PDT
Category: Interpreter
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: Crash
Status: Confirmed
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: dev
Operating System: GNU/Linux
_______________________________________________________
Details:
When Octave has been configured with the --enable-address-sanitizer option,
the second patch demo causes a segmentation violation. The log is shown
below.
>> clf;
>> t1 = (1/16:1/8:1)' * 2*pi;
>> t2 = ((1/16:1/16:1)' + 1/32) * 2*pi;
>> x1 = sin (t1) - 0.8;
>> y1 = cos (t1);
>> x2 = sin (t2) + 0.8;
>> y2 = cos (t2);
>> patch ([[x1;NaN(8,1)],x2], [[y1;NaN(8,1)],y2], 'r');
>>
=================================================================
==13896==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6180002ae7c0 at pc 0x7f1f009ded95 bp 0x7ffef2b046b0 sp 0x7ffef2b03e58
READ of size 68 at 0x6180002ae7c0 thread T0
#0 0x7f1f009ded94 in __asan_memcpy
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8cd94)
#1 0x7f1ed1fabbf3 (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x30ebf3)
#2 0x7f1ed1fb2d6f (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x315d6f)
#3 0x7f1ed1fb20f9 (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x3150f9)
#4 0x7f1ed1fafa7d (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x312a7d)
#5 0x7f1ed1fb0b23 (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x313b23)
#6 0x7f1ed2085034 (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x3e8034)
#7 0x7f1ed20852b5 (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x3e82b5)
#8 0x7f1ed1fc0018 (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x323018)
#9 0x7f1ed1fb8c44 (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x31bc44)
#10 0x7f1ed1fb9168
(/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x31c168)
#11 0x7f1ed22a02ce
(/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x6032ce)
#12 0x7f1ed1e75bde
(/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x1d8bde)
#13 0x7f1ed1e49989
(/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x1ac989)
#14 0x7f1ed1e3021b
(/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x19321b)
#15 0x7f1ed1e467d2
(/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x1a97d2)
#16 0x7f1ed1d54769 (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0xb7769)
#17 0x7f1efeeca0d7 in opengl_renderer::draw_axes_children(axes::properties
const&) libinterp/corefcn/gl-render.cc:1571
#18 0x7f1efeecab2d in opengl_renderer::draw_axes(axes::properties const&)
libinterp/corefcn/gl-render.cc:1645
#19 0x7f1efeec10b9 in opengl_renderer::draw(graphics_object const&, bool)
libinterp/corefcn/gl-render.cc:620
#20 0x7f1f004c7018 in opengl_renderer::draw(Matrix const&, bool)
libinterp/corefcn/gl-render.h:52
#21 0x7f1efeec2587 in opengl_renderer::draw_figure(figure::properties
const&) libinterp/corefcn/gl-render.cc:675
#22 0x7f1efeec0fb8 in opengl_renderer::draw(graphics_object const&, bool)
libinterp/corefcn/gl-render.cc:618
#23 0x7f1f0049e78c in QtHandles::GLCanvas::draw(octave_handle const&)
libgui/graphics/GLCanvas.cc:67
#24 0x7f1f0047f002 in QtHandles::Canvas::canvasPaintEvent()
libgui/graphics/Canvas.cc:319
#25 0x7f1f0049edab in QtHandles::GLCanvas::paintGL()
libgui/graphics/GLCanvas.cc:148
#26 0x7f1ef9da32e4 in QGLWidget::glDraw()
(/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0x2d2e4)
#27 0x7f1ef9da2d9c in QGLWidget::paintEvent(QPaintEvent*)
(/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0x2cd9c)
#28 0x7f1ef929de1f in QWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x218e1f)
#29 0x7f1ef9dac7a0 in QGLWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0x367a0)
#30 0x7f1ef9249cdb in QApplicationPrivate::notify_helper(QObject*,
QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c4cdb)
#31 0x7f1ef9250c15 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1cbc15)
#32 0x7f1ef8d1d85c in QCoreApplication::notifyInternal(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18a85c)
#33 0x7f1ef9298476 in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion
const&, QPoint const&, int, QPainter*, QWidgetBackingStore*)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x213476)
#34 0x7f1ef946abfc in QWidgetPrivate::repaint_sys(QRegion const&)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x3e5bfc)
#35 0x7f1ef928b116 in QWidgetPrivate::syncBackingStore()
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x206116)
#36 0x7f1ef929df07 in QWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x218f07)
#37 0x7f1ef9dac7a0 in QGLWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0x367a0)
#38 0x7f1ef9249cdb in QApplicationPrivate::notify_helper(QObject*,
QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c4cdb)
#39 0x7f1ef9250c15 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1cbc15)
#40 0x7f1ef8d1d85c in QCoreApplication::notifyInternal(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18a85c)
#41 0x7f1ef8d21315 in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18e315)
#42 0x7f1ef8d4e07d (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x1bb07d)
#43 0x7f1ef1fdbff6 in g_main_context_dispatch
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49ff6)
#44 0x7f1ef1fdc24f (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a24f)
#45 0x7f1ef1fdc2fb in g_main_context_iteration
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a2fb)
#46 0x7f1ef8d4e1ed in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x1bb1ed)
#47 0x7f1ef92f4c25 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x26fc25)
#48 0x7f1ef8d1c0d0 in
QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x1890d0)
#49 0x7f1ef8d1c444 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x189444)
#50 0x7f1ef8d22428 in QCoreApplication::exec()
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18f428)
#51 0x7f1f003b3a4c in octave_start_gui(int, char**, bool)
libgui/src/octave-gui.cc:198
#52 0x403b0d in main src/main-gui.cc:106
#53 0x7f1efa5f0a3f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
#54 0x4035f8 in _start
(/home/rik/wip/Projects_Mine/octave-dbg/src/.libs/lt-octave-gui+0x4035f8)
0x6180002ae7c0 is located 0 bytes to the right of 832-byte region
[0x6180002ae480,0x6180002ae7c0)
allocated by thread T0 here:
#0 0x7f1f009ea9aa in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x989aa)
#1 0x7f1ed2084cb7 (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x3e7cb7)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 __asan_memcpy
Shadow bytes around the buggy address:
0x0c308004dca0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c308004dcb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c308004dcc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c308004dcd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c308004dce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c308004dcf0: 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa fa fa
0x0c308004dd00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c308004dd10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c308004dd20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c308004dd30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c308004dd40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==13896==ABORTING
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?47914>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and address sanitizer,
Rik <=