octave-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and addre

From: Rik
Subject: [Octave-bug-tracker] [bug #47914] segfault with OpenGL patches and address sanitizer
Date: Fri, 13 May 2016 17:43:27 +0000 (UTC)
User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 
URL:
  <http://savannah.gnu.org/bugs/?47914>

                 Summary: segfault with OpenGL patches and address sanitizer
                 Project: GNU Octave
            Submitted by: rik5
            Submitted on: Fri 13 May 2016 10:43:26 AM PDT
                Category: Interpreter
                Severity: 3 - Normal
                Priority: 5 - Normal
              Item Group: Crash
                  Status: Confirmed
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: dev
        Operating System: GNU/Linux

    _______________________________________________________

Details:

When Octave has been configured with the --enable-address-sanitizer option,
the second patch demo causes a segmentation violation.  The log is shown
below.


>> clf;
>>  t1 = (1/16:1/8:1)' * 2*pi;
>>  t2 = ((1/16:1/16:1)' + 1/32) * 2*pi;
>>  x1 = sin (t1) - 0.8;
>>  y1 = cos (t1);
>>  x2 = sin (t2) + 0.8;
>>  y2 = cos (t2);
>> patch ([[x1;NaN(8,1)],x2], [[y1;NaN(8,1)],y2], 'r');
>>
=================================================================
==13896==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6180002ae7c0 at pc 0x7f1f009ded95 bp 0x7ffef2b046b0 sp 0x7ffef2b03e58
READ of size 68 at 0x6180002ae7c0 thread T0
    #0 0x7f1f009ded94 in __asan_memcpy
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8cd94)
    #1 0x7f1ed1fabbf3  (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x30ebf3)
    #2 0x7f1ed1fb2d6f  (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x315d6f)
    #3 0x7f1ed1fb20f9  (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x3150f9)
    #4 0x7f1ed1fafa7d  (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x312a7d)
    #5 0x7f1ed1fb0b23  (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x313b23)
    #6 0x7f1ed2085034  (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x3e8034)
    #7 0x7f1ed20852b5  (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x3e82b5)
    #8 0x7f1ed1fc0018  (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x323018)
    #9 0x7f1ed1fb8c44  (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x31bc44)
    #10 0x7f1ed1fb9168 
(/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x31c168)
    #11 0x7f1ed22a02ce 
(/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x6032ce)
    #12 0x7f1ed1e75bde 
(/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x1d8bde)
    #13 0x7f1ed1e49989 
(/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x1ac989)
    #14 0x7f1ed1e3021b 
(/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x19321b)
    #15 0x7f1ed1e467d2 
(/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x1a97d2)
    #16 0x7f1ed1d54769  (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0xb7769)
    #17 0x7f1efeeca0d7 in opengl_renderer::draw_axes_children(axes::properties
const&) libinterp/corefcn/gl-render.cc:1571
    #18 0x7f1efeecab2d in opengl_renderer::draw_axes(axes::properties const&)
libinterp/corefcn/gl-render.cc:1645
    #19 0x7f1efeec10b9 in opengl_renderer::draw(graphics_object const&, bool)
libinterp/corefcn/gl-render.cc:620
    #20 0x7f1f004c7018 in opengl_renderer::draw(Matrix const&, bool)
libinterp/corefcn/gl-render.h:52
    #21 0x7f1efeec2587 in opengl_renderer::draw_figure(figure::properties
const&) libinterp/corefcn/gl-render.cc:675
    #22 0x7f1efeec0fb8 in opengl_renderer::draw(graphics_object const&, bool)
libinterp/corefcn/gl-render.cc:618
    #23 0x7f1f0049e78c in QtHandles::GLCanvas::draw(octave_handle const&)
libgui/graphics/GLCanvas.cc:67
    #24 0x7f1f0047f002 in QtHandles::Canvas::canvasPaintEvent()
libgui/graphics/Canvas.cc:319
    #25 0x7f1f0049edab in QtHandles::GLCanvas::paintGL()
libgui/graphics/GLCanvas.cc:148
    #26 0x7f1ef9da32e4 in QGLWidget::glDraw()
(/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0x2d2e4)
    #27 0x7f1ef9da2d9c in QGLWidget::paintEvent(QPaintEvent*)
(/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0x2cd9c)
    #28 0x7f1ef929de1f in QWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x218e1f)
    #29 0x7f1ef9dac7a0 in QGLWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0x367a0)
    #30 0x7f1ef9249cdb in QApplicationPrivate::notify_helper(QObject*,
QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c4cdb)
    #31 0x7f1ef9250c15 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1cbc15)
    #32 0x7f1ef8d1d85c in QCoreApplication::notifyInternal(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18a85c)
    #33 0x7f1ef9298476 in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion
const&, QPoint const&, int, QPainter*, QWidgetBackingStore*)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x213476)
    #34 0x7f1ef946abfc in QWidgetPrivate::repaint_sys(QRegion const&)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x3e5bfc)
    #35 0x7f1ef928b116 in QWidgetPrivate::syncBackingStore()
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x206116)
    #36 0x7f1ef929df07 in QWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x218f07)
    #37 0x7f1ef9dac7a0 in QGLWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtOpenGL.so.4+0x367a0)
    #38 0x7f1ef9249cdb in QApplicationPrivate::notify_helper(QObject*,
QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c4cdb)
    #39 0x7f1ef9250c15 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1cbc15)
    #40 0x7f1ef8d1d85c in QCoreApplication::notifyInternal(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18a85c)
    #41 0x7f1ef8d21315 in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18e315)
    #42 0x7f1ef8d4e07d  (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x1bb07d)
    #43 0x7f1ef1fdbff6 in g_main_context_dispatch
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49ff6)
    #44 0x7f1ef1fdc24f  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a24f)
    #45 0x7f1ef1fdc2fb in g_main_context_iteration
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a2fb)
    #46 0x7f1ef8d4e1ed in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x1bb1ed)
    #47 0x7f1ef92f4c25  (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x26fc25)
    #48 0x7f1ef8d1c0d0 in
QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x1890d0)
    #49 0x7f1ef8d1c444 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x189444)
    #50 0x7f1ef8d22428 in QCoreApplication::exec()
(/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18f428)
    #51 0x7f1f003b3a4c in octave_start_gui(int, char**, bool)
libgui/src/octave-gui.cc:198
    #52 0x403b0d in main src/main-gui.cc:106
    #53 0x7f1efa5f0a3f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
    #54 0x4035f8 in _start
(/home/rik/wip/Projects_Mine/octave-dbg/src/.libs/lt-octave-gui+0x4035f8)

0x6180002ae7c0 is located 0 bytes to the right of 832-byte region
[0x6180002ae480,0x6180002ae7c0)
allocated by thread T0 here:
    #0 0x7f1f009ea9aa in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x989aa)
    #1 0x7f1ed2084cb7  (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x3e7cb7)

SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 __asan_memcpy
Shadow bytes around the buggy address:
  0x0c308004dca0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c308004dcb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c308004dcc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c308004dcd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c308004dce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c308004dcf0: 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa fa fa
  0x0c308004dd00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c308004dd10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c308004dd20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c308004dd30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c308004dd40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==13896==ABORTING







    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?47914>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]