[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #65431] crash after hgload certain data
|
From: |
Dmitri A. Sergatskov |
|
Subject: |
[Octave-bug-tracker] [bug #65431] crash after hgload certain data |
|
Date: |
Sat, 9 Mar 2024 00:03:16 -0500 (EST) |
Follow-up Comment #21, bug #65431 (group octave):
This triggers ASAN crash:
octave:1> vert = [0 0 0; 0 1 0; 1 0 1; 1 1 1]
faces = [1 2 3; 2 3 4]
cdata = [1;30; 50; 60]
vert =
0 0 0
0 1 0
1 0 1
1 1 1
faces =
1 2 3
2 3 4
cdata =
1
30
50
60
octave:4> hp = patch ('faces',faces, 'vertices', vert, 'cdata', cdata,
'facecolor',
'interp', 'cdatamapping', 'direct')
hp = -39.771
octave:5> =================================================================
==3687642==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x608000a0b200 at pc 0x7f112d167225 bp 0x7ffce40c9320 sp 0x7ffce40c9318
READ of size 8 at 0x608000a0b200 thread T0
#0 0x7f112d167224 in
octave::opengl_renderer::draw_patch(octave::patch::properties const&)
../libinterp/corefcn/gl-render.cc:3367
#1 0x7f112d137d0b in octave::opengl_renderer::draw(octave::graphics_object
const&, bool) ../libinterp/corefcn/gl-render.cc:735
#2 0x7f112d151984 in
octave::opengl_renderer::draw_axes_children(octave::axes::properties const&)
../libinterp/corefcn/gl-render.cc:2277
#3 0x7f112d152c61 in
octave::opengl_renderer::draw_axes(octave::axes::properties const&)
../libinterp/corefcn/gl-render.cc:2363
#4 0x7f112d1378cd in octave::opengl_renderer::draw(octave::graphics_object
const&, bool) ../libinterp/corefcn/gl-render.cc:729
#5 0x7f112d175ceb in octave::opengl_renderer::draw(Matrix const&, bool)
../libinterp/corefcn/gl-render.cc:4182
#6 0x7f112d13a0c6 in
octave::opengl_renderer::draw_figure(octave::figure::properties const&)
../libinterp/corefcn/gl-render.cc:797
#7 0x7f112d137763 in octave::opengl_renderer::draw(octave::graphics_object
const&, bool) ../libinterp/corefcn/gl-render.cc:727
#8 0x7f112e979a71 in octave::GLWidget::draw(octave::graphics_object)
../libgui/graphics/GLCanvas.cc:79
#9 0x7f112e97cf17 in octave::GLCanvas::draw(octave_handle const&)
../libgui/graphics/GLCanvas.cc:319
#10 0x7f112e93355a in octave::Canvas::canvasPaintEvent()
../libgui/graphics/Canvas.cc:286
#11 0x7f112e97c796 in octave::GLWidget::paintGL()
../libgui/graphics/GLCanvas.cc:215
#12 0x7f112fb50024 in QOpenGLWidgetPrivate::render()
(/lib64/libQt6OpenGLWidgets.so.6+0x9024)
#13 0x7f112b01ae57 in QWidget::event(QEvent*)
(/lib64/libQt6Widgets.so.6+0x21ae57)
#14 0x7f112afc17b5 in QApplicationPrivate::notify_helper(QObject*,
QEvent*) (/lib64/libQt6Widgets.so.6+0x1c17b5)
#15 0x7f112ec8824f in octave::octave_qapplication::notify(QObject*,
QEvent*) ../libgui/src/octave-qobject.cc:148
#16 0x7f1129d6dbe7 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
../src/corelib/kernel/qcoreapplication.cpp:1118
#17 0x7f112b012ba9 in QWidgetPrivate::sendPaintEvent(QRegion const&)
(/lib64/libQt6Widgets.so.6+0x212ba9)
#18 0x7f112b026253 in QWidgetRepaintManager::paintAndFlush()
(/lib64/libQt6Widgets.so.6+0x226253)
#19 0x7f112b01b5bb in QWidget::event(QEvent*)
(/lib64/libQt6Widgets.so.6+0x21b5bb)
#20 0x7f112e979196 in octave::FigureWindowBase::event(QEvent*)
libgui/graphics/moc-FigureWindow.h:35
#21 0x7f112afc17b5 in QApplicationPrivate::notify_helper(QObject*,
QEvent*) (/lib64/libQt6Widgets.so.6+0x1c17b5)
#22 0x7f112ec8824f in octave::octave_qapplication::notify(QObject*,
QEvent*) ../libgui/src/octave-qobject.cc:148
#23 0x7f1129d6dbe7 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
../src/corelib/kernel/qcoreapplication.cpp:1118
#24 0x7f1129d71327 in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) ../src/corelib/kernel/qcoreapplication.cpp:1898
#25 0x7f1129ffd586 in postEventSourceDispatch
../src/corelib/kernel/qeventdispatcher_glib.cpp:243
#26 0x7f1125f1ae3e in g_main_context_dispatch
(/lib64/libglib-2.0.so.0+0x54e3e)
#27 0x7f1125f6fec7 in g_main_context_iterate.constprop.0
(/lib64/libglib-2.0.so.0+0xa9ec7)
#28 0x7f1125f1877f in g_main_context_iteration
(/lib64/libglib-2.0.so.0+0x5277f)
#29 0x7f1129ffcd5d in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/lib64/libQt6Core.so.6+0x3fcd5d)
#30 0x7f1129d7a192 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/lib64/libQt6Core.so.6+0x17a192)
#31 0x7f1129d76205 in QCoreApplication::exec()
(/lib64/libQt6Core.so.6+0x176205)
#32 0x7f112ec8b856 in octave::base_qobject::exec()
../libgui/src/octave-qobject.cc:427
#33 0x7f112ecc0d7e in octave::qt_application::execute()
../libgui/src/qt-application.cc:102
#34 0x403db8 in main ../src/main-gui.cc:150
#35 0x7f1125c296cf in __libc_start_call_main (/lib64/libc.so.6+0x296cf)
#36 0x7f1125c29788 in __libc_start_main_alias_2
(/lib64/libc.so.6+0x29788)
#37 0x403384 in _start
(/home/dima/src/octave/gcc_asan/src/.libs/lt-octave-gui+0x403384)
0x608000a0b200 is located 0 bytes to the right of 96-byte region
[0x608000a0b1a0,0x608000a0b200)
allocated by thread T0 here:
#0 0x7f112f4bb138 in operator new(unsigned long)
(/lib64/libasan.so.8+0xbb138)
#1 0x7f112e91a949 in std::__new_allocator<double>::allocate(unsigned long,
void const*) /usr/include/c++/12/bits/new_allocator.h:137
#2 0x7f112e91a28c in std::allocator_traits<std::allocator<double>
>::allocate(std::allocator<double>&, unsigned long)
/usr/include/c++/12/bits/alloc_traits.h:464
#3 0x7f112e91a17a in Array<double, std::allocator<double>
>::ArrayRep::allocate(unsigned long) ../liboctave/array/Array.h:198
#4 0x7f112e94a4fd in Array<double, std::allocator<double>
>::ArrayRep::ArrayRep(long) ../liboctave/array/Array.h:167
#5 0x7f112e948ece in Array<double, std::allocator<double>
>::Array(dim_vector const&) ../liboctave/array/Array.h:285
#6 0x7f112e946f86 in MArray<double>::MArray(dim_vector const&)
../liboctave/array/MArray.h:69
#7 0x7f112e943cea in NDArray::NDArray(dim_vector const&)
../liboctave/array/dNDArray.h:45
#8 0x7f112d1bbd2a in convert_cdata ../libinterp/corefcn/graphics.cc:1028
#9 0x7f112d49b9ec in octave::patch::properties::get_color_data() const
../libinterp/corefcn/graphics.cc:9428
#10 0x7f112d166145 in
octave::opengl_renderer::draw_patch(octave::patch::properties const&)
../libinterp/corefcn/gl-render.cc:3286
#11 0x7f112d137d0b in
octave::opengl_renderer::draw(octave::graphics_object const&, bool)
../libinterp/corefcn/gl-render.cc:735
#12 0x7f112d151984 in
octave::opengl_renderer::draw_axes_children(octave::axes::properties const&)
../libinterp/corefcn/gl-render.cc:2277
#13 0x7f112d152c61 in
octave::opengl_renderer::draw_axes(octave::axes::properties const&)
../libinterp/corefcn/gl-render.cc:2363
#14 0x7f112d1378cd in
octave::opengl_renderer::draw(octave::graphics_object const&, bool)
../libinterp/corefcn/gl-render.cc:729
#15 0x7f112d175ceb in octave::opengl_renderer::draw(Matrix const&, bool)
../libinterp/corefcn/gl-render.cc:4182
#16 0x7f112d13a0c6 in
octave::opengl_renderer::draw_figure(octave::figure::properties const&)
../libinterp/corefcn/gl-render.cc:797
#17 0x7f112d137763 in
octave::opengl_renderer::draw(octave::graphics_object const&, bool)
../libinterp/corefcn/gl-render.cc:727
#18 0x7f112e979a71 in octave::GLWidget::draw(octave::graphics_object)
../libgui/graphics/GLCanvas.cc:79
#19 0x7f112e97cf17 in octave::GLCanvas::draw(octave_handle const&)
../libgui/graphics/GLCanvas.cc:319
#20 0x7f112e93355a in octave::Canvas::canvasPaintEvent()
../libgui/graphics/Canvas.cc:286
#21 0x7f112e97c796 in octave::GLWidget::paintGL()
../libgui/graphics/GLCanvas.cc:215
#22 0x7f112fb50024 in QOpenGLWidgetPrivate::render()
(/lib64/libQt6OpenGLWidgets.so.6+0x9024)
SUMMARY: AddressSanitizer: heap-buffer-overflow
../libinterp/corefcn/gl-render.cc:3367 in
octave::opengl_renderer::draw_patch(octave::patch::properties const&)
Shadow bytes around the buggy address:
0x0c10801395f0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
0x0c1080139600: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
0x0c1080139610: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
0x0c1080139620: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
0x0c1080139630: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c1080139640:[fa]fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
0x0c1080139650: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
0x0c1080139660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1080139670: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1080139680: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1080139690: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==3687642==ABORTING
Dmitri.
--
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?65431>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, (continued)
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Dmitri A. Sergatskov, 2024/03/08
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Liang Tang, 2024/03/08
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Dmitri A. Sergatskov, 2024/03/08
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Dmitri A. Sergatskov, 2024/03/08
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Nicholas Jankowski, 2024/03/08
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Dmitri A. Sergatskov, 2024/03/08
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Nicholas Jankowski, 2024/03/08
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Nicholas Jankowski, 2024/03/08
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Nicholas Jankowski, 2024/03/08
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Nicholas Jankowski, 2024/03/08
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data,
Dmitri A. Sergatskov <=
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Markus Mützel, 2024/03/09
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Liang Tang, 2024/03/09
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Markus Mützel, 2024/03/09
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Liang Tang, 2024/03/09
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Dmitri A. Sergatskov, 2024/03/09
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Markus Mützel, 2024/03/09
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Markus Mützel, 2024/03/09
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Markus Mützel, 2024/03/09
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Liang Tang, 2024/03/09
- [Octave-bug-tracker] [bug #65431] crash after hgload certain data, Markus Mützel, 2024/03/09