Bug#892288: arrayfire FTBFS on i386: test segfaults
Bernhard Übelacker
bernhardu at mailbox.org
Thu Aug 2 14:59:23 BST 2018
Hello,
tried to reproduce this, but unfortunately it fails to build against
gcc-8, for which #897707 is already open.
Therefore tried to reproduce it with gcc-7.
I think this is what happens:
- test Asssign_LinearAssignGenSeq_Test::TestBody allocates a buffer
- buffer gets deleted
- the same buffer gets deleted again - therefore in the linked list we
have now an entry that points to itself.
- test allocates again and receives the twice deleted buffer and
writes a value to it - therefore the first entry in the linked list
is our already allocated buffer and the next pointer points to the
value the test has written before.
- next allocation crashes because the next pointer contains no valid
address.
(gdb) bt
#0 0xb6abce2a in tcache_put (tc_idx=5, chunk=0x5fd798) at malloc.c:2932
#1 _int_free (av=0xb6c1b7a0 <main_arena>, p=0x5fd798, have_lock=0) at malloc.c:4173
#2 0xb6cd1668 in operator delete (ptr=0x5fd7a0) at ../../../../src/libstdc++-v3/libsupc++/del_op.cc:49
#3 0xb6e65477 in cpu::destroyArray<float> (A=0x5fd7a0) at ./src/backend/cpu/Array.cpp:223
#4 0xb77f7a6e in releaseHandle<float> (arr=0x5fd7a0) at ./src/api/c/handle.hpp:109
#5 af_release_array (arr=0x5fd7a0) at ./src/api/c/array.cpp:189
#6 0xb78625d5 in af_assign_seq (out=0xbffff328, lhs=0x5faea0, ndims=<optimized out>, index=0x5fd800, rhs=<optimized out>) at ./src/api/c/assign.cpp:135
#7 0xb7865bd7 in af_assign_gen (out=0xbffff328, lhs=0x5faea0, ndims=1, indexs=0xbffff35c, rhs_=0x5fae20) at ./src/api/c/assign.cpp:223
#8 0x00429b7c in Asssign_LinearAssignGenSeq_Test::TestBody (this=0x5faf90) at ./test/assign.cpp:926
#9 0x00563605 in testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void> (location=0x574590 "the test body", method=&virtual testing::Test::TestBody(), object=0x5faf90) at /usr/src/gtest/src/gtest.cc:2402
#10 testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void> (object=0x5faf90, method=&virtual testing::Test::TestBody(), location=0x574590 "the test body") at /usr/src/gtest/src/gtest.cc:2438
#11 0x00557c0e in testing::Test::Run (this=this at entry=0x5faf90) at /usr/src/gtest/src/gtest.cc:2474
#12 0x00557ed4 in testing::Test::Run (this=0x5faf90) at /usr/src/gtest/src/gtest.cc:2466
#13 testing::TestInfo::Run (this=0x5f9410) at /usr/src/gtest/src/gtest.cc:2656
#14 0x00558087 in testing::TestInfo::Run (this=<optimized out>) at /usr/src/gtest/src/gtest.cc:2631
#15 testing::TestCase::Run (this=0x5f9230) at /usr/src/gtest/src/gtest.cc:2776
#16 0x00558695 in testing::TestCase::Run (this=<optimized out>) at /usr/src/gtest/src/gtest.cc:2762
#17 testing::internal::UnitTestImpl::RunAllTests (this=<optimized out>) at /usr/src/gtest/src/gtest.cc:4651
#18 0x0055889d in testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> (location=0x573adc "auxiliary test code (environments or event listeners)", method=<optimized out>, object=0x5ddc60) at /usr/src/gtest/src/gtest.cc:2402
#19 testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> (location=0x573adc "auxiliary test code (environments or event listeners)", method=(bool (testing::internal::UnitTestImpl::*)(testing::internal::UnitTestImpl * const)) 0x5581f0 <testing::internal::UnitTestImpl::RunAllTests()>, object=0x5ddc60) at /usr/src/gtest/src/gtest.cc:2438
#20 testing::UnitTest::Run (this=0x5c91e0 <testing::UnitTest::GetInstance()::instance>) at /usr/src/gtest/src/gtest.cc:4259
#21 0x00423f1a in RUN_ALL_TESTS () at /usr/src/gtest/include/gtest/gtest.h:2233
#22 main (argc=<optimized out>, argv=0xbffff654) at /usr/src/gtest/src/gtest_main.cc:37
> Whatever broke it was not yet in unstable on 2017-12-31,
> but likely entered buster before 2018-01-31:
Was that probably the time as buster switched to libstdc++6 from gcc-8 ?
(But did still have gcc-7 as default compile?)
Built the package with "DEB_BUILD_MAINT_OPTIONS = hardening=+all sanitize=+address"
But then Test_assign_cpu succeeded, but tests 43 and 78 failed.
Nevertheless, because gcc-8 is default in buster this report
should probably be marked as blocked by #897707 ?
Kind regards,
Bernhard
-------------- next part --------------
# with MEMORY="-m 14G", SMP="-smp 16"
apt update
apt install devscripts dpkg-dev mc htop gcc-7 g++-7 gdb valgrind libstdc++6-8-dbg
apt install cmake libboost-dev libblas-dev libclblas-dev libclfft-dev libfftw3-dev libfreeimage-dev libgtest-dev liblapack-dev liblapacke-dev ocl-icd-opencl-dev pkg-config doxygen
mkdir -p glibc/orig; cd glibc/orig
apt source libc6
cd ../..
mkdir -p gcc-8/orig; cd gcc-8/orig
apt source libstdc++6
cd gcc-8-8.2.0; tar axf gcc-8.2.0-dfsg.tar.xz; cd ..
cd ../..
mkdir -p arrayfire/orig; cd arrayfire/orig
dget http://192.168.178.25:9999/debian-unstable-ftp.de.debian.org/pool/main/a/arrayfire/arrayfire_3.3.2+dfsg1-4.dsc
# http://http.debian.net/debian/pool/main/a/arrayfire/arrayfire_3.3.2+dfsg1-4.dsc
cd arrayfire-3.3.2+dfsg1
CC=gcc-7 CXX=g++-7 dpkg-buildpackage -uc
CC=gcc-7 CXX=g++-7 DEB_BUILD_OPTIONS=parallel=16 dpkg-buildpackage -uc -nc
cd obj-i686-linux-gnu/test
$ gdb -q --args ./assign_cpu
set height 0
set width 0
set pagination off
directory /home/benutzer/glibc/orig/glibc-2.27/malloc
directory /home/benutzer/gcc-8/orig/gcc-8-8.2.0/gcc-8.2.0/libstdc++-v3/libsupc++
directory /home/benutzer/arrayfire/orig/arrayfire-3.3.2+dfsg1
b Asssign_LinearAssignGenSeq_Test::TestBody
run
record
set can-use-hw-watchpoints 0
display/i $pc
b malloc.c:2944 if tc_idx == 5
# tcache_get
#b malloc.c:2932 if tc_idx == 5 #not stopping for some reason
#b *0xb6abce25 if tc_idx == 5 #not stopping for some reason
# tcache_put
cont
display e
print &(tcache->entries[5])
disa 2
display (*((tcache_entry **) 0x5ca064))
display (*((tcache_entry **) 0x5ca064))->next
display (*((tcache_entry **) 0x5ca064))->next->next
display (*((tcache_entry **) 0x5ca064))->next->next->next
display (*((tcache_entry **) 0x5ca064))->next->next->next->next
display (*((tcache_entry **) 0x5ca064))->next->next->next->next->next
display (*((tcache_entry **) 0x5ca064))->next->next->next->next->next->next
display (*((tcache_entry **) 0x5ca064))->next->next->next->next->next->next->next
(gdb) bt
#0 _int_free (av=<optimized out>, p=<optimized out>, have_lock=<optimized out>) at malloc.c:4390
#1 0xb6cd1668 in operator delete (ptr=0x5fd7a0) at ../../../../src/libstdc++-v3/libsupc++/del_op.cc:49
#2 0xb6e65477 in cpu::destroyArray<float> (A=0x5fd7a0) at ./src/backend/cpu/Array.cpp:223
#3 0xb77f7a6e in releaseHandle<float> (arr=0x5fd7a0) at ./src/api/c/handle.hpp:109
#4 af_release_array (arr=0x5fd7a0) at ./src/api/c/array.cpp:189
#5 0xb78625b4 in af_assign_seq (out=0xbffff328, lhs=0x5faea0, ndims=<optimized out>, index=0x5fd800, rhs=<optimized out>) at ./src/api/c/assign.cpp:134
#6 0xb7865bd7 in af_assign_gen (out=0xbffff328, lhs=0x5faea0, ndims=1, indexs=0xbffff35c, rhs_=0x5fae20) at ./src/api/c/assign.cpp:223
#7 0x00429b7c in Asssign_LinearAssignGenSeq_Test::TestBody (this=0x5faf90) at ./test/assign.cpp:926
#8 0x00563605 in testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void> (location=0x574590 "the test body", method=&virtual testing::Test::TestBody(), object=0x5faf90) at /usr/src/gtest/src/gtest.cc:2402
#9 testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void> (object=0x5faf90, method=&virtual testing::Test::TestBody(), location=0x574590 "the test body") at /usr/src/gtest/src/gtest.cc:2438
#10 0x00557c0e in testing::Test::Run (this=this at entry=0x5faf90) at /usr/src/gtest/src/gtest.cc:2474
#11 0x00557ed4 in testing::Test::Run (this=0x5faf90) at /usr/src/gtest/src/gtest.cc:2466
#12 testing::TestInfo::Run (this=0x5f9410) at /usr/src/gtest/src/gtest.cc:2656
#13 0x00558087 in testing::TestInfo::Run (this=<optimized out>) at /usr/src/gtest/src/gtest.cc:2631
#14 testing::TestCase::Run (this=0x5f9230) at /usr/src/gtest/src/gtest.cc:2776
#15 0x00558695 in testing::TestCase::Run (this=<optimized out>) at /usr/src/gtest/src/gtest.cc:2762
#16 testing::internal::UnitTestImpl::RunAllTests (this=<optimized out>) at /usr/src/gtest/src/gtest.cc:4651
#17 0x0055889d in testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> (location=0x573adc "auxiliary test code (environments or event listeners)", method=<optimized out>, object=0x5ddc60) at /usr/src/gtest/src/gtest.cc:2402
#18 testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> (location=0x573adc "auxiliary test code (environments or event listeners)", method=(bool (testing::internal::UnitTestImpl::*)(testing::internal::UnitTestImpl * const)) 0x5581f0 <testing::internal::UnitTestImpl::RunAllTests()>, object=0x5ddc60) at /usr/src/gtest/src/gtest.cc:2438
#19 testing::UnitTest::Run (this=0x5c91e0 <testing::UnitTest::GetInstance()::instance>) at /usr/src/gtest/src/gtest.cc:4259
#20 0x00423f1a in RUN_ALL_TESTS () at /usr/src/gtest/include/gtest/gtest.h:2233
#21 main (argc=<optimized out>, argv=0xbffff654) at /usr/src/gtest/src/gtest_main.cc:37
0xb6abce1f 2930 e->next = tcache->entries[tc_idx];
1: x/i $pc
=> 0xb6abce1f <_int_free+159>: mov %ebx,0x8(%edx)
3: (*((tcache_entry **) 0x5ca064)) = (tcache_entry *) 0x5fd7a0
4: (*((tcache_entry **) 0x5ca064))->next = (struct tcache_entry *) 0x5f9d30
5: (*((tcache_entry **) 0x5ca064))->next->next = (struct tcache_entry *) 0x602eb0
6: (*((tcache_entry **) 0x5ca064))->next->next->next = (struct tcache_entry *) 0x5fa970
7: (*((tcache_entry **) 0x5ca064))->next->next->next->next = (struct tcache_entry *) 0x0
8: (*((tcache_entry **) 0x5ca064))->next->next->next->next->next = <error: Cannot access memory at address 0x0>
(gdb)
2931 tcache->entries[tc_idx] = e;
1: x/i $pc
=> 0xb6abce22 <_int_free+162>: mov %edi,0x40(%eax)
3: (*((tcache_entry **) 0x5ca064)) = (tcache_entry *) 0x5fd7a0
4: (*((tcache_entry **) 0x5ca064))->next = (struct tcache_entry *) 0x5fd7a0 <------ next is pointing to itself
5: (*((tcache_entry **) 0x5ca064))->next->next = (struct tcache_entry *) 0x5fd7a0
6: (*((tcache_entry **) 0x5ca064))->next->next->next = (struct tcache_entry *) 0x5fd7a0
7: (*((tcache_entry **) 0x5ca064))->next->next->next->next = (struct tcache_entry *) 0x5fd7a0
8: (*((tcache_entry **) 0x5ca064))->next->next->next->next->next = (struct tcache_entry *) 0x5fd7a0
9: (*((tcache_entry **) 0x5ca064))->next->next->next->next->next->next = (struct tcache_entry *) 0x5fd7a0
10: (*((tcache_entry **) 0x5ca064))->next->next->next->next->next->next->next = (struct tcache_entry *) 0x5fd7a0
11: (*((tcache_entry **) 0x5ca064))->next->next->next->next->next->next->next->next = (struct tcache_entry *) 0x5fd7a0
(gdb)
(gdb) bt
#0 0xb6abce2a in tcache_put (tc_idx=5, chunk=0x5fd798) at malloc.c:2932
#1 _int_free (av=0xb6c1b7a0 <main_arena>, p=0x5fd798, have_lock=0) at malloc.c:4173
#2 0xb6cd1668 in operator delete (ptr=0x5fd7a0) at ../../../../src/libstdc++-v3/libsupc++/del_op.cc:49
#3 0xb6e65477 in cpu::destroyArray<float> (A=0x5fd7a0) at ./src/backend/cpu/Array.cpp:223
#4 0xb77f7a6e in releaseHandle<float> (arr=0x5fd7a0) at ./src/api/c/handle.hpp:109
#5 af_release_array (arr=0x5fd7a0) at ./src/api/c/array.cpp:189
#6 0xb78625d5 in af_assign_seq (out=0xbffff328, lhs=0x5faea0, ndims=<optimized out>, index=0x5fd800, rhs=<optimized out>) at ./src/api/c/assign.cpp:135
#7 0xb7865bd7 in af_assign_gen (out=0xbffff328, lhs=0x5faea0, ndims=1, indexs=0xbffff35c, rhs_=0x5fae20) at ./src/api/c/assign.cpp:223
#8 0x00429b7c in Asssign_LinearAssignGenSeq_Test::TestBody (this=0x5faf90) at ./test/assign.cpp:926
#9 0x00563605 in testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void> (location=0x574590 "the test body", method=&virtual testing::Test::TestBody(), object=0x5faf90) at /usr/src/gtest/src/gtest.cc:2402
#10 testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void> (object=0x5faf90, method=&virtual testing::Test::TestBody(), location=0x574590 "the test body") at /usr/src/gtest/src/gtest.cc:2438
#11 0x00557c0e in testing::Test::Run (this=this at entry=0x5faf90) at /usr/src/gtest/src/gtest.cc:2474
#12 0x00557ed4 in testing::Test::Run (this=0x5faf90) at /usr/src/gtest/src/gtest.cc:2466
#13 testing::TestInfo::Run (this=0x5f9410) at /usr/src/gtest/src/gtest.cc:2656
#14 0x00558087 in testing::TestInfo::Run (this=<optimized out>) at /usr/src/gtest/src/gtest.cc:2631
#15 testing::TestCase::Run (this=0x5f9230) at /usr/src/gtest/src/gtest.cc:2776
#16 0x00558695 in testing::TestCase::Run (this=<optimized out>) at /usr/src/gtest/src/gtest.cc:2762
#17 testing::internal::UnitTestImpl::RunAllTests (this=<optimized out>) at /usr/src/gtest/src/gtest.cc:4651
#18 0x0055889d in testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> (location=0x573adc "auxiliary test code (environments or event listeners)", method=<optimized out>, object=0x5ddc60) at /usr/src/gtest/src/gtest.cc:2402
#19 testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> (location=0x573adc "auxiliary test code (environments or event listeners)", method=(bool (testing::internal::UnitTestImpl::*)(testing::internal::UnitTestImpl * const)) 0x5581f0 <testing::internal::UnitTestImpl::RunAllTests()>, object=0x5ddc60) at /usr/src/gtest/src/gtest.cc:2438
#20 testing::UnitTest::Run (this=0x5c91e0 <testing::UnitTest::GetInstance()::instance>) at /usr/src/gtest/src/gtest.cc:4259
#21 0x00423f1a in RUN_ALL_TESTS () at /usr/src/gtest/include/gtest/gtest.h:2233
#22 main (argc=<optimized out>, argv=0xbffff654) at /usr/src/gtest/src/gtest_main.cc:37
With:
mc -e debian/rules
-export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all sanitize=+address
The following tests FAILED:
43 - Test_index_cpu (Failed)
78 - Test_rotate_linear_cpu (Failed)
Errors while running CTest
obj-i686-linux-gnu/test# ./index_cpu
...
[ RUN ] Indexing.SNIPPET_indexing_copy
=================================================================
==31526==ERROR: AddressSanitizer: heap-use-after-free on address 0xb0f65120 at pc 0xb66524e7 bp 0xbfd56098 sp 0xbfd5608c
READ of size 4 at 0xb0f65120 thread T0
#0 0xb66524e6 in ArrayInfo::ArrayInfo(ArrayInfo const&) src/backend/ArrayInfo.hpp:73
#1 0xb66524e6 in af_release_array src/api/c/array.cpp:182
#2 0xb75370a7 in af::index::~index() src/api/cpp/index.cpp:84
#3 0x4675bb in Indexing_SNIPPET_indexing_copy_Test::TestBody() test/index.cpp:1258
#4 0xb60b43 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402
#5 0xb60b43 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438
#6 0xb33018 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2474
#7 0xb339c3 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2466
#8 0xb339c3 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2656
#9 0xb34183 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2631
#10 0xb34183 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2776
#11 0xb35fb4 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2762
#12 0xb35fb4 in testing::internal::UnitTestImpl::RunAllTests() /usr/src/gtest/src/gtest.cc:4651
#13 0xb62143 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402
#14 0xb62143 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438
#15 0xb36ae1 in testing::UnitTest::Run() /usr/src/gtest/src/gtest.cc:4259
#16 0x466029 in RUN_ALL_TESTS() /usr/src/gtest/include/gtest/gtest.h:2233
#17 0x466029 in main /usr/src/gtest/src/gtest_main.cc:37
#18 0xb3c8a9a0 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x199a0)
#19 0x466105 (/home/benutzer/arrayfire/orig/arrayfire-3.3.2+dfsg1/obj-i686-linux-gnu/test/index_cpu+0x38105)
0xb0f65120 is located 0 bytes inside of 80-byte region [0xb0f65120,0xb0f65170)
freed by thread T0 here:
#0 0xb7a3b194 in operator delete(void*) (/usr/lib/i386-linux-gnu/libasan.so.4+0xe2194)
#1 0xb40e6c93 in void cpu::destroyArray<int>(cpu::Array<int>*) src/backend/cpu/Array.cpp:223
#2 0xb66523f3 in releaseHandle<int> src/api/c/handle.hpp:109
#3 0xb66523f3 in af_release_array src/api/c/array.cpp:194
#4 0xb75370a7 in af::index::~index() src/api/cpp/index.cpp:84
#5 0x46759d in Indexing_SNIPPET_indexing_copy_Test::TestBody() test/index.cpp:1259
#6 0xb60b43 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402
#7 0xb60b43 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438
#8 0xb33018 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2474
#9 0xb339c3 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2466
#10 0xb339c3 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2656
#11 0xb34183 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2631
#12 0xb34183 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2776
#13 0xb35fb4 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2762
#14 0xb35fb4 in testing::internal::UnitTestImpl::RunAllTests() /usr/src/gtest/src/gtest.cc:4651
#15 0xb62143 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402
#16 0xb62143 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438
#17 0xb36ae1 in testing::UnitTest::Run() /usr/src/gtest/src/gtest.cc:4259
#18 0x466029 in RUN_ALL_TESTS() /usr/src/gtest/include/gtest/gtest.h:2233
#19 0x466029 in main /usr/src/gtest/src/gtest_main.cc:37
#20 0xb3c8a9a0 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x199a0)
previously allocated by thread T0 here:
#0 0xb7a3a494 in operator new(unsigned int) (/usr/lib/i386-linux-gnu/libasan.so.4+0xe1494)
#1 0xb40d6c81 in cpu::Array<int>* cpu::initArray<int>() src/backend/cpu/Array.cpp:162
#2 0xb66537f4 in retainHandle<int> src/api/c/array.cpp:216
#3 0xb66537f4 in retain(void*) src/api/c/array.cpp:227
#4 0xb665d10e in af_retain_array src/api/c/array.cpp:245
#5 0xb7536690 in af::index::index(af::array const&) src/api/cpp/index.cpp:71
#6 0x467578 in Indexing_SNIPPET_indexing_copy_Test::TestBody() test/index.cpp:1259
#7 0xb60b43 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402
#8 0xb60b43 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438
#9 0xb33018 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2474
#10 0xb339c3 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2466
#11 0xb339c3 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2656
#12 0xb34183 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2631
#13 0xb34183 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2776
#14 0xb35fb4 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2762
#15 0xb35fb4 in testing::internal::UnitTestImpl::RunAllTests() /usr/src/gtest/src/gtest.cc:4651
#16 0xb62143 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402
#17 0xb62143 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438
#18 0xb36ae1 in testing::UnitTest::Run() /usr/src/gtest/src/gtest.cc:4259
#19 0x466029 in RUN_ALL_TESTS() /usr/src/gtest/include/gtest/gtest.h:2233
#20 0x466029 in main /usr/src/gtest/src/gtest_main.cc:37
#21 0xb3c8a9a0 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x199a0)
SUMMARY: AddressSanitizer: heap-use-after-free src/backend/ArrayInfo.hpp:73 in ArrayInfo::ArrayInfo(ArrayInfo const&)
Shadow bytes around the buggy address:
0x361ec9d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x361ec9e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x361ec9f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x361eca00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x361eca10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x361eca20: fa fa fa fa[fd]fd fd fd fd fd fd fd fd fd fa fa
0x361eca30: fa fa fd fd fd fd fd fd fd fd fd fd fa fa fa fa
0x361eca40: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fd fd
0x361eca50: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
0x361eca60: fd fd fd fd fd fd fa fa fa fa fd fd fd fd fd fd
0x361eca70: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==31526==ABORTING
obj-i686-linux-gnu/test# ./rotate_linear_cpu
...
[ RUN ] RotateLinear/1.Rectangle90CropRecenter
=================================================================
==31528==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xae1066a0 at pc 0xb60a1918 bp 0xbfc52eb8 sp 0xbfc52eac
READ of size 8 at 0xae1066a0 thread T0
#0 0xb60a1917 in void cpu::transform_b<double>(double*, double const*, float const*, af::dim4 const&, af::dim4 const&, af::dim4 const&, int, int, int, int, bool) src/backend/cpu/transform_interp.hpp:140
#1 0xb60a222a in void cpu::kernel::rotate<double, (af_interp_type)2>(cpu::Array<double>, cpu::Array<double>, float) src/backend/cpu/kernel/rotate.hpp:78
#2 0xb60a4c42 in void cpu::queue::enqueue<void (*)(cpu::Array<double>, cpu::Array<double>, float), cpu::Array<double>, cpu::Array<double>, float>(void (*)(cpu::Array<double>, cpu::Array<double>, float), cpu::Array<double>, cpu::Array<double>, float) src/backend/cpu/queue.hpp:65
#3 0xb60a4c42 in cpu::Array<double> cpu::rotate<double>(cpu::Array<double> const&, float, af::dim4 const&, af_interp_type) src/backend/cpu/rotate.cpp:33
#4 0xb700eb64 in rotate<double> src/api/c/rotate.cpp:24
#5 0xb700eb64 in af_rotate src/api/c/rotate.cpp:59
#6 0x7fbebf in void rotateTest<double>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, unsigned int, float, bool, bool, bool, std::vector<af_seq, std::allocator<af_seq> > const*) test/rotate_linear.cpp:74
#7 0x803459 in RotateLinear_Rectangle90CropRecenter_Test<double>::TestBody() test/rotate_linear.cpp:145
#8 0x8b14c3 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402
#9 0x8b14c3 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438
#10 0x883998 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2474
#11 0x884343 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2466
#12 0x884343 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2656
#13 0x884b03 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2631
#14 0x884b03 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2776
#15 0x886934 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2762
#16 0x886934 in testing::internal::UnitTestImpl::RunAllTests() /usr/src/gtest/src/gtest.cc:4651
#17 0x8b2ac3 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402
#18 0x8b2ac3 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438
#19 0x887461 in testing::UnitTest::Run() /usr/src/gtest/src/gtest.cc:4259
#20 0x48b1b9 in RUN_ALL_TESTS() /usr/src/gtest/include/gtest/gtest.h:2233
#21 0x48b1b9 in main /usr/src/gtest/src/gtest_main.cc:37
#22 0xb3cd19a0 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x199a0)
#23 0x48b295 (/home/benutzer/arrayfire/orig/arrayfire-3.3.2+dfsg1/obj-i686-linux-gnu/test/rotate_linear_cpu+0x31295)
0xae1066a0 is located 160 bytes to the right of 25600-byte region [0xae100200,0xae106600)
allocated by thread T0 here:
#0 0xb7a804a4 in malloc (/usr/lib/i386-linux-gnu/libasan.so.4+0xe04a4)
#1 0xb5d2193d in cpu::MemoryManager::nativeAlloc(unsigned int) src/backend/cpu/memory.cpp:66
#2 0xb667c260 in common::MemoryManager::alloc(unsigned int, bool) src/backend/MemoryManager.cpp:179
#3 0xb5d22b3e in double* cpu::memAlloc<double>(unsigned int const&) src/backend/cpu/memory.cpp:118
#4 0xb4117123 in cpu::Array<double>::Array(af::dim4) src/backend/cpu/Array.cpp:38
#5 0xb411775d in cpu::Array<double> cpu::createEmptyArray<double>(af::dim4 const&) src/backend/cpu/Array.cpp:158
#6 0xb60a3b84 in cpu::Array<double> cpu::rotate<double>(cpu::Array<double> const&, float, af::dim4 const&, af_interp_type) src/backend/cpu/rotate.cpp:26
#7 0xb700eb64 in rotate<double> src/api/c/rotate.cpp:24
#8 0xb700eb64 in af_rotate src/api/c/rotate.cpp:59
#9 0x7fbebf in void rotateTest<double>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, unsigned int, float, bool, bool, bool, std::vector<af_seq, std::allocator<af_seq> > const*) test/rotate_linear.cpp:74
#10 0x802bb9 in RotateLinear_Rectangle180NoCropRecenter_Test<double>::TestBody() test/rotate_linear.cpp:142
#11 0x8b14c3 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402
#12 0x8b14c3 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438
#13 0x883998 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2474
#14 0x884343 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2466
#15 0x884343 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2656
#16 0x884b03 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2631
#17 0x884b03 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2776
#18 0x886934 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2762
#19 0x886934 in testing::internal::UnitTestImpl::RunAllTests() /usr/src/gtest/src/gtest.cc:4651
#20 0x8b2ac3 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402
#21 0x8b2ac3 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438
#22 0x887461 in testing::UnitTest::Run() /usr/src/gtest/src/gtest.cc:4259
#23 0x48b1b9 in RUN_ALL_TESTS() /usr/src/gtest/include/gtest/gtest.h:2233
#24 0x48b1b9 in main /usr/src/gtest/src/gtest_main.cc:37
#25 0xb3cd19a0 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x199a0)
SUMMARY: AddressSanitizer: heap-buffer-overflow src/backend/cpu/transform_interp.hpp:140 in void cpu::transform_b<double>(double*, double const*, float const*, af::dim4 const&, af::dim4 const&, af::dim4 const&, int, int, int, int, bool)
Shadow bytes around the buggy address:
0x35c20c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x35c20c90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x35c20ca0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x35c20cb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x35c20cc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x35c20cd0: fa fa fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa
0x35c20ce0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x35c20cf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x35c20d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x35c20d10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x35c20d20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==31528==ABORTING
More information about the debian-science-maintainers
mailing list