Running testsuite with -fsanitize=address fails on 1.5.0
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
liberasurecode |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
It looks like there is an underflow when running the test suite:
==3809==ERROR: AddressSanitizer: global-
READ of size 4 at 0x00000067c564 thread T0
#0 0x40a4ba in fragments_
#1 0x40a4ba in xor_hd_
#2 0x402438 in test_hd_code builtin/
#3 0x40472a in run_test builtin/
#4 0x401348 in main builtin/
#5 0x7fdb35a95f49 in __libc_start_main (/lib64/
#6 0x401449 in _start (/data/
0x00000067c564 is located 28 bytes to the left of global variable 'g_6_6_
0x00000067c564 is located 12 bytes to the right of global variable 'g_6_6_
SUMMARY: AddressSanitizer: global-
Shadow bytes around the buggy address:
0x0000800c7850: 00 04 f9 f9 f9 f9 f9 f9 00 00 00 f9 f9 f9 f9 f9
0x0000800c7860: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 f9
0x0000800c7870: f9 f9 f9 f9 00 00 00 00 04 f9 f9 f9 f9 f9 f9 f9
0x0000800c7880: 00 00 00 f9 f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9
0x0000800c7890: 00 00 00 f9 f9 f9 f9 f9 00 00 00 04 f9 f9 f9 f9
=>0x0000800c78a0: 00 00 00 f9 f9 f9 f9 f9 00 00 00 f9[f9]f9 f9 f9
0x0000800c78b0: 00 00 00 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 04
0x0000800c78c0: f9 f9 f9 f9 00 00 00 f9 f9 f9 f9 f9 00 00 00 00
0x0000800c78d0: 00 00 00 f9 f9 f9 f9 f9 00 00 00 f9 f9 f9 f9 f9
0x0000800c78e0: 00 00 00 00 00 00 04 f9 f9 f9 f9 f9 00 00 00 f9
0x0000800c78f0: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==3809==ABORTING
make: *** [Makefile:965: test] Error 1
OK, finally got around to repro'ing! For anyone not familiar with -fsanitize=address (I wasn't), you'll need to install libasan and run something like
CFLAGS= -fsanitize= address ./configure
when configuring. When running tests, I got
ERROR: AddressSanitizer: odr-violation (0x7fcbcae09020): rs_vand/ rs_galois. c:46:6
[1] size=8 'ilog_table_begin' builtin/
[2] size=8 'ilog_table_begin' rs_galois.c:46:6
These globals were registered at these points:
...
but taking the hint and running with something like
ASAN_OPTIONS= detect_ odr_violation= 0 make test
I could repro the reported issue. It took me a bit to make sense of what it was telling me -- when running the decode benchmark with k=6, m=6, hd=4 the array indexing at https:/ /opendev. org/openstack/ liberasurecode/ src/branch/ master/ src/builtin/ xor_codes/ xor_hd_ code.c# L159 could leave the bounds of g_6_6_4_ hd_code_ parity_ bms. Specifically, you could have parity_index == -1, leading to the code trying to index with [-7] (which with 4-byte ints gets us the 28-byte offset mentioned).