Created
July 9, 2020 11:02
-
-
Save apollo13/eb5499fc6911ddccbbfe44169f661c2d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ================================================================= | |
| ==8==ERROR: AddressSanitizer: heap-use-after-free on address 0x610000120040 at pc 0x7f693e027faf bp 0x7f694247e2c0 sp 0x7f694247e2b8 | |
| READ of size 4 at 0x610000120040 thread T86 (http-nio-0.0.0.) | |
| #0 0x7f693e027fae in fz_keep_imp include/mupdf/fitz/context.h:608 | |
| #1 0x7f693e027fae in fz_keep_page source/fitz/document.c:632 | |
| #2 0x7f693e0281d6 in fz_load_chapter_page source/fitz/document.c:521 | |
| #3 0x7f693dff2837 in Java_com_artifex_mupdf_fitz_Document_loadPage /root/work/platform/java/mupdf_native.c:5803 | |
| #4 0x7f6a9c377f89 (<unknown module>) | |
| 0x610000120040 is located 0 bytes inside of 184-byte region [0x610000120040,0x6100001200f8) | |
| freed by thread T12 (Finalizer) here: | |
| #0 0x7f6aac4418f8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4.0.0+0xd98f8) | |
| #1 0x7f693e0bbac8 in fz_free_default source/fitz/memory.c:170 | |
| #2 0x7f693e0bbceb in fz_free source/fitz/memory.c:141 | |
| #3 0x7f693e028454 in fz_drop_page source/fitz/document.c:649 | |
| #4 0x7f693dff3a83 in Java_com_artifex_mupdf_fitz_Page_finalize /root/work/platform/java/mupdf_native.c:5969 | |
| #5 0x7f6a9b9ded73 (<unknown module>) | |
| previously allocated by thread T47 (http-nio-0.0.0.) here: | |
| #0 0x7f6aac441c50 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4.0.0+0xd9c50) | |
| #1 0x7f693e0bbae7 in fz_malloc_default source/fitz/memory.c:158 | |
| #2 0x7f693e0bb67f in do_scavenging_malloc source/fitz/memory.c:29 | |
| #3 0x7f693e0bbb8a in fz_calloc source/fitz/memory.c:89 | |
| #4 0x7f693e027eac in fz_new_page_of_size source/fitz/document.c:624 | |
| #5 0x7f693e1860b0 in pdf_new_page source/pdf/pdf-page.c:932 | |
| #6 0x7f693e1860b0 in pdf_load_page source/pdf/pdf-page.c:1077 | |
| #7 0x7f693e186c11 in pdf_load_page_imp source/pdf/pdf-page.c:1137 | |
| #8 0x7f693e028046 in fz_load_chapter_page source/fitz/document.c:525 | |
| #9 0x7f693dff2837 in Java_com_artifex_mupdf_fitz_Document_loadPage /root/work/platform/java/mupdf_native.c:5803 | |
| #10 0x7f6a9cb36c8b (<unknown module>) | |
| Thread T86 (http-nio-0.0.0.) created by T56 (http-nio-0.0.0.) here: | |
| #0 0x7f6aac39f390 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4.0.0+0x37390) | |
| #1 0x7f6aa9148d87 in os::create_thread(Thread*, os::ThreadType, unsigned long) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x8bcd87) | |
| #2 0x7f6aa8f41230 in JVM_StartThread (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x6b5230) | |
| #3 0x7f6a991165e6 (<unknown module>) | |
| #4 0x7f6a991060f5 (<unknown module>) | |
| #5 0x7f6a991060f5 (<unknown module>) | |
| #6 0x7f6a9a777113 (<unknown module>) | |
| #7 0x7f6a991060f5 (<unknown module>) | |
| #8 0x7f6a9910613a (<unknown module>) | |
| #9 0x7f6a9910588f (<unknown module>) | |
| #10 0x7f6a991060f5 (<unknown module>) | |
| #11 0x7f6a9910613a (<unknown module>) | |
| #12 0x7f6a990fe4e6 (<unknown module>) | |
| #13 0x7f6aa8ef1f57 in JavaCalls::call_helper(JavaValue*, methodHandle*, JavaCallArguments*, Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x665f57) | |
| #14 0x7f6aa8ef3496 in JavaCalls::call_virtual(JavaValue*, KlassHandle, Symbol*, Symbol*, JavaCallArguments*, Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x667496) | |
| #15 0x7f6aa8ef39cf in JavaCalls::call_virtual(JavaValue*, Handle, KlassHandle, Symbol*, Symbol*, Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x6679cf) | |
| #16 0x7f6aa8f41b80 in thread_entry(JavaThread*, Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x6b5b80) | |
| #17 0x7f6aa928fda0 in JavaThread::thread_main_inner() (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0xa03da0) | |
| #18 0x7f6aa928ff0f in JavaThread::run() (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0xa03f0f) | |
| #19 0x7f6aa914b611 in java_start(Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x8bf611) | |
| #20 0x7f6aac34afa2 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7fa2) | |
| Thread T56 (http-nio-0.0.0.) created by T1 here: | |
| #0 0x7f6aac39f390 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4.0.0+0x37390) | |
| #1 0x7f6aa9148d87 in os::create_thread(Thread*, os::ThreadType, unsigned long) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x8bcd87) | |
| #2 0x7f6aa8f41230 in JVM_StartThread (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x6b5230) | |
| #3 0x7f6a991165e6 (<unknown module>) | |
| #4 0x7f6a991060f5 (<unknown module>) | |
| #5 0x7f6a991060f5 (<unknown module>) | |
| #6 0x7f6a991060f5 (<unknown module>) | |
| #7 0x7f6a991060f5 (<unknown module>) | |
| #8 0x7f6a9910613a (<unknown module>) | |
| #9 0x7f6a991060f5 (<unknown module>) | |
| #10 0x7f6a991060f5 (<unknown module>) | |
| #11 0x7f6a991060f5 (<unknown module>) | |
| #12 0x7f6a9910613a (<unknown module>) | |
| #13 0x7f6a991060f5 (<unknown module>) | |
| #14 0x7f6a9910613a (<unknown module>) | |
| #15 0x7f6a990fe4e6 (<unknown module>) | |
| #16 0x7f6aa8ef1f57 in JavaCalls::call_helper(JavaValue*, methodHandle*, JavaCallArguments*, Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x665f57) | |
| #17 0x7f6aa91b92e8 in Reflection::invoke(instanceKlassHandle, methodHandle, Handle, bool, objArrayHandle, BasicType, objArrayHandle, bool, Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x92d2e8) | |
| #18 0x7f6aa91bcf8c in Reflection::invoke_method(oopDesc*, Handle, objArrayHandle, Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x930f8c) | |
| #19 0x7f6aa8f42406 in JVM_InvokeMethod (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x6b6406) | |
| #20 0x7f6a99383844 (<unknown module>) | |
| #21 0x7f6a99385c2b (<unknown module>) | |
| #22 0x7f6a991060f5 (<unknown module>) | |
| #23 0x7f6a990fe4e6 (<unknown module>) | |
| #24 0x7f6aa8ef1f57 in JavaCalls::call_helper(JavaValue*, methodHandle*, JavaCallArguments*, Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x665f57) | |
| #25 0x7f6aa8f11f36 in jni_invoke_static(JNIEnv_*, JavaValue*, _jobject*, JNICallType, _jmethodID*, JNI_ArgumentPusher*, Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x685f36) | |
| #26 0x7f6aa8f138de in jni_CallStaticVoidMethod (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x6878de) | |
| #27 0x7f6aac133c43 in JavaMain /home/openjdk/jdk8u/jdk/src/share/bin/java.c:478 | |
| #28 0x7f6aac34afa2 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7fa2) | |
| Thread T1 created by T0 here: | |
| #0 0x7f6aac39f390 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4.0.0+0x37390) | |
| #1 0x7f6aac1377b7 in ContinueInNewThread0 /home/openjdk/jdk8u/jdk/src/solaris/bin/java_md_solinux.c:1042 | |
| #2 0x7f6aac132bc3 in ContinueInNewThread /home/openjdk/jdk8u/jdk/src/share/bin/java.c:2033 | |
| #3 0x7f6aac135ecf in JLI_Launch /home/openjdk/jdk8u/jdk/src/share/bin/java.c:304 | |
| #4 0x55ddddd51835 in main (/usr/local/openjdk-8/bin/java+0x835) | |
| #5 0x7f6aabf8a09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) | |
| Thread T12 (Finalizer) created by T1 here: | |
| #0 0x7f6aac39f390 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4.0.0+0x37390) | |
| #1 0x7f6aa9148d87 in os::create_thread(Thread*, os::ThreadType, unsigned long) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x8bcd87) | |
| #2 0x7f6aa8f41230 in JVM_StartThread (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x6b5230) | |
| #3 0x7f6a991165e6 (<unknown module>) | |
| #4 0x7f6a991060f5 (<unknown module>) | |
| #5 0x7f6a991060f5 (<unknown module>) | |
| #6 0x7f6a990fe4e6 (<unknown module>) | |
| #7 0x7f6aa8ef1f57 in JavaCalls::call_helper(JavaValue*, methodHandle*, JavaCallArguments*, Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x665f57) | |
| #8 0x7f6aa8eb4260 in InstanceKlass::call_class_initializer_impl(instanceKlassHandle, Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x628260) | |
| #9 0x7f6aa8eb4920 in InstanceKlass::initialize_impl(instanceKlassHandle, Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x628920) | |
| #10 0x7f6aa8eb4b50 in InstanceKlass::initialize(Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x628b50) | |
| #11 0x7f6aa928cae7 in Threads::create_vm(JavaVMInitArgs*, bool*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0xa00ae7) | |
| #12 0x7f6aa8f01b13 in JNI_CreateJavaVM (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x675b13) | |
| #13 0x7f6aac1336c6 in InitializeJVM /home/openjdk/jdk8u/jdk/src/share/bin/java.c:1240 | |
| #14 0x7f6aac1336c6 in JavaMain /home/openjdk/jdk8u/jdk/src/share/bin/java.c:376 | |
| #15 0x7f6aac34afa2 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7fa2) | |
| Thread T47 (http-nio-0.0.0.) created by T1 here: | |
| #0 0x7f6aac39f390 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4.0.0+0x37390) | |
| #1 0x7f6aa9148d87 in os::create_thread(Thread*, os::ThreadType, unsigned long) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x8bcd87) | |
| #2 0x7f6aa8f41230 in JVM_StartThread (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x6b5230) | |
| #3 0x7f6a991165e6 (<unknown module>) | |
| #4 0x7f6a991060f5 (<unknown module>) | |
| #5 0x7f6a991060f5 (<unknown module>) | |
| #6 0x7f6a9910588f (<unknown module>) | |
| #7 0x7f6a99105aff (<unknown module>) | |
| #8 0x7f6a991060f5 (<unknown module>) | |
| #9 0x7f6a991060f5 (<unknown module>) | |
| #10 0x7f6a991060f5 (<unknown module>) | |
| #11 0x7f6a991060f5 (<unknown module>) | |
| #12 0x7f6a9910613a (<unknown module>) | |
| #13 0x7f6a991060f5 (<unknown module>) | |
| #14 0x7f6a991060f5 (<unknown module>) | |
| #15 0x7f6a991060f5 (<unknown module>) | |
| #16 0x7f6a9910613a (<unknown module>) | |
| #17 0x7f6a991060f5 (<unknown module>) | |
| #18 0x7f6a9910613a (<unknown module>) | |
| #19 0x7f6a990fe4e6 (<unknown module>) | |
| #20 0x7f6aa8ef1f57 in JavaCalls::call_helper(JavaValue*, methodHandle*, JavaCallArguments*, Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x665f57) | |
| #21 0x7f6aa91b92e8 in Reflection::invoke(instanceKlassHandle, methodHandle, Handle, bool, objArrayHandle, BasicType, objArrayHandle, bool, Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x92d2e8) | |
| #22 0x7f6aa91bcf8c in Reflection::invoke_method(oopDesc*, Handle, objArrayHandle, Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x930f8c) | |
| #23 0x7f6aa8f42406 in JVM_InvokeMethod (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x6b6406) | |
| #24 0x7f6a99383844 (<unknown module>) | |
| #25 0x7f6a99385c2b (<unknown module>) | |
| #26 0x7f6a991060f5 (<unknown module>) | |
| #27 0x7f6a990fe4e6 (<unknown module>) | |
| #28 0x7f6aa8ef1f57 in JavaCalls::call_helper(JavaValue*, methodHandle*, JavaCallArguments*, Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x665f57) | |
| #29 0x7f6aa8f11f36 in jni_invoke_static(JNIEnv_*, JavaValue*, _jobject*, JNICallType, _jmethodID*, JNI_ArgumentPusher*, Thread*) (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x685f36) | |
| #30 0x7f6aa8f138de in jni_CallStaticVoidMethod (/usr/local/openjdk-8/jre/lib/amd64/server/libjvm.so+0x6878de) | |
| #31 0x7f6aac133c43 in JavaMain /home/openjdk/jdk8u/jdk/src/share/bin/java.c:478 | |
| #32 0x7f6aac34afa2 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7fa2) | |
| SUMMARY: AddressSanitizer: heap-use-after-free include/mupdf/fitz/context.h:608 in fz_keep_imp | |
| Shadow bytes around the buggy address: | |
| 0x0c208001bfb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| 0x0c208001bfc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| 0x0c208001bfd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| 0x0c208001bfe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| 0x0c208001bff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| =>0x0c208001c000: fa fa fa fa fa fa fa fa[fd]fd fd fd fd fd fd fd | |
| 0x0c208001c010: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa | |
| 0x0c208001c020: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd | |
| 0x0c208001c030: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa | |
| 0x0c208001c040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| 0x0c208001c050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| Shadow byte legend (one shadow byte represents 8 application bytes): | |
| Addressable: 00 | |
| Partially addressable: 01 02 03 04 05 06 07 | |
| Heap left redzone: fa | |
| Freed heap region: fd | |
| Stack left redzone: f1 | |
| Stack mid redzone: f2 | |
| Stack right redzone: f3 | |
| Stack after return: f5 | |
| Stack use after scope: f8 | |
| Global redzone: f9 | |
| Global init order: f6 | |
| Poisoned by user: f7 | |
| Container overflow: fc | |
| Array cookie: ac | |
| Intra object redzone: bb | |
| ASan internal: fe | |
| Left alloca redzone: ca | |
| Right alloca redzone: cb | |
| ==8==ABORTING |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment