Skip to content

Instantly share code, notes, and snippets.

@jdswinbank
Created July 19, 2019 22:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jdswinbank/f90968856ed2f809b4d42dbed0b9560f to your computer and use it in GitHub Desktop.
Save jdswinbank/f90968856ed2f809b4d42dbed0b9560f to your computer and use it in GitHub Desktop.
$ ./tests/test_spanSets
=================================================================
==57077==ERROR: AddressSanitizer: container-overflow on address 0x6110000057c0 at pc 0x00010473e01e bp 0x7ffeeb555f50 sp 0x7ffeeb555f48
WRITE of size 4 at 0x6110000057c0 thread T0
#0 0x10473e01d in SpanSet_testFunctor::test_method() AssignmentFunctors.h:24
#1 0x10473345a in SpanSet_testFunctor_invoker() test_spanSets.cc:664
#2 0x10808f8ee in boost::detail::function::function_obj_invoker0<boost::detail::forward, int>::invoke(boost::detail::function::function_buffer&) (libboost_unit_test_framework.dylib:x86_64+0xb8ee)
#3 0x10808c309 in boost::execution_monitor::catch_signals(boost::function<int ()> const&) (libboost_unit_test_framework.dylib:x86_64+0x8309)
#4 0x10808c47b in boost::execution_monitor::execute(boost::function<int ()> const&) (libboost_unit_test_framework.dylib:x86_64+0x847b)
#5 0x10808d07d in boost::execution_monitor::vexecute(boost::function<void ()> const&) (libboost_unit_test_framework.dylib:x86_64+0x907d)
#6 0x1080b7ede in boost::unit_test::unit_test_monitor_t::execute_and_translate(boost::function<void ()> const&, unsigned int) (libboost_unit_test_framework.dylib:x86_64+0x33ede)
#7 0x108098699 in boost::unit_test::framework::state::execute_test_tree(unsigned long, unsigned int, boost::unit_test::framework::state::random_generator_helper const*) (libboost_unit_test_framework.dylib:x86_64+0x14699)
#8 0x108098f3a in boost::unit_test::framework::state::execute_test_tree(unsigned long, unsigned int, boost::unit_test::framework::state::random_generator_helper const*) (libboost_unit_test_framework.dylib:x86_64+0x14f3a)
#9 0x108096a76 in boost::unit_test::framework::run(unsigned long, bool) (libboost_unit_test_framework.dylib:x86_64+0x12a76)
#10 0x1080b6cc5 in boost::unit_test::unit_test_main(bool (*)(), int, char**) (libboost_unit_test_framework.dylib:x86_64+0x32cc5)
#11 0x7fff7253f3d4 in start (libdyld.dylib:x86_64+0x163d4)
0x6110000057c0 is located 0 bytes inside of 200-byte region [0x6110000057c0,0x611000005888)
allocated by thread T0 here:
#0 0x1081a7b92 in wrap__Znwm (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x68b92)
#1 0x104741470 in std::__1::vector<lsst::geom::Point<int, 2>, std::__1::allocator<lsst::geom::Point<int, 2> > >::reserve(unsigned long) new:252
#2 0x10473ade3 in SpanSet_testFunctor::test_method() test_spanSets.cc:723
#3 0x10473345a in SpanSet_testFunctor_invoker() test_spanSets.cc:664
#4 0x10808f8ee in boost::detail::function::function_obj_invoker0<boost::detail::forward, int>::invoke(boost::detail::function::function_buffer&) (libboost_unit_test_framework.dylib:x86_64+0xb8ee)
#5 0x10808c309 in boost::execution_monitor::catch_signals(boost::function<int ()> const&) (libboost_unit_test_framework.dylib:x86_64+0x8309)
#6 0x10808c47b in boost::execution_monitor::execute(boost::function<int ()> const&) (libboost_unit_test_framework.dylib:x86_64+0x847b)
#7 0x10808d07d in boost::execution_monitor::vexecute(boost::function<void ()> const&) (libboost_unit_test_framework.dylib:x86_64+0x907d)
#8 0x1080b7ede in boost::unit_test::unit_test_monitor_t::execute_and_translate(boost::function<void ()> const&, unsigned int) (libboost_unit_test_framework.dylib:x86_64+0x33ede)
#9 0x108098699 in boost::unit_test::framework::state::execute_test_tree(unsigned long, unsigned int, boost::unit_test::framework::state::random_generator_helper const*) (libboost_unit_test_framework.dylib:x86_64+0x14699)
#10 0x108098f3a in boost::unit_test::framework::state::execute_test_tree(unsigned long, unsigned int, boost::unit_test::framework::state::random_generator_helper const*) (libboost_unit_test_framework.dylib:x86_64+0x14f3a)
#11 0x108096a76 in boost::unit_test::framework::run(unsigned long, bool) (libboost_unit_test_framework.dylib:x86_64+0x12a76)
#12 0x1080b6cc5 in boost::unit_test::unit_test_main(bool (*)(), int, char**) (libboost_unit_test_framework.dylib:x86_64+0x32cc5)
#13 0x7fff7253f3d4 in start (libdyld.dylib:x86_64+0x163d4)
HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_container_overflow=0.
If you suspect a false positive see also: https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow.
SUMMARY: AddressSanitizer: container-overflow AssignmentFunctors.h:24 in SpanSet_testFunctor::test_method()
Shadow bytes around the buggy address:
0x1c2200000aa0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x1c2200000ab0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c2200000ac0: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c2200000ad0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c2200000ae0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x1c2200000af0: fa fa fa fa fa fa fa fa[fc]fc fc fc fc fc fc fc
0x1c2200000b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
0x1c2200000b10: fc fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c2200000b20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c2200000b30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c2200000b40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==57077==ABORTING
Running 25 test cases...
==57077==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffeeb56b000; bottom 0x0001131c8000; size: 0x7ffdd83a3000 (140728231145472)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
unknown location:0: fatal error: in "SpanSet_testFunctor": signal: SIGABRT (application abort requested)
tests/test_spanSets.cc:717: last checkpoint
*** 1 failure is detected in the test module "SpanSet"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment