Ticket #11776 (new)
Slice/Line Viewer AddressSanitizer issue
| Reported by: | Federico M Pouzols | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | Release 3.5 |
| Component: | GUI | Keywords: | |
| Cc: | Blocked By: | ||
| Blocking: | Tester: |
Description
While testing a fix for another crash apparently unrelated to this one, this was found with a build on debian that has Address Sanitizer enabled (WITH_ASAN=ON):
=================================================================
==6374==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020002d9054 at pc 0x7f4df0d25bc7 bp 0x7fffaef3d090 sp 0x7fffaef3d088
READ of size 4 at 0x6020002d9054 thread T0
#0 0x7f4df0d25bc6 in MantidQt::SliceViewer::LineViewer::updateStartEnd() (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0xc6bc6)
#1 0x7f4df0d276ca in MantidQt::SliceViewer::LineViewer::setStart(Mantid::Kernel::VMDBase<float>) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0xc86ca)
#2 0x7f4df0dbfe43 in MantidQt::SliceViewer::SliceViewerWindow::setLineViewerValues(QPointF, QPointF, double) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x160e43)
#3 0x7f4df0dc02ec in MantidQt::SliceViewer::SliceViewerWindow::changedSlicePoint(Mantid::Kernel::VMDBase<float>) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x1612ec)
#4 0x7f4df0dd52ac in MantidQt::SliceViewer::SliceViewerWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x1762ac)
#5 0x7f4dee16cf4b in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x19af4b)
#6 0x7f4df0dd3a7d in MantidQt::SliceViewer::SliceViewer::changedSlicePoint(Mantid::Kernel::VMDBase<float>) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x174a7d)
#7 0x7f4df0d96251 in MantidQt::SliceViewer::SliceViewer::updateDisplay(bool) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x137251)
#8 0x7f4df0da8762 in MantidQt::SliceViewer::SliceViewer::setWorkspace(boost::shared_ptr<Mantid::API::IMDWorkspace>) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x149762)
#9 0x7f4df0dbf1d6 in MantidQt::SliceViewer::SliceViewerWindow::updateWorkspace() (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x1601d6)
#10 0x7f4df0dc544f in MantidQt::SliceViewer::SliceViewerWindow::SliceViewerWindow(QString const&, QString const&, QFlags<Qt::WindowType>) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x16644f)
#11 0x7f4df0a5291c in MantidQt::Factory::WidgetFactory::createSliceViewerWindow(QString const&, QString const&) (/home/fedemp/test/build-mantid/bin/libMantidQtFactory.so+0x991c)
#12 0xc67b74 in MantidUI::showSliceViewer() (/home/fedemp/test/build-mantid/bin/MantidPlot+0xc67b74)
#13 0xec38b3 in MantidUI::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (/home/fedemp/test/build-mantid/bin/MantidPlot+0xec38b3)
#14 0x7f4dee16cf4b in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x19af4b)
#15 0x7f4deee5abd0 in QAction::activated(int) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c0bd0)
#16 0x7f4deee5c68b in QAction::activate(QAction::ActionEvent) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c268b)
#17 0x7f4def2afeac (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x615eac)
#18 0x7f4def2b4868 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x61a868)
#19 0x7f4deeeb44d7 in QWidget::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x21a4d7)
#20 0x7f4def2b883a in QMenu::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x61e83a)
#21 0x7f4deee6129b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c729b)
#22 0x7f4deee67f0e in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1cdf0e)
#23 0xbec065 in MantidApplication::notify(QObject*, QEvent*) (/home/fedemp/test/build-mantid/bin/MantidPlot+0xbec065)
#24 0x7f4dee157f8c in QCoreApplication::notifyInternal(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x185f8c)
#25 0x7f4deee6756e in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1cd56e)
#26 0x7f4deeede439 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x244439)
#27 0x7f4deeedca9b in QApplication::x11ProcessEvent(_XEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x242a9b)
#28 0x7f4deef05ad1 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x26bad1)
#29 0x7f4de23d5c5c in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49c5c)
#30 0x7f4de23d5f47 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49f47)
#31 0x7f4de23d5ffb in g_main_context_iteration (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49ffb)
#32 0x7f4dee1874ec in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x1b54ec)
#33 0x7f4deef05b95 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x26bb95)
#34 0x7f4dee156ae0 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x184ae0)
#35 0x7f4dee156e44 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x184e44)
#36 0x7f4dee15c8b8 in QCoreApplication::exec() (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18a8b8)
#37 0x53dc51 in main (/home/fedemp/test/build-mantid/bin/MantidPlot+0x53dc51)
#38 0x7f4de31cbb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#39 0x53ebf1 (/home/fedemp/test/build-mantid/bin/MantidPlot+0x53ebf1)
0x6020002d9054 is located 0 bytes to the right of 4-byte region [0x6020002d9050,0x6020002d9054)
allocated by thread T0 here:
#0 0x7f4df320f11f in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5511f)
#1 0x7f4df0d220ff in MantidQt::SliceViewer::LineViewer::LineViewer(QWidget*) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0xc30ff)
#2 0x7f4df0dc4f48 in MantidQt::SliceViewer::SliceViewerWindow::SliceViewerWindow(QString const&, QString const&, QFlags<Qt::WindowType>) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x165f48)
#3 0x7f4df0a5291c in MantidQt::Factory::WidgetFactory::createSliceViewerWindow(QString const&, QString const&) (/home/fedemp/test/build-mantid/bin/libMantidQtFactory.so+0x991c)
#4 0xc67b74 in MantidUI::showSliceViewer() (/home/fedemp/test/build-mantid/bin/MantidPlot+0xc67b74)
#5 0xec38b3 in MantidUI::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (/home/fedemp/test/build-mantid/bin/MantidPlot+0xec38b3)
#6 0x7f4dee16cf4b in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x19af4b)
#7 0x7f4deee5abd0 in QAction::activated(int) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c0bd0)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 MantidQt::SliceViewer::LineViewer::updateStartEnd()
Shadow bytes around the buggy address:
0x0c04800531b0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c04800531c0: fa fa fd fa fa fa fd fd fa fa fd fa fa fa fd fd
0x0c04800531d0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c04800531e0: fa fa fd fa fa fa fd fa fa fa 00 00 fa fa 00 00
0x0c04800531f0: fa fa 00 00 fa fa 00 00 fa fa fd fa fa fa 00 fa
=>0x0c0480053200: fa fa fd fa fa fa 00 00 fa fa[04]fa fa fa 00 00
0x0c0480053210: fa fa 00 fa fa fa 00 00 fa fa 00 00 fa fa 00 00
0x0c0480053220: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
0x0c0480053230: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
0x0c0480053240: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
0x0c0480053250: fa fa 00 00 fa fa 00 00 fa fa 00 fa fa fa 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==6374==ABORTING
Note: See
TracTickets for help on using
tickets.
This ticket has been transferred to github issue 12614