Ticket #11776 (new)
Slice/Line Viewer AddressSanitizer issue
Reported by: | Federico M Pouzols | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | Release 3.5 |
Component: | GUI | Keywords: | |
Cc: | Blocked By: | ||
Blocking: | Tester: |
Description
While testing a fix for another crash apparently unrelated to this one, this was found with a build on debian that has Address Sanitizer enabled (WITH_ASAN=ON):
================================================================= ==6374==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020002d9054 at pc 0x7f4df0d25bc7 bp 0x7fffaef3d090 sp 0x7fffaef3d088 READ of size 4 at 0x6020002d9054 thread T0 #0 0x7f4df0d25bc6 in MantidQt::SliceViewer::LineViewer::updateStartEnd() (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0xc6bc6) #1 0x7f4df0d276ca in MantidQt::SliceViewer::LineViewer::setStart(Mantid::Kernel::VMDBase<float>) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0xc86ca) #2 0x7f4df0dbfe43 in MantidQt::SliceViewer::SliceViewerWindow::setLineViewerValues(QPointF, QPointF, double) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x160e43) #3 0x7f4df0dc02ec in MantidQt::SliceViewer::SliceViewerWindow::changedSlicePoint(Mantid::Kernel::VMDBase<float>) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x1612ec) #4 0x7f4df0dd52ac in MantidQt::SliceViewer::SliceViewerWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x1762ac) #5 0x7f4dee16cf4b in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x19af4b) #6 0x7f4df0dd3a7d in MantidQt::SliceViewer::SliceViewer::changedSlicePoint(Mantid::Kernel::VMDBase<float>) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x174a7d) #7 0x7f4df0d96251 in MantidQt::SliceViewer::SliceViewer::updateDisplay(bool) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x137251) #8 0x7f4df0da8762 in MantidQt::SliceViewer::SliceViewer::setWorkspace(boost::shared_ptr<Mantid::API::IMDWorkspace>) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x149762) #9 0x7f4df0dbf1d6 in MantidQt::SliceViewer::SliceViewerWindow::updateWorkspace() (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x1601d6) #10 0x7f4df0dc544f in MantidQt::SliceViewer::SliceViewerWindow::SliceViewerWindow(QString const&, QString const&, QFlags<Qt::WindowType>) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x16644f) #11 0x7f4df0a5291c in MantidQt::Factory::WidgetFactory::createSliceViewerWindow(QString const&, QString const&) (/home/fedemp/test/build-mantid/bin/libMantidQtFactory.so+0x991c) #12 0xc67b74 in MantidUI::showSliceViewer() (/home/fedemp/test/build-mantid/bin/MantidPlot+0xc67b74) #13 0xec38b3 in MantidUI::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (/home/fedemp/test/build-mantid/bin/MantidPlot+0xec38b3) #14 0x7f4dee16cf4b in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x19af4b) #15 0x7f4deee5abd0 in QAction::activated(int) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c0bd0) #16 0x7f4deee5c68b in QAction::activate(QAction::ActionEvent) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c268b) #17 0x7f4def2afeac (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x615eac) #18 0x7f4def2b4868 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x61a868) #19 0x7f4deeeb44d7 in QWidget::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x21a4d7) #20 0x7f4def2b883a in QMenu::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x61e83a) #21 0x7f4deee6129b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c729b) #22 0x7f4deee67f0e in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1cdf0e) #23 0xbec065 in MantidApplication::notify(QObject*, QEvent*) (/home/fedemp/test/build-mantid/bin/MantidPlot+0xbec065) #24 0x7f4dee157f8c in QCoreApplication::notifyInternal(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x185f8c) #25 0x7f4deee6756e in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1cd56e) #26 0x7f4deeede439 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x244439) #27 0x7f4deeedca9b in QApplication::x11ProcessEvent(_XEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x242a9b) #28 0x7f4deef05ad1 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x26bad1) #29 0x7f4de23d5c5c in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49c5c) #30 0x7f4de23d5f47 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49f47) #31 0x7f4de23d5ffb in g_main_context_iteration (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49ffb) #32 0x7f4dee1874ec in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x1b54ec) #33 0x7f4deef05b95 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x26bb95) #34 0x7f4dee156ae0 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x184ae0) #35 0x7f4dee156e44 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x184e44) #36 0x7f4dee15c8b8 in QCoreApplication::exec() (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18a8b8) #37 0x53dc51 in main (/home/fedemp/test/build-mantid/bin/MantidPlot+0x53dc51) #38 0x7f4de31cbb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) #39 0x53ebf1 (/home/fedemp/test/build-mantid/bin/MantidPlot+0x53ebf1) 0x6020002d9054 is located 0 bytes to the right of 4-byte region [0x6020002d9050,0x6020002d9054) allocated by thread T0 here: #0 0x7f4df320f11f in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5511f) #1 0x7f4df0d220ff in MantidQt::SliceViewer::LineViewer::LineViewer(QWidget*) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0xc30ff) #2 0x7f4df0dc4f48 in MantidQt::SliceViewer::SliceViewerWindow::SliceViewerWindow(QString const&, QString const&, QFlags<Qt::WindowType>) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x165f48) #3 0x7f4df0a5291c in MantidQt::Factory::WidgetFactory::createSliceViewerWindow(QString const&, QString const&) (/home/fedemp/test/build-mantid/bin/libMantidQtFactory.so+0x991c) #4 0xc67b74 in MantidUI::showSliceViewer() (/home/fedemp/test/build-mantid/bin/MantidPlot+0xc67b74) #5 0xec38b3 in MantidUI::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (/home/fedemp/test/build-mantid/bin/MantidPlot+0xec38b3) #6 0x7f4dee16cf4b in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x19af4b) #7 0x7f4deee5abd0 in QAction::activated(int) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c0bd0) SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 MantidQt::SliceViewer::LineViewer::updateStartEnd() Shadow bytes around the buggy address: 0x0c04800531b0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa 0x0c04800531c0: fa fa fd fa fa fa fd fd fa fa fd fa fa fa fd fd 0x0c04800531d0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa 0x0c04800531e0: fa fa fd fa fa fa fd fa fa fa 00 00 fa fa 00 00 0x0c04800531f0: fa fa 00 00 fa fa 00 00 fa fa fd fa fa fa 00 fa =>0x0c0480053200: fa fa fd fa fa fa 00 00 fa fa[04]fa fa fa 00 00 0x0c0480053210: fa fa 00 fa fa fa 00 00 fa fa 00 00 fa fa 00 00 0x0c0480053220: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00 0x0c0480053230: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00 0x0c0480053240: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00 0x0c0480053250: fa fa 00 00 fa fa 00 00 fa fa 00 fa fa fa 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==6374==ABORTING
Note: See
TracTickets for help on using
tickets.
This ticket has been transferred to github issue 12614