Ticket #11776 (new)

Opened 5 years ago

Last modified 5 years ago

Slice/Line Viewer AddressSanitizer issue

Reported by: Federico M Pouzols Owned by:
Priority: major Milestone: Release 3.5
Component: GUI Keywords:
Cc: Blocked By:
Blocking: Tester:

Description

While testing a fix for another crash apparently unrelated to this one, this was found with a build on debian that has Address Sanitizer enabled (WITH_ASAN=ON):

=================================================================
==6374==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020002d9054 at pc 0x7f4df0d25bc7 bp 0x7fffaef3d090 sp 0x7fffaef3d088
READ of size 4 at 0x6020002d9054 thread T0
    #0 0x7f4df0d25bc6 in MantidQt::SliceViewer::LineViewer::updateStartEnd() (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0xc6bc6)
    #1 0x7f4df0d276ca in MantidQt::SliceViewer::LineViewer::setStart(Mantid::Kernel::VMDBase<float>) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0xc86ca)
    #2 0x7f4df0dbfe43 in MantidQt::SliceViewer::SliceViewerWindow::setLineViewerValues(QPointF, QPointF, double) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x160e43)
    #3 0x7f4df0dc02ec in MantidQt::SliceViewer::SliceViewerWindow::changedSlicePoint(Mantid::Kernel::VMDBase<float>) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x1612ec)
    #4 0x7f4df0dd52ac in MantidQt::SliceViewer::SliceViewerWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x1762ac)
    #5 0x7f4dee16cf4b in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x19af4b)
    #6 0x7f4df0dd3a7d in MantidQt::SliceViewer::SliceViewer::changedSlicePoint(Mantid::Kernel::VMDBase<float>) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x174a7d)
    #7 0x7f4df0d96251 in MantidQt::SliceViewer::SliceViewer::updateDisplay(bool) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x137251)
    #8 0x7f4df0da8762 in MantidQt::SliceViewer::SliceViewer::setWorkspace(boost::shared_ptr<Mantid::API::IMDWorkspace>) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x149762)
    #9 0x7f4df0dbf1d6 in MantidQt::SliceViewer::SliceViewerWindow::updateWorkspace() (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x1601d6)
    #10 0x7f4df0dc544f in MantidQt::SliceViewer::SliceViewerWindow::SliceViewerWindow(QString const&, QString const&, QFlags<Qt::WindowType>) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x16644f)
    #11 0x7f4df0a5291c in MantidQt::Factory::WidgetFactory::createSliceViewerWindow(QString const&, QString const&) (/home/fedemp/test/build-mantid/bin/libMantidQtFactory.so+0x991c)
    #12 0xc67b74 in MantidUI::showSliceViewer() (/home/fedemp/test/build-mantid/bin/MantidPlot+0xc67b74)
    #13 0xec38b3 in MantidUI::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (/home/fedemp/test/build-mantid/bin/MantidPlot+0xec38b3)
    #14 0x7f4dee16cf4b in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x19af4b)
    #15 0x7f4deee5abd0 in QAction::activated(int) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c0bd0)
    #16 0x7f4deee5c68b in QAction::activate(QAction::ActionEvent) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c268b)
    #17 0x7f4def2afeac (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x615eac)
    #18 0x7f4def2b4868 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x61a868)
    #19 0x7f4deeeb44d7 in QWidget::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x21a4d7)
    #20 0x7f4def2b883a in QMenu::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x61e83a)
    #21 0x7f4deee6129b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c729b)
    #22 0x7f4deee67f0e in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1cdf0e)
    #23 0xbec065 in MantidApplication::notify(QObject*, QEvent*) (/home/fedemp/test/build-mantid/bin/MantidPlot+0xbec065)
    #24 0x7f4dee157f8c in QCoreApplication::notifyInternal(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x185f8c)
    #25 0x7f4deee6756e in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1cd56e)
    #26 0x7f4deeede439 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x244439)
    #27 0x7f4deeedca9b in QApplication::x11ProcessEvent(_XEvent*) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x242a9b)
    #28 0x7f4deef05ad1 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x26bad1)
    #29 0x7f4de23d5c5c in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49c5c)
    #30 0x7f4de23d5f47 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49f47)
    #31 0x7f4de23d5ffb in g_main_context_iteration (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49ffb)
    #32 0x7f4dee1874ec in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x1b54ec)
    #33 0x7f4deef05b95 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x26bb95)
    #34 0x7f4dee156ae0 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x184ae0)
    #35 0x7f4dee156e44 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x184e44)
    #36 0x7f4dee15c8b8 in QCoreApplication::exec() (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18a8b8)
    #37 0x53dc51 in main (/home/fedemp/test/build-mantid/bin/MantidPlot+0x53dc51)
    #38 0x7f4de31cbb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
    #39 0x53ebf1 (/home/fedemp/test/build-mantid/bin/MantidPlot+0x53ebf1)

0x6020002d9054 is located 0 bytes to the right of 4-byte region [0x6020002d9050,0x6020002d9054)
allocated by thread T0 here:
    #0 0x7f4df320f11f in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5511f)
    #1 0x7f4df0d220ff in MantidQt::SliceViewer::LineViewer::LineViewer(QWidget*) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0xc30ff)
    #2 0x7f4df0dc4f48 in MantidQt::SliceViewer::SliceViewerWindow::SliceViewerWindow(QString const&, QString const&, QFlags<Qt::WindowType>) (/home/fedemp/test/build-mantid/bin/libMantidQtSliceViewer.so+0x165f48)
    #3 0x7f4df0a5291c in MantidQt::Factory::WidgetFactory::createSliceViewerWindow(QString const&, QString const&) (/home/fedemp/test/build-mantid/bin/libMantidQtFactory.so+0x991c)
    #4 0xc67b74 in MantidUI::showSliceViewer() (/home/fedemp/test/build-mantid/bin/MantidPlot+0xc67b74)
    #5 0xec38b3 in MantidUI::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (/home/fedemp/test/build-mantid/bin/MantidPlot+0xec38b3)
    #6 0x7f4dee16cf4b in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x19af4b)
    #7 0x7f4deee5abd0 in QAction::activated(int) (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c0bd0)

SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 MantidQt::SliceViewer::LineViewer::updateStartEnd()
Shadow bytes around the buggy address:
  0x0c04800531b0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c04800531c0: fa fa fd fa fa fa fd fd fa fa fd fa fa fa fd fd
  0x0c04800531d0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c04800531e0: fa fa fd fa fa fa fd fa fa fa 00 00 fa fa 00 00
  0x0c04800531f0: fa fa 00 00 fa fa 00 00 fa fa fd fa fa fa 00 fa
=>0x0c0480053200: fa fa fd fa fa fa 00 00 fa fa[04]fa fa fa 00 00
  0x0c0480053210: fa fa 00 fa fa fa 00 00 fa fa 00 00 fa fa 00 00
  0x0c0480053220: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
  0x0c0480053230: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
  0x0c0480053240: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
  0x0c0480053250: fa fa 00 00 fa fa 00 00 fa fa 00 fa fa fa 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:           fe
==6374==ABORTING

Change History

comment:1 Changed 5 years ago by Stuart Campbell

This ticket has been transferred to github issue 12614

Note: See TracTickets for help on using tickets.