fixed in Space::find_child_space_const(...) - clang address sanitizer reports stack-use-after-scope
we have got a reference to a Space instead of a pointer and a local object was created and returned ==15076==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fffffffc7c0 at pc 0x000800a5d1bd bp 0x7fffffffc700 sp 0x7fffffffc6f8 READ of size 4 at 0x7fffffffc7c0 thread T0 #0 0x800a5d1bc in pt::Space::is_object() const /usr/home/tomek/roboczy/prog/pikotools/src/space/space.cpp:778:9 #1 0x800a67046 in pt::Space::get_object_field(wchar_t const*) /usr/home/tomek/roboczy/prog/pikotools/src/space/space.cpp:1519:6 #2 0x800a6761c in pt::Space::get_table(wchar_t const*) /usr/home/tomek/roboczy/prog/pikotools/src/space/space.cpp:1582:18 #3 0x800a694cb in pt::Space::find_child_space_table() /usr/home/tomek/roboczy/prog/pikotools/src/space/space.cpp:1953:9 #4 0x800855718 in Winix::TimeZone::SetTz(pt::Space&) /usr/home/tomek/roboczy/prog/winix/winixd/core/timezone.cpp:316:45 #5 0x80085b3a9 in Winix::TimeZones::ParseZones() /usr/home/tomek/roboczy/prog/winix/winixd/core/timezones.cpp:134:18 #6 0x80085c04b in Winix::TimeZones::ReadTimeZones(wchar_t const*) /usr/home/tomek/roboczy/prog/winix/winixd/core/timezones.cpp:176:3 #7 0x80085c69f in Winix::TimeZones::ReadTimeZones(std::__1::basic_string<wchar_t, std::__1::char_traits<wchar_t>, std::__1::allocator<wchar_t> > const&) /usr/home/tomek/roboczy/prog/winix/winixd/core/timezones.cpp:199:9 #8 0x80083c380 in Winix::System::ReadTimeZones() /usr/home/tomek/roboczy/prog/winix/winixd/core/system.cpp:122:13 #9 0x80083ca19 in Winix::System::Init() /usr/home/tomek/roboczy/prog/winix/winixd/core/system.cpp:172:2 #10 0x80069ce41 in Winix::App::Init() /usr/home/tomek/roboczy/prog/winix/winixd/core/app.cpp:355:9 #11 0x2de92e in main /usr/home/tomek/roboczy/prog/winix/winixd/main/main.cpp:206:11 Address 0x7fffffffc7c0 is located in stack of thread T0 at offset 128 in frame #0 0x800a66f3f in pt::Space::get_object_field(wchar_t const*) /usr/home/tomek/roboczy/prog/pikotools/src/space/space.cpp:1518 This frame has 3 object(s): [32, 40) 'i' (line 1521) [64, 88) 'ref.tmp' (line 1521) [128, 136) 'ref.tmp4' (line 1523) <== Memory access at offset 128 is inside this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-scope /usr/home/tomek/roboczy/prog/pikotools/src/space/space.cpp:778:9 in pt::Space::is_object() const Shadow bytes around the buggy address: 0x4ffffffff8a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4ffffffff8b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4ffffffff8c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4ffffffff8d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4ffffffff8e0: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2 =>0x4ffffffff8f0: f8 f8 f8 f2 f2 f2 f2 f2[f8]f3 f3 f3 00 00 00 00 0x4ffffffff900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4ffffffff910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4ffffffff920: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2 0x4ffffffff930: f8 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 0x4ffffffff940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==15076==ABORTING
This commit is contained in:
parent
6d2503ae0e
commit
865837d911
|
@ -1920,11 +1920,11 @@ const Space * Space::find_child_space_const(const wchar_t * name) const
|
|||
|
||||
if( child_table )
|
||||
{
|
||||
for(const Space & space : *child_table)
|
||||
for(const Space * space : *child_table)
|
||||
{
|
||||
if( space.is_equal(child_spaces_name, name) )
|
||||
if( space->is_equal(child_spaces_name, name) )
|
||||
{
|
||||
return &space;
|
||||
return space;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
# DO NOT DELETE
|
||||
|
||||
./main.o: convert.h mainoptionsparser.h csvparser.h
|
||||
./convert.o: convert.h test.h ../src/convert/convert.h
|
||||
./convert.o: ../src/convert/inttostr.h ../src/convert/patternreplacer.h
|
||||
./convert.o: ../src/textstream/textstream.h ../src/space/space.h
|
||||
|
@ -10,7 +9,11 @@
|
|||
./convert.o: ../src/membuffer/membuffer.h ../src/textstream/types.h
|
||||
./convert.o: ../src/convert/strtoint.h ../src/convert/text.h
|
||||
./convert.o: ../src/convert/misc.h
|
||||
./test.o: test.h
|
||||
./csvparser.o: csvparser.h ../src/csv/csvparser.h ../src/space/space.h
|
||||
./csvparser.o: ../src/textstream/types.h ../src/convert/inttostr.h
|
||||
./csvparser.o: ../src/utf8/utf8.h ../src/utf8/utf8_templates.h
|
||||
./csvparser.o: ../src/utf8/utf8_private.h test.h
|
||||
./main.o: convert.h mainoptionsparser.h csvparser.h
|
||||
./mainoptionsparser.o: mainoptionsparser.h test.h
|
||||
./mainoptionsparser.o: ../src/mainoptions/mainoptionsparser.h
|
||||
./mainoptionsparser.o: ../src/space/space.h ../src/textstream/types.h
|
||||
|
@ -23,7 +26,4 @@
|
|||
./mainoptionsparser.o: ../src/membuffer/membuffer.h ../src/textstream/types.h
|
||||
./mainoptionsparser.o: ../src/convert/strtoint.h ../src/convert/text.h
|
||||
./mainoptionsparser.o: ../src/convert/misc.h
|
||||
./csvparser.o: csvparser.h ../src/csv/csvparser.h ../src/space/space.h
|
||||
./csvparser.o: ../src/textstream/types.h ../src/convert/inttostr.h
|
||||
./csvparser.o: ../src/utf8/utf8.h ../src/utf8/utf8_templates.h
|
||||
./csvparser.o: ../src/utf8/utf8_private.h test.h
|
||||
./test.o: test.h
|
||||
|
|
Loading…
Reference in New Issue