Tomasz Sowa
|
865837d911
|
fixed in Space::find_child_space_const(...) - clang address sanitizer reports stack-use-after-scope
we have got a reference to a Space instead of a pointer and a local object was created and returned
==15076==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fffffffc7c0 at pc 0x000800a5d1bd bp 0x7fffffffc700 sp 0x7fffffffc6f8
READ of size 4 at 0x7fffffffc7c0 thread T0
#0 0x800a5d1bc in pt::Space::is_object() const /usr/home/tomek/roboczy/prog/pikotools/src/space/space.cpp:778:9
#1 0x800a67046 in pt::Space::get_object_field(wchar_t const*) /usr/home/tomek/roboczy/prog/pikotools/src/space/space.cpp:1519:6
#2 0x800a6761c in pt::Space::get_table(wchar_t const*) /usr/home/tomek/roboczy/prog/pikotools/src/space/space.cpp:1582:18
#3 0x800a694cb in pt::Space::find_child_space_table() /usr/home/tomek/roboczy/prog/pikotools/src/space/space.cpp:1953:9
#4 0x800855718 in Winix::TimeZone::SetTz(pt::Space&) /usr/home/tomek/roboczy/prog/winix/winixd/core/timezone.cpp:316:45
#5 0x80085b3a9 in Winix::TimeZones::ParseZones() /usr/home/tomek/roboczy/prog/winix/winixd/core/timezones.cpp:134:18
#6 0x80085c04b in Winix::TimeZones::ReadTimeZones(wchar_t const*) /usr/home/tomek/roboczy/prog/winix/winixd/core/timezones.cpp:176:3
#7 0x80085c69f in Winix::TimeZones::ReadTimeZones(std::__1::basic_string<wchar_t, std::__1::char_traits<wchar_t>, std::__1::allocator<wchar_t> > const&) /usr/home/tomek/roboczy/prog/winix/winixd/core/timezones.cpp:199:9
#8 0x80083c380 in Winix::System::ReadTimeZones() /usr/home/tomek/roboczy/prog/winix/winixd/core/system.cpp:122:13
#9 0x80083ca19 in Winix::System::Init() /usr/home/tomek/roboczy/prog/winix/winixd/core/system.cpp:172:2
#10 0x80069ce41 in Winix::App::Init() /usr/home/tomek/roboczy/prog/winix/winixd/core/app.cpp:355:9
#11 0x2de92e in main /usr/home/tomek/roboczy/prog/winix/winixd/main/main.cpp:206:11
Address 0x7fffffffc7c0 is located in stack of thread T0 at offset 128 in frame
#0 0x800a66f3f in pt::Space::get_object_field(wchar_t const*) /usr/home/tomek/roboczy/prog/pikotools/src/space/space.cpp:1518
This frame has 3 object(s):
[32, 40) 'i' (line 1521)
[64, 88) 'ref.tmp' (line 1521)
[128, 136) 'ref.tmp4' (line 1523) <== Memory access at offset 128 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope /usr/home/tomek/roboczy/prog/pikotools/src/space/space.cpp:778:9 in pt::Space::is_object() const
Shadow bytes around the buggy address:
0x4ffffffff8a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x4ffffffff8b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x4ffffffff8c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x4ffffffff8d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x4ffffffff8e0: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2
=>0x4ffffffff8f0: f8 f8 f8 f2 f2 f2 f2 f2[f8]f3 f3 f3 00 00 00 00
0x4ffffffff900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x4ffffffff910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x4ffffffff920: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2
0x4ffffffff930: f8 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x4ffffffff940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==15076==ABORTING
|
2021-06-18 18:52:24 +02:00 |