New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

It seems there is a use-after-free bug #2

Closed
mlite opened this Issue Jan 15, 2019 · 6 comments

Comments

Projects
None yet
2 participants
@mlite
Copy link

mlite commented Jan 15, 2019

Reproducing steps:

  1. I built it with my Stensal SDK (https://stensal.com), the C++ compiler should be released soon.
  2. ./surgescript examples/arguments.ss
  3. Then I saw this error message.

DTS_MSG: Stensal DTS detected a fatal program error!
DTS_MSG: Continuing the execution will cause unexpected behaviors, abort!
DTS_MSG: Access the memory block that is freed.
DTS_MSG: Diagnostic information:

  • Caution: the allocation info is correct only if the freed memory is not reused.
  • the memory block (start:0x95c9000, size:512 bytes) was allocated at
    file:/home/sbuilder/workspace/surgescript/src/surgescript/util/util.c::72, 15
  • Stack trace (most recent call first):
    -[1] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/lexer.c::451, 5
    -[2] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::306, 28
    -[3] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::766, 13
    -[4] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::727, 9
    -[5] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::1233, 9
    -[6] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::1215, 9
    -[7] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::1179, 11
    -[8] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::651, 5
    -[9] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::621, 9
    -[10] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::529, 5
    -[11] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::500, 5
    -[12] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::468, 9
    -[13] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::260, 5
    -[14] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::201, 9
    -[15] file:/home/sbuilder/workspace/surgescript/src/surgescript/runtime/vm.c::145, 12
    -[16] file:/home/sbuilder/workspace/surgescript/src/main.c::103, 9
    -[17] file:/home/sbuilder/workspace/surgescript/src/main.c::41, 32
    -[18] file:/musl-1.1.10/src/env/__libc_start_main.c::180, 11
@alemart

This comment has been minimized.

Copy link
Owner

alemart commented Jan 15, 2019

I tested the latest master with Valgrind and found no leaks, but based on your report I got a feeling of what might be happening. Can you reproduce the issue with other examples?

@mlite

This comment has been minimized.

Copy link
Author

mlite commented Jan 15, 2019

This is another example. Do you need more information?

./surgescript examples/alfred_the_npc.ss

DTS_MSG: Stensal DTS detected a fatal program error!
DTS_MSG: Continuing the execution will cause unexpected behaviors, abort!
DTS_MSG: Access the memory block that is freed.
DTS_MSG: Diagnostic information:

  • Caution: the allocation info is correct only if the freed memory is not reused.
  • the memory block (start:0x8e30de0, size:512 bytes) was allocated at
    file:/home/sbuilder/workspace/surgescript/src/surgescript/util/util.c::72, 15
  • Stack trace (most recent call first):
    -[1] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/lexer.c::451, 5
    -[2] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::306, 28
    -[3] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::766, 13
    -[4] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::727, 9
    -[5] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::1233, 9
    -[6] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::1215, 9
    -[7] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::1179, 11
    -[8] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::651, 5
    -[9] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::621, 9
    -[10] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::529, 5
    -[11] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::500, 5
    -[12] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::468, 9
    -[13] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::260, 5
    -[14] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::201, 9
    -[15] file:/home/sbuilder/workspace/surgescript/src/surgescript/runtime/vm.c::145, 12
    -[16] file:/home/sbuilder/workspace/surgescript/src/main.c::103, 9
    -[17] file:/home/sbuilder/workspace/surgescript/src/main.c::41, 32
    -[18] file:/musl-1.1.10/src/env/__libc_start_main.c::180, 11
@mlite

This comment has been minimized.

Copy link
Author

mlite commented Jan 15, 2019

one more
./surgescript examples/component.ss

DTS_MSG: Stensal DTS detected a fatal program error!
DTS_MSG: Continuing the execution will cause unexpected behaviors, abort!
DTS_MSG: Access the memory block that is freed.
DTS_MSG: Diagnostic information:

[DEBUG]dbase_offset:0x23dc365c

  • Caution: the allocation info is correct only if the freed memory is not reused.
  • the memory block (start:0x9debc10, size:1024 bytes) was allocated at
    file:/home/sbuilder/workspace/surgescript/src/surgescript/util/util.c::72, 15
  • Stack trace (most recent call first):
    -[1] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/lexer.c::451, 5
    -[2] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::306, 28
    -[3] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::766, 13
    -[4] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::727, 9
    -[5] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::607, 5
    -[6] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::597, 9
    -[7] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::528, 5
    -[8] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::500, 5
    -[9] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::468, 9
    -[10] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::260, 5
    -[11] file:/home/sbuilder/workspace/surgescript/src/surgescript/compiler/parser.c::201, 9
    -[12] file:/home/sbuilder/workspace/surgescript/src/surgescript/runtime/vm.c::145, 12
    -[13] file:/home/sbuilder/workspace/surgescript/src/main.c::103, 9
    -[14] file:/home/sbuilder/workspace/surgescript/src/main.c::41, 32
    -[15] file:/musl-1.1.10/src/env/__libc_start_main.c::180, 11
@mlite

This comment has been minimized.

Copy link
Author

mlite commented Jan 15, 2019

The following examples cause the same error.
custom_plugin.ss
getters_setters.ss
timeout.ss
unit_testing.ss

@alemart

This comment has been minimized.

Copy link
Owner

alemart commented Jan 16, 2019

There was an issue with the lexer. I just submitted a bugfix. Please see if it works for you.

@alemart alemart added the bug label Jan 16, 2019

@mlite

This comment has been minimized.

Copy link
Author

mlite commented Jan 16, 2019

Yes, it's fixed.

@mlite mlite closed this Jan 16, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment