ASAN problem in HGCalGeomTools::radius

[Dr15Jones]

The ASAN report for CMSSW_11_3_ASAN_X_2021-03-15-2300 has many instances of

=================================================================
==6327==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300282d8c0 at pc 0x2b00888d483e bp 0x2b00c14c0d40 sp 0x2b00c14c0d38
READ of size 8 at 0x60300282d8c0 thread T7
    #0 0x2b00888d483d in HGCalGeomTools::radius(double, double, std::vector<double, std::allocator<double> > const&, std::vector<double, std::allocator<double> > const&, std::vector<double, std::allocator<double> > const&, std::vector<double, std::allocator<double> > const&, std::vector<double, std::allocator<double> > const&, std::vector<double, std::allocator<double> > const&, int, std::vector<double, std::allocator<double> >&, std::vector<double, std::allocator<double> >&, std::vector<double, std::allocator<double> >&) (/cvmfs/cms-ib.cern.ch/nweek-02672/slc7_amd64_gcc900/cms/cmssw/CMSSW_11_3_ASAN_X_2021-03-15-2300/lib/slc7_amd64_gcc900/libGeometryHGCalCommonData.so+0xdf83d)
    #1 0x2b00dd4258b1 in DDHGCalHEAlgo::constructLayers(DDLogicalPart const&, DDCompactView&) (/cvmfs/cms-ib.cern.ch/nweek-02672/slc7_amd64_gcc900/cms/cmssw/CMSSW_11_3_ASAN_X_2021-03-15-2300/lib/slc7_amd64_gcc900/pluginGeometryHGCalCommonDataPlugin.so+0x818b1)
    #2 0x2b00886abef6 in DDLAlgorithm::processElement(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, DDCompactView&) (/cvmfs/cms-ib.cern.ch/nweek-02672/slc7_amd64_gcc900/cms/cmssw/CMSSW_11_3_ASAN_X_2021-03-15-2300/lib/slc7_amd64_gcc900/libDetectorDescriptionParser.so+0x81ef6)
    #3 0x2b008875c317 in DDLSAX2FileHandler::endElement(unsigned short const*, unsigned short const*, unsigned short const*) (/cvmfs/cms-ib.cern.ch/nweek-02672/slc7_amd64_gcc900/cms/cmssw/CMSSW_11_3_ASAN_X_2021-03-15-2300/lib/slc7_amd64_gcc900/libDetectorDescriptionParser.so+0x132317)
    #4 0x2b008673f262 in xercesc_3_1::SAX2XMLReaderImpl::endElement(xercesc_3_1::XMLElementDecl const&, unsigned int, bool, unsigned short const*) xercesc/parsers/SAX2XMLReaderImpl.cpp:889
    #5 0x2b00866e7d00 in xercesc_3_1::IGXMLScanner::scanEndTag(bool&) xercesc/internal/IGXMLScanner.cpp:1178
    #6 0x2b00866ec1b9 in xercesc_3_1::IGXMLScanner::scanContent() xercesc/internal/IGXMLScanner.cpp:881
    #7 0x2b00866ec307 in xercesc_3_1::IGXMLScanner::scanDocument(xercesc_3_1::InputSource const&) xercesc/internal/IGXMLScanner.cpp:217
    #8 0x2b0086713ac1 in xercesc_3_1::XMLScanner::scanDocument(unsigned short const*) xercesc/internal/XMLScanner.cpp:400
    #9 0x2b0086713dd1 in xercesc_3_1::XMLScanner::scanDocument(char const*) xercesc/internal/XMLScanner.cpp:408
    #10 0x2b008674003d in xercesc_3_1::SAX2XMLReaderImpl::parse(char const*) xercesc/parsers/SAX2XMLReaderImpl.cpp:451
    #11 0x2b0088724a0d in DDLParser::parseFile(int const&) (/cvmfs/cms-ib.cern.ch/nweek-02672/slc7_amd64_gcc900/cms/cmssw/CMSSW_11_3_ASAN_X_2021-03-15-2300/lib/slc7_amd64_gcc900/libDetectorDescriptionParser.so+0xfaa0d)
    #12 0x2b0088727c5e in DDLParser::parse(DDLDocumentProvider const&) (/cvmfs/cms-ib.cern.ch/nweek-02672/slc7_amd64_gcc900/cms/cmssw/CMSSW_11_3_ASAN_X_2021-03-15-2300/lib/slc7_amd64_gcc900/libDetectorDescriptionParser.so+0xfdc5e)
    #13 0x2b0075407d3f in XMLIdealGeometryESSource::produce() (/cvmfs/cms-ib.cern.ch/nweek-02672/slc7_amd64_gcc900/cms/cmssw/CMSSW_11_3_ASAN_X_2021-03-15-2300/lib/slc7_amd64_gcc900/pluginGeometryReadersXMLIdealGeometryESSource.so+0x63d3f)
    #14 0x2b0075407ec1 in XMLIdealGeometryESSource::produceGeom(IdealGeometryRecord const&) (/cvmfs/cms-ib.cern.ch/nweek-02672/slc7_amd64_gcc900/cms/cmssw/CMSSW_11_3_ASAN_X_2021-03-15-2300/lib/slc7_amd64_gcc900/pluginGeometryReadersXMLIdealGeometryESSource.so+0x63ec1)
    #15 0x2b0075425239 in decltype ({parm#1}()) edm::convertException::wrap<edm::eventsetup::Callback<XMLIdealGeometryESSource, std::unique_ptr<DDCompactView, std::default_delete<DDCompactView> >, IdealGeometryRecord, edm::eventsetup::CallbackSimpleDecorator<IdealGeometryRecord> >::runProducerAsync(tbb::task_group*, std::__exception_ptr::exception_ptr const*, edm::eventsetup::EventSetupRecordImpl const*, edm::EventSetupImpl const*, edm::ServiceToken const&)::{lambda()#1}::operator()() const::{lambda()#1}>(edm::eventsetup::Callback<XMLIdealGeometryESSource, std::unique_ptr<DDCompactView, std::default_delete<DDCompactView> >, IdealGeometryRecord, edm::eventsetup::CallbackSimpleDecorator<IdealGeometryRecord> >::runProducerAsync(tbb::task_group*, std::__exception_ptr::exception_ptr const*, edm::eventsetup::EventSetupRecordImpl const*, edm::EventSetupImpl const*, edm::ServiceToken const&)::{lambda()#1}::operator()() const::{lambda()#1}) (/cvmfs/cms-ib.cern.ch/nweek-02672/slc7_amd64_gcc900/cms/cmssw/CMSSW_11_3_ASAN_X_2021-03-15-2300/lib/slc7_amd64_gcc900/pluginGeometryReadersXMLIdealGeometryESSource.so+0x81239)
    #16 0x2b0075425fb9 in edm::eventsetup::Callback<XMLIdealGeometryESSource, std::unique_ptr<DDCompactView, std::default_delete<DDCompactView> >, IdealGeometryRecord, edm::eventsetup::CallbackSimpleDecorator<IdealGeometryRecord> >::runProducerAsync(tbb::task_group*, std::__exception_ptr::exception_ptr const*, edm::eventsetup::EventSetupRecordImpl const*, edm::EventSetupImpl const*, edm::ServiceToken const&)::{lambda()#1}::operator()() const (/cvmfs/cms-ib.cern.ch/nweek-02672/slc7_amd64_gcc900/cms/cmssw/CMSSW_11_3_ASAN_X_2021-03-15-2300/lib/slc7_amd64_gcc900/pluginGeometryReadersXMLIdealGeometryESSource.so+0x81fb9)
    #17 0x2b00754349af in void edm::SerialTaskQueueChain::actionToRun<edm::eventsetup::Callback<XMLIdealGeometryESSource, std::unique_ptr<DDCompactView, std::default_delete<DDCompactView> >, IdealGeometryRecord, edm::eventsetup::CallbackSimpleDecorator<IdealGeometryRecord> >::runProducerAsync(tbb::task_group*, std::__exception_ptr::exception_ptr const*, edm::eventsetup::EventSetupRecordImpl const*, edm::EventSetupImpl const*, edm::ServiceToken const&)::{lambda()#1}&>(edm::eventsetup::Callback<XMLIdealGeometryESSource, std::unique_ptr<DDCompactView, std::default_delete<DDCompactView> >, IdealGeometryRecord, edm::eventsetup::CallbackSimpleDecorator<IdealGeometryRecord> >::runProducerAsync(tbb::task_group*, std::__exception_ptr::exception_ptr const*, edm::eventsetup::EventSetupRecordImpl const*, edm::EventSetupImpl const*, edm::ServiceToken const&)::{lambda()#1}&) (/cvmfs/cms-ib.cern.ch/nweek-02672/slc7_amd64_gcc900/cms/cmssw/CMSSW_11_3_ASAN_X_2021-03-15-2300/lib/slc7_amd64_gcc900/pluginGeometryReadersXMLIdealGeometryESSource.so+0x909af)
    #18 0x2b0075435184 in edm::SerialTaskQueue::QueuedTask<edm::SerialTaskQueueChain::push<edm::eventsetup::Callback<XMLIdealGeometryESSource, std::unique_ptr<DDCompactView, std::default_delete<DDCompactView> >, IdealGeometryRecord, edm::eventsetup::CallbackSimpleDecorator<IdealGeometryRecord> >::runProducerAsync(tbb::task_group*, std::__exception_ptr::exception_ptr const*, edm::eventsetup::EventSetupRecordImpl const*, edm::EventSetupImpl const*, edm::ServiceToken const&)::{lambda()#1}>(tbb::task_group&, edm::eventsetup::Callback<XMLIdealGeometryESSource, std::unique_ptr<DDCompactView, std::default_delete<DDCompactView> >, IdealGeometryRecord, edm::eventsetup::CallbackSimpleDecorator<IdealGeometryRecord> >::runProducerAsync(tbb::task_group*, std::__exception_ptr::exception_ptr const*, edm::eventsetup::EventSetupRecordImpl const*, edm::EventSetupImpl const*, edm::ServiceToken const&)::{lambda()#1}&&)::{lambda()#1}>::execute() (/cvmfs/cms-ib.cern.ch/nweek-02672/slc7_amd64_gcc900/cms/cmssw/CMSSW_11_3_ASAN_X_2021-03-15-2300/lib/slc7_amd64_gcc900/pluginGeometryReadersXMLIdealGeometryESSource.so+0x91184)
    #19 0x2b0061848a0a in tbb::internal::function_task<edm::SerialTaskQueue::spawn(edm::SerialTaskQueue::TaskBase&)::{lambda()#1}>::execute() (/cvmfs/cms-ib.cern.ch/nweek-02672/slc7_amd64_gcc900/cms/cmssw/CMSSW_11_3_ASAN_X_2021-03-15-2300/lib/slc7_amd64_gcc900/libFWCoreConcurrency.so+0xba0a)
    #20 0x2b0064bd526c in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::process_bypass_loop(tbb::internal::context_guard_helper<false>&, tbb::task*, long) ../../src/tbb/custom_scheduler.h:474
    #21 0x2b0064bd5755 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::local_wait_for_all(tbb::task&, tbb::task*) ../../src/tbb/custom_scheduler.h:636
    #22 0x2b0064bd38f3 in tbb::internal::co_local_wait_for_all(void*) ../../src/tbb/scheduler.h:948
    #23 0x2b0065c3d18f  (/lib64/libc.so.6+0x4818f)

0x60300282d8c0 is located 0 bytes to the right of 32-byte region [0x60300282d8a0,0x60300282d8c0)
allocated by thread T7 here:
    #0 0x2b006198b1af in operator new(unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cc:104

Thread T7 created by T0 here:
    #0 0x2b00618bb9c2 in __interceptor_pthread_create ../../../../libsanitizer/asan/asan_interceptors.cc:208
    #1 0x2b0064bc7ac8 in rml::internal::thread_monitor::launch(void* (*)(void*), void*, unsigned long) ../../src/tbb/../rml/server/thread_monitor.h:218
    #2 0x2b0064bc7ac8 in tbb::internal::rml::private_worker::wake_or_launch() ../../src/tbb/private_server.cpp:297
    #3 0x2b0064bc7ac8 in tbb::internal::rml::private_server::wake_some(int) ../../src/tbb/private_server.cpp:395
    #4 0x60c0001fd2bf  (<unknown module>)

SUMMARY: AddressSanitizer: heap-buffer-overflow (/cvmfs/cms-ib.cern.ch/nweek-02672/slc7_amd64_gcc900/cms/cmssw/CMSSW_11_3_ASAN_X_2021-03-15-2300/lib/slc7_amd64_gcc900/libGeometryHGCalCommonData.so+0xdf83d) in HGCalGeomTools::radius(double, double, std::vector<double, std::allocator<double> > const&, std::vector<double, std::allocator<double> > const&, std::vector<double, std::allocator<double> > const&, std::vector<double, std::allocator<double> > const&, std::vector<double, std::allocator<double> > const&, std::vector<double, std::allocator<double> > const&, int, std::vector<double, std::allocator<double> >&, std::vector<double, std::allocator<double> >&, std::vector<double, std::allocator<double> >&)
Shadow bytes around the buggy address:
  0x0c06804fdac0: 00 00 06 fa fa fa 00 00 02 fa fa fa fd fd fd fa
  0x0c06804fdad0: fa fa fd fd fd fd fa fa 00 00 00 00 fa fa 00 00
  0x0c06804fdae0: 00 00 fa fa 00 00 00 00 fa fa 00 00 06 fa fa fa
  0x0c06804fdaf0: 00 00 06 fa fa fa 00 00 06 fa fa fa 00 00 06 fa
  0x0c06804fdb00: fa fa 00 00 06 fa fa fa 00 00 06 fa fa fa 00 00
=>0x0c06804fdb10: 00 00 fa fa 00 00 00 00[fa]fa 00 00 00 00 fa fa
  0x0c06804fdb20: fd fd fd fa fa fa 00 00 00 04 fa fa fd fd fd fa
  0x0c06804fdb30: fa fa 00 00 06 fa fa fa 00 00 06 fa fa fa 00 00
  0x0c06804fdb40: 06 fa fa fa 00 00 06 fa fa fa 00 00 06 fa fa fa
  0x0c06804fdb50: 00 00 06 fa fa fa fd fd fd fa fa fa 00 00 00 fa
  0x0c06804fdb60: fa fa 00 00 04 fa fa fa fd fd fd fa fa fa 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==6327==ABORTING

[Dr15Jones]

assign geometry

[cmsbuild]

New categories assigned: geometry

@Dr15Jones,@cvuosalo,@mdhildreth,@makortel,@ianna,@civanch you have been requested to review this Pull request/Issue and eventually sign? Thanks

[cmsbuild]

A new Issue was created by @Dr15Jones Chris Jones.

@Dr15Jones, @dpiparo, @silviodonato, @smuzaffar, @makortel, @qliphy can you please review it and eventually sign/assign? Thanks.

cms-bot commands are listed here

[cvuosalo]

@bsunanda Could you please take a look?

[cvuosalo]

PR #33221 is a fix for this issue.

[makortel]

+geometry

This has been fixed

[cmsbuild]

This issue is fully signed and ready to be closed.