Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lac/scalapack.cc: fix an out-of-bounds write that leads to a double free #15600

Merged
merged 2 commits into from Jul 3, 2023
Merged

lac/scalapack.cc: fix an out-of-bounds write that leads to a double free #15600

merged 2 commits into from Jul 3, 2023

Conversation

tamiko
Copy link
Member

@tamiko tamiko commented Jul 3, 2023 

==1080297==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x60200003da70 in thread T0
    #0 0x55bcdd907b7d in operator delete(void*) (/srv/temp/testsuite-IQZ1b8kK/build/tests/scalapack/scalapack_06b.debug/scalapack_06b.debug+0x17cb7d)
    #1 0x7fc52a4d2047 in void std::__1::__libcpp_operator_delete[abi:v160006]<void*>(void*) /usr/include/c++/v1/new:276:3
    #2 0x7fc52a4d2047 in void std::__1::__do_deallocate_handle_size[abi:v160006]<>(void*, unsigned long) /usr/include/c++/v1/new:300:10
    #3 0x7fc52a4d2047 in std::__1::__libcpp_deallocate[abi:v160006](void*, unsigned long, unsigned long) /usr/include/c++/v1/new:316:14
    #4 0x7fc52a4d2047 in std::__1::allocator<int>::deallocate[abi:v160006](int*, unsigned long) /usr/include/c++/v1/__memory/allocator.h:131:13
    #5 0x7fc52a4d2047 in std::__1::allocator_traits<std::__1::allocator<int>>::deallocate[abi:v160006](std::__1::allocator<int>&, int*, unsigned long) /usr/include/c++/v1/__memory/allocator_traits.h:288:13
    #6 0x7fc52a4d2047 in std::__1::__split_buffer<int, std::__1::allocator<int>&>::~__split_buffer() /usr/include/c++/v1/__split_buffer:362:9
    #7 0x7fc52a4d2047 in std::__1::vector<int, std::__1::allocator<int>>::__append(unsigned long) /usr/include/c++/v1/vector:1049:5
    #8 0x7fc52a8282d2 in std::__1::vector<int, std::__1::allocator<int>>::resize(unsigned long) /usr/include/c++/v1/vector:1910:15
    #9 0x7fc52a8282d2 in dealii::ScaLAPACKMatrix<double>::eigenpairs_symmetric(bool, std::__1::pair<unsigned int, unsigned int> const&, std::__1::pair<double, double> const&) /srv/temp/testsuite-IQZ1b8kK/dealii/source/lac/scalapack.cc:1684:17
    #10 0x7fc52a826813 in dealii::ScaLAPACKMatrix<double>::eigenpairs_symmetric_by_index(std::__1::pair<unsigned int, unsigned int> const&, bool) /srv/temp/testsuite-IQZ1b8kK/dealii/source/lac/scalapack.cc:1446:12
    #11 0x55bcdd911907 in void test<double>(unsigned int, unsigned int, double) /srv/temp/testsuite-IQZ1b8kK/dealii/tests/scalapack/scalapack_06b.cc:134:21
    #12 0x55bcdd90ebc8 in main /srv/temp/testsuite-IQZ1b8kK/dealii/tests/scalapack/scalapack_06b.cc:207:9
    #13 0x7fc4f5250989  (/usr/lib64/libc.so.6+0x23989)
    #14 0x7fc4f5250a44 in __libc_start_main (/usr/lib64/libc.so.6+0x23a44)
    #15 0x55bcdd7f73f0 in _start (/srv/temp/testsuite-IQZ1b8kK/build/tests/scalapack/scalapack_06b.debug/scalapack_06b.debug+0x6c3f0)

@tamiko tamiko added the Bug label Jul 3, 2023
@tamiko tamiko force-pushed the fix_scalapack branch 2 times, most recently from 94ed0be to 76055f9 Compare July 3, 2023 01:43
@tamiko tamiko mentioned this pull request Jul 3, 2023
Merged
bangerth
bangerth approved these changes Jul 3, 2023
View reviewed changes
Copy link
Member

@bangerth bangerth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ha, that's gold. It isn't even in the actual documentation!

@bangerth
Copy link
Member

bangerth commented Jul 3, 2023

This is the right fix, but I will note that there are plenty of other places in that file where a work array is either set to one, or to lwork. What do we know about all of these other places?

@tamiko tamiko added this to the Developer workshop 2023 milestone Jul 3, 2023
@kronbichler
Copy link
Member

kronbichler commented Jul 3, 2023
edited

Indentation is off:

-       * [1] https://netlib.org/scalapack/explore-html/df/d1a/pdsyevx_8f_source.html
+       * [1]
+       * https://netlib.org/scalapack/explore-html/df/d1a/pdsyevx_8f_source.html

@tamiko
lac/scalapack.cc: fix an out-of-bounds write that leads to a double free
012f5a1 
```
==1080297==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x60200003da70 in thread T0
    #0 0x55bcdd907b7d in operator delete(void*) (/srv/temp/testsuite-IQZ1b8kK/build/tests/scalapack/scalapack_06b.debug/scalapack_06b.debug+0x17cb7d)
    #1 0x7fc52a4d2047 in void std::__1::__libcpp_operator_delete[abi:v160006]<void*>(void*) /usr/include/c++/v1/new:276:3
    #2 0x7fc52a4d2047 in void std::__1::__do_deallocate_handle_size[abi:v160006]<>(void*, unsigned long) /usr/include/c++/v1/new:300:10
    #3 0x7fc52a4d2047 in std::__1::__libcpp_deallocate[abi:v160006](void*, unsigned long, unsigned long) /usr/include/c++/v1/new:316:14
    #4 0x7fc52a4d2047 in std::__1::allocator<int>::deallocate[abi:v160006](int*, unsigned long) /usr/include/c++/v1/__memory/allocator.h:131:13
    #5 0x7fc52a4d2047 in std::__1::allocator_traits<std::__1::allocator<int>>::deallocate[abi:v160006](std::__1::allocator<int>&, int*, unsigned long) /usr/include/c++/v1/__memory/allocator_traits.h:288:13
    #6 0x7fc52a4d2047 in std::__1::__split_buffer<int, std::__1::allocator<int>&>::~__split_buffer() /usr/include/c++/v1/__split_buffer:362:9
    #7 0x7fc52a4d2047 in std::__1::vector<int, std::__1::allocator<int>>::__append(unsigned long) /usr/include/c++/v1/vector:1049:5
    #8 0x7fc52a8282d2 in std::__1::vector<int, std::__1::allocator<int>>::resize(unsigned long) /usr/include/c++/v1/vector:1910:15
    #9 0x7fc52a8282d2 in dealii::ScaLAPACKMatrix<double>::eigenpairs_symmetric(bool, std::__1::pair<unsigned int, unsigned int> const&, std::__1::pair<double, double> const&) /srv/temp/testsuite-IQZ1b8kK/dealii/source/lac/scalapack.cc:1684:17
    #10 0x7fc52a826813 in dealii::ScaLAPACKMatrix<double>::eigenpairs_symmetric_by_index(std::__1::pair<unsigned int, unsigned int> const&, bool) /srv/temp/testsuite-IQZ1b8kK/dealii/source/lac/scalapack.cc:1446:12
    #11 0x55bcdd911907 in void test<double>(unsigned int, unsigned int, double) /srv/temp/testsuite-IQZ1b8kK/dealii/tests/scalapack/scalapack_06b.cc:134:21
    #12 0x55bcdd90ebc8 in main /srv/temp/testsuite-IQZ1b8kK/dealii/tests/scalapack/scalapack_06b.cc:207:9
    #13 0x7fc4f5250989  (/usr/lib64/libc.so.6+0x23989)
    #14 0x7fc4f5250a44 in __libc_start_main (/usr/lib64/libc.so.6+0x23a44)
    #15 0x55bcdd7f73f0 in _start (/srv/temp/testsuite-IQZ1b8kK/build/tests/scalapack/scalapack_06b.debug/scalapack_06b.debug+0x6c3f0)
```
@tamiko
Copy link
Member Author

tamiko commented Jul 3, 2023

@kronbichler Fixed indentation

@tamiko tamiko merged commit 5398c13 into dealii:master Jul 3, 2023
12 of 14 checks passed
@tamiko tamiko deleted the fix_scalapack branch July 7, 2023 00:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@masterleinad masterleinad masterleinad approved these changes

@bangerth bangerth bangerth approved these changes

@kronbichler kronbichler kronbichler approved these changes

Assignees
No one assigned
Labels
Bug ready to test Reviewed and ready to merge
Projects
None yet
Milestone
Developer workshop 2023
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@tamiko @bangerth @kronbichler @masterleinad