AddressSanitizer error when logging string longer than 250 chars.

[skaae]

When running the code below with sanitizer enabled i get a
==931743==ERROR: AddressSanitizer: heap-buffer-overflow error.

The error happens if the logged string is longer than 250 characters and has at least one fmt formatted argument. In the sanitize output there is some info about 0x16ceda1 in fmt::v8::basic_memory_buffer<char, 250ul, std::allocator<char> >::grow(unsigned long) . Maybe the data that string_view msg.payload is pointing to was moved when the buffer was grown?

compiler: clang-13, ubuntu 20.04. spdlog 1.10.0

Minimal example

class FooBar : public spdlog::sinks::sink
{
  public:
    FooBar() = default;
    ~FooBar() = default;

    void log(const spdlog::details::log_msg& msg) override
    {
    };
    void flush() override {};
    void set_pattern(const std::string&) override {};
    void set_formatter(std::unique_ptr<spdlog::formatter>) override {};
};


auto logger = spdlog::create<FooBar>("logger");
logger->warn(
    "**************************************************"  // 50
    "**************************************************"  // 50
    "**************************************************"  // 50
    "**************************************************"  // 50
    "**************************************************{}"  // 51
    ,
    "1"

);

Sanitize output

=================================================================
==932428==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6130000016b7 at pc 0x000000e7efe6 bp 0x7ffd4f84d7b0 sp 0x7ffd4f84cf70
READ of size 376 at 0x6130000016b7 thread T0
    #0 0xe7efe5 in strlen (/home/skaae/code/EPEXcpp/bin/RunEpexTests+0xe7efe5)
    #1 0x7ff66f21749d in std::basic_ostream<char, std::char_traits<char> >& std::operator<<<std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&, char const*) (/lib/x86_64-linux-gnu/libstdc++.so.6+0x13849d)
    #2 0x16cb49a in twig::FooBar::log(spdlog::details::log_msg const&) /home/skaae/code/EPEXcpp/EPEX/tests/rabbit/test_error_response.cpp:240:19
    #3 0x2157104 in spdlog::logger::sink_it_(spdlog::details::log_msg const&) /home/skaae/code/EPEXcpp/vcpkg/buildtrees/spdlog/src/v1.10.0-3cbe543323.clean/include/spdlog/logger-inl.h:186:23
    #4 0x215700e in spdlog::logger::log_it_(spdlog::details::log_msg const&, bool, bool) /home/skaae/code/EPEXcpp/vcpkg/buildtrees/spdlog/src/v1.10.0-3cbe543323.clean/include/spdlog/logger-inl.h:170:9
    #5 0x16cc8f8 in void spdlog::logger::log_<char const (&) [2]>(spdlog::source_loc, spdlog::level::level_enum, fmt::v8::basic_string_view<char>, char const (&) [2]) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/spdlog/logger.h:373:13
    #6 0x16cc273 in void spdlog::logger::log<char const (&) [2]>(spdlog::source_loc, spdlog::level::level_enum, fmt::v8::basic_format_string<char, fmt::v8::type_identity<char const (&) [2]>::type>, char const (&) [2]) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/spdlog/logger.h:90:9
    #7 0x16cc042 in void spdlog::logger::log<char const (&) [2]>(spdlog::level::level_enum, fmt::v8::basic_format_string<char, fmt::v8::type_identity<char const (&) [2]>::type>, char const (&) [2]) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/spdlog/logger.h:96:9
    #8 0x16206f8 in void spdlog::logger::warn<char const (&) [2]>(fmt::v8::basic_format_string<char, fmt::v8::type_identity<char const (&) [2]>::type>, char const (&) [2]) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/spdlog/logger.h:164:9
    #9 0x1618bfb in twig::ErrorResponse_reproduce_spdlog_error_Test::TestBody() /home/skaae/code/EPEXcpp/EPEX/tests/rabbit/test_error_response.cpp:250:18
    #10 0x1fb748a in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /home/skaae/code/EPEXcpp/vcpkg/buildtrees/gtest/src/ase-1.11.0-7da4d9b2fb.clean/googletest/src/gtest.cc:2607:10
    #11 0x1f9f4f9 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /home/skaae/code/EPEXcpp/vcpkg/buildtrees/gtest/src/ase-1.11.0-7da4d9b2fb.clean/googletest/src/gtest.cc:2643:14
    #12 0x1f7a142 in testing::Test::Run() /home/skaae/code/EPEXcpp/vcpkg/buildtrees/gtest/src/ase-1.11.0-7da4d9b2fb.clean/googletest/src/gtest.cc:2682:5
    #13 0x1f7aea8 in testing::TestInfo::Run() /home/skaae/code/EPEXcpp/vcpkg/buildtrees/gtest/src/ase-1.11.0-7da4d9b2fb.clean/googletest/src/gtest.cc:2861:11
    #14 0x1f7b6c3 in testing::TestSuite::Run() /home/skaae/code/EPEXcpp/vcpkg/buildtrees/gtest/src/ase-1.11.0-7da4d9b2fb.clean/googletest/src/gtest.cc:3015:28
    #15 0x1f8c041 in testing::internal::UnitTestImpl::RunAllTests() /home/skaae/code/EPEXcpp/vcpkg/buildtrees/gtest/src/ase-1.11.0-7da4d9b2fb.clean/googletest/src/gtest.cc:5855:44
    #16 0x1fb9eea in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /home/skaae/code/EPEXcpp/vcpkg/buildtrees/gtest/src/ase-1.11.0-7da4d9b2fb.clean/googletest/src/gtest.cc:2607:10
    #17 0x1fa1b09 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /home/skaae/code/EPEXcpp/vcpkg/buildtrees/gtest/src/ase-1.11.0-7da4d9b2fb.clean/googletest/src/gtest.cc:2643:14
    #18 0x1f8bbaa in testing::UnitTest::Run() /home/skaae/code/EPEXcpp/vcpkg/buildtrees/gtest/src/ase-1.11.0-7da4d9b2fb.clean/googletest/src/gtest.cc:5438:10
    #19 0xf1bec8 in RUN_ALL_TESTS() /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/gtest/gtest.h:2490:46
    #20 0xf1bec8 in main /home/skaae/code/EPEXcpp/EPEX/tests/EpexTests.cpp:11:12
    #21 0x7ff66eef60b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16
    #22 0xe6af2d in _start (/home/skaae/code/EPEXcpp/bin/RunEpexTests+0xe6af2d)

0x6130000016b7 is located 0 bytes to the right of 375-byte region [0x613000001540,0x6130000016b7)
allocated by thread T0 here:
    #0 0xf194bd in operator new(unsigned long) (/home/skaae/code/EPEXcpp/bin/RunEpexTests+0xf194bd)
    #1 0xf1d4b8 in __gnu_cxx::new_allocator<char>::allocate(unsigned long, void const*) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/ext/new_allocator.h:121:27
    #2 0xf1d4b8 in std::allocator<char>::allocate(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/allocator.h:173:32
    #3 0xf1d4b8 in std::allocator_traits<std::allocator<char> >::allocate(std::allocator<char>&, unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/alloc_traits.h:460:20
    #4 0x16ceda1 in fmt::v8::basic_memory_buffer<char, 250ul, std::allocator<char> >::grow(unsigned long) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/fmt/format.h:791:7
    #5 0x1104216 in fmt::v8::detail::buffer<char>::try_reserve(unsigned long) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/fmt/core.h:846:35
    #6 0x1104374 in void fmt::v8::detail::buffer<char>::append<char>(char const*, char const*) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/fmt/format.h:633:5
    #7 0x1103d6e in fmt::v8::appender fmt::v8::detail::copy_str<char, char const*>(char const*, char const*, fmt::v8::appender) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/fmt/core.h:1631:22
    #8 0x16e5fb0 in fmt::v8::appender fmt::v8::detail::copy_str_noinline<char, char const*, fmt::v8::appender>(char const*, char const*, fmt::v8::appender) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/fmt/format.h:471:10
    #9 0x16e99c8 in fmt::v8::appender fmt::v8::detail::write<char, fmt::v8::appender>(fmt::v8::appender, fmt::v8::basic_string_view<char>) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/fmt/format.h:2078:8
    #10 0x16e99c8 in fmt::v8::appender fmt::v8::detail::write<char, fmt::v8::appender>(fmt::v8::appender, char const*) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/fmt/format.h:2147:11
    #11 0x16e99c8 in fmt::v8::appender fmt::v8::detail::default_arg_formatter<char>::operator()<char const*>(char const*) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/fmt/format.h:2197:12
    #12 0x16e99c8 in decltype(fp(0)) fmt::v8::visit_format_arg<fmt::v8::detail::default_arg_formatter<char>, fmt::v8::basic_format_context<fmt::v8::appender, char> >(fmt::v8::detail::default_arg_formatter<char>&&, fmt::v8::basic_format_arg<fmt::v8::basic_format_context<fmt::v8::appender, char> > const&) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/fmt/core.h:1615:12
    #13 0x16e99c8 in void fmt::v8::detail::vformat_to<char>(fmt::v8::detail::buffer<char>&, fmt::v8::basic_string_view<char>, fmt::v8::basic_format_args<fmt::v8::basic_format_context<std::conditional<std::is_same<fmt::v8::type_identity<char>::type, char>::value, fmt::v8::appender, std::back_insert_iterator<fmt::v8::detail::buffer<fmt::v8::type_identity<char>::type> > >::type, fmt::v8::type_identity<char>::type> >, fmt::v8::detail::locale_ref)::format_handler::on_replacement_field(int, char const*) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/fmt/format.h:2962:26
    #14 0x16e99c8 in char const* fmt::v8::detail::parse_replacement_field<char, void fmt::v8::detail::vformat_to<char>(fmt::v8::detail::buffer<char>&, fmt::v8::basic_string_view<char>, fmt::v8::basic_format_args<fmt::v8::basic_format_context<std::conditional<std::is_same<fmt::v8::type_identity<char>::type, char>::value, fmt::v8::appender, std::back_insert_iterator<fmt::v8::detail::buffer<fmt::v8::type_identity<char>::type> > >::type, fmt::v8::type_identity<char>::type> >, fmt::v8::detail::locale_ref)::format_handler&>(char const*, char const*, void fmt::v8::detail::vformat_to<char>(fmt::v8::detail::buffer<char>&, fmt::v8::basic_string_view<char>, fmt::v8::basic_format_args<fmt::v8::basic_format_context<std::conditional<std::is_same<fmt::v8::type_identity<char>::type, char>::value, fmt::v8::appender, std::back_insert_iterator<fmt::v8::detail::buffer<fmt::v8::type_identity<char>::type> > >::type, fmt::v8::type_identity<char>::type> >, fmt::v8::detail::locale_ref)::format_handler&) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/fmt/core.h:2591:13
    #15 0x16ce3ec in void fmt::v8::detail::parse_format_string<false, char, void fmt::v8::detail::vformat_to<char>(fmt::v8::detail::buffer<char>&, fmt::v8::basic_string_view<char>, fmt::v8::basic_format_args<fmt::v8::basic_format_context<std::conditional<std::is_same<fmt::v8::type_identity<char>::type, char>::value, fmt::v8::appender, std::back_insert_iterator<fmt::v8::detail::buffer<fmt::v8::type_identity<char>::type> > >::type, fmt::v8::type_identity<char>::type> >, fmt::v8::detail::locale_ref)::format_handler>(fmt::v8::basic_string_view<char>, void fmt::v8::detail::vformat_to<char>(fmt::v8::detail::buffer<char>&, fmt::v8::basic_string_view<char>, fmt::v8::basic_format_args<fmt::v8::basic_format_context<std::conditional<std::is_same<fmt::v8::type_identity<char>::type, char>::value, fmt::v8::appender, std::back_insert_iterator<fmt::v8::detail::buffer<fmt::v8::type_identity<char>::type> > >::type, fmt::v8::type_identity<char>::type> >, fmt::v8::detail::locale_ref)::format_handler&&) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/fmt/core.h:2660:13
    #16 0x16ce3ec in void fmt::v8::detail::vformat_to<char>(fmt::v8::detail::buffer<char>&, fmt::v8::basic_string_view<char>, fmt::v8::basic_format_args<fmt::v8::basic_format_context<std::conditional<std::is_same<fmt::v8::type_identity<char>::type, char>::value, fmt::v8::appender, std::back_insert_iterator<fmt::v8::detail::buffer<fmt::v8::type_identity<char>::type> > >::type, fmt::v8::type_identity<char>::type> >, fmt::v8::detail::locale_ref) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/fmt/format.h:2988:3
    #17 0x16cc633 in void spdlog::logger::log_<char const (&) [2]>(spdlog::source_loc, spdlog::level::level_enum, fmt::v8::basic_string_view<char>, char const (&) [2]) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/spdlog/logger.h:370:13
    #18 0x16cc273 in void spdlog::logger::log<char const (&) [2]>(spdlog::source_loc, spdlog::level::level_enum, fmt::v8::basic_format_string<char, fmt::v8::type_identity<char const (&) [2]>::type>, char const (&) [2]) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/spdlog/logger.h:90:9
    #19 0x16cc042 in void spdlog::logger::log<char const (&) [2]>(spdlog::level::level_enum, fmt::v8::basic_format_string<char, fmt::v8::type_identity<char const (&) [2]>::type>, char const (&) [2]) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/spdlog/logger.h:96:9
    #20 0x16206f8 in void spdlog::logger::warn<char const (&) [2]>(fmt::v8::basic_format_string<char, fmt::v8::type_identity<char const (&) [2]>::type>, char const (&) [2]) /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/spdlog/logger.h:164:9
    #21 0x1618bfb in twig::ErrorResponse_reproduce_spdlog_error_Test::TestBody() /home/skaae/code/EPEXcpp/EPEX/tests/rabbit/test_error_response.cpp:250:18
    #22 0x1fb748a in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /home/skaae/code/EPEXcpp/vcpkg/buildtrees/gtest/src/ase-1.11.0-7da4d9b2fb.clean/googletest/src/gtest.cc:2607:10
    #23 0x1f9f4f9 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /home/skaae/code/EPEXcpp/vcpkg/buildtrees/gtest/src/ase-1.11.0-7da4d9b2fb.clean/googletest/src/gtest.cc:2643:14
    #24 0x1f7a142 in testing::Test::Run() /home/skaae/code/EPEXcpp/vcpkg/buildtrees/gtest/src/ase-1.11.0-7da4d9b2fb.clean/googletest/src/gtest.cc:2682:5
    #25 0x1f7aea8 in testing::TestInfo::Run() /home/skaae/code/EPEXcpp/vcpkg/buildtrees/gtest/src/ase-1.11.0-7da4d9b2fb.clean/googletest/src/gtest.cc:2861:11
    #26 0x1f7b6c3 in testing::TestSuite::Run() /home/skaae/code/EPEXcpp/vcpkg/buildtrees/gtest/src/ase-1.11.0-7da4d9b2fb.clean/googletest/src/gtest.cc:3015:28
    #27 0x1f8c041 in testing::internal::UnitTestImpl::RunAllTests() /home/skaae/code/EPEXcpp/vcpkg/buildtrees/gtest/src/ase-1.11.0-7da4d9b2fb.clean/googletest/src/gtest.cc:5855:44
    #28 0x1fb9eea in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /home/skaae/code/EPEXcpp/vcpkg/buildtrees/gtest/src/ase-1.11.0-7da4d9b2fb.clean/googletest/src/gtest.cc:2607:10
    #29 0x1fa1b09 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /home/skaae/code/EPEXcpp/vcpkg/buildtrees/gtest/src/ase-1.11.0-7da4d9b2fb.clean/googletest/src/gtest.cc:2643:14
    #30 0x1f8bbaa in testing::UnitTest::Run() /home/skaae/code/EPEXcpp/vcpkg/buildtrees/gtest/src/ase-1.11.0-7da4d9b2fb.clean/googletest/src/gtest.cc:5438:10
    #31 0xf1bec8 in RUN_ALL_TESTS() /home/skaae/code/EPEXcpp/build/vcpkg_installed/x64-linux/include/gtest/gtest.h:2490:46
    #32 0xf1bec8 in main /home/skaae/code/EPEXcpp/EPEX/tests/EpexTests.cpp:11:12
    #33 0x7ff66eef60b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16

SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/skaae/code/EPEXcpp/bin/RunEpexTests+0xe7efe5) in strlen
Shadow bytes around the buggy address:
  0x0c267fff8280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c267fff8290: 00 00 00 00 00 00 00 00 00 00 05 fa fa fa fa fa
  0x0c267fff82a0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c267fff82b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c267fff82c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c267fff82d0: 00 00 00 00 00 00[07]fa fa fa fa fa fa fa fa fa
  0x0c267fff82e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c267fff82f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c267fff8300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c267fff8310: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c267fff8320: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzo

[tt4g]

I think it is a problem with fmt library.
Can you reproduce the same problem with just fmt without spdlog?

[skaae]

Thank you for your reply.
I'm not sure how to reproduce this using fmt alone? fmt::format works, but fmt::format stores the result in a string so I don't think that reproduces the problem?
spdlogs log_msg uses a string view to store the payload in string_view_t payload;. I guess the string view is the problem and I'm not sure how to store the result of an fmt expression in a string view?

[tt4g]

If the format is the cause, the following code would reproduce it.

spdlog/include/spdlog/common.h

Lines 151 to 154 in 6c95f4c

	#else // use fmt lib instead of std::format
	namespace fmt_lib = fmt;
	using string_view_t = fmt::basic_string_view<char>;

spdlog/include/spdlog/logger.h

Lines 370 to 379 in 6c95f4c

	memory_buf_t buf;
	#ifdef SPDLOG_USE_STD_FORMAT
	fmt_lib::vformat_to(std::back_inserter(buf), fmt, fmt_lib::make_format_args(std::forward<Args>(args)...));
	#else
	// seems that fmt::detail::vformat_to(buf, ...) is ~20ns faster than fmt::vformat_to(std::back_inserter(buf),..)
	fmt::detail::vformat_to(buf, fmt, fmt::make_format_args(std::forward<Args>(args)...));
	#endif
	details::log_msg log_msg(loc, name_, lvl, string_view_t(buf.data(), buf.size()));
	log_it_(log_msg, log_enabled, traceback_enabled);

using string_view_t = fmt::basic_string_view<char>;

string_view_t buf;

fmt::detail::vformat_to(buf,
    "**************************************************"  // 50
    "**************************************************"  // 50
    "**************************************************"  // 50
    "**************************************************"  // 50
    "**************************************************{}"  // 51
    ,
    fmt::make_format_args("1");

[tt4g]

BTW, the string formatted by spdlog should not contain \0 (null-terminated character) at the end.
So I ignore the detection of strlen (code not provided, but I assume it is called from std::basic_ostream called by FooBar) that expects \0 at the end.

[skaae]

thanks. I can't get the example to compile. I looked at fmts tests for vformat_to and the closets i can get to compile
is

    std::string s;
    fmt::vformat_to(std::back_inserter(s),
                    "**************************************************"  // 50
                    "**************************************************"  // 50
                    "**************************************************"  // 50
                    "**************************************************"  // 50
                    "**************************************************{}"  // 51
                    ,
                    fmt::make_format_args("1"));

Do you have inputs on compiling with string_view?

[tt4g]

Oh, I must be missing some fmt trick.
Since fmt::vformat_to(std::back_inserter(s), ...) seems to call fmt::details::vformat_to() internally, please try with your example code.

[skaae]

Making sure we are talking about the same code :)
The code below works

    std::string s;
    fmt::vformat_to(std::back_inserter(s),
                    "**************************************************"  // 50
                    "**************************************************"  // 50
                    "**************************************************"  // 50
                    "**************************************************"  // 50
                    "**************************************************{}"  // 51
                    ,
                    fmt::make_format_args("1"));

[tt4g]

I am not familiar with how to read AddressSanitizer reports, but isn't the heap-buffer-overflow caused by your FooBar passing log messages to std::basic_ostream?
I re-read the report and the heap-buffer-overflow is reported when calling strlen inside std::basic_ostream.
As noted in a previous comment, spdlog log messages are not terminated with the NULL character.

If you are passing log messages to std::cout, etc., then the cause is your code.

[skaae]

I think you are correct. I think it happens when I access payload.data().

If i do fmt::print("{}", msg.payload) then it works, but fmt::print("{}", msg.payload.data()) fails.

[tt4g]

Yes. You must pass msg.payload.data() with msg.payload.size() to C/C++ API that expect characters pointer.
Please do not directly call API that do not accept sizes.

[skaae]

great. Thank you for the help! I will close the issue.

[gabime]

Thanks @tt4g !