Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Coherence 1.5 #12

Merged
merged 88 commits into from Jul 15, 2015

Conversation

Projects
None yet
1 participant
@hostilefork
Copy link
Member

commented Jul 14, 2015

NOTE: This has now been merged into master. So you should switch to master branch for getting the latest Ren/C.

This is a set of commits which accomplish a goal that has significant parallel to "Coherence One" but with much grander scope. It supersedes the Coherence One PR, which is now closed.

Instead of building rebolsource (which is nearly identical to rebol/rebol on GitHub), Coherence 1.5 sought to both un-fork the Saphirion/Atronix branch Core portions... then build it under strict ANSI C89, C99, C11... also with the option to build under strict ISO C++98, C++11, and C++14. Besides building under these ranges of languages, it should do so under both GCC and Clang with zero warnings (with warnings turned up high as-is-reasonable).

As of 16-Jul-2015, Coherence 1.5 has been verified as reaching this goal for:

  • Linux 32-bit, libcc 2.11 (make make OS_ID=0.3.04)
  • Linux 64-bit (make make OS_ID=0.4.40)
  • Windows 32-bit (make make OS_ID=0.3.01)
  • (Windows 64-bit partially working, some glitches being investigated)
  • OS/X 32-bit (make make OS_ID=0.2.05)
  • OS/X 64-bit (make make OS_ID=0.2.40)

As well as:

  • ARM Linux on Raspberry Pi (make make OS_ID=0.4.21)
  • OS/X PowerPC (make make OS_ID=0.2.04)
  • HaikuOS (make make OS_ID=0.5.75)
  • ... your build configuration here ...

Here are the warnings enabled (manually in the makefile, at the moment):

--pedantic -Wextra -Wall -Wchar-subscripts -Wwrite-strings -Wdeclaration-after-statement -Wundef -Wformat=2 -Wdisabled-optimization -Wcast-qual -Wlogical-op -Wstrict-overflow=5 -Wredundant-decls -Woverflow -Wpointer-arith -Wall -Wparentheses -Wmain -Wsign-compare -Wtype-limits -Wpointer-sign

These warnings are disabled (manually in the makefile, at the moment):

-Wno-unused-variable -Wno-unused-parameter -Wno-long-long -Wno-switch

Unlike Coherence One's "monolithic patch", Coherence 1.5 consists of more than 80 individual commits. These have been rebased and sorted to present a clear narrative of related changes and their motivations; with a 50 character title and 72 character line limits on longer descriptions. This is in order to document the changes so that they could serve as a guide for Atronix to update the R3/GUI code in a similar fashion...which will ideally be switched to use Ren/C as a library.

(Note: It is not necessary for the R3/GUI to use the same methodology or level of strictness in order to use Ren/C. I'd say it's probably a good practice to follow at least some of it, though.)

Wanting Atronix to be within a stone's throw of being able to use Ren/C was one of the motivators for starting from an un-forked core of their branch. It may contain more currently than the core will ultimately need. But if a fully functioning system with users is the goal, it will be easier to work backward to a tidy core from the Atronix branch than it would be to work forward from the Rebolsource branch.

The other motivator is that the Atronix build has features people require (or might just want), most significant being:

  • Cryptography services for AES/DH in the C code, exposed to be used to implement the HTTPS protocol.
  • Foreign Function Interface implementation of ROUTINE! and STRUCT! (NOTE: Not enabled by default as the libffi library has not been extracted to build without dependence on GNU autotools etc, see comments in t-routine.c)
  • CALL with /INPUT /OUTPUT /ERROR piping under Linux and Windows (UPDATE: now HaikuOS...and very likely Mac, pending verification)
  • Serial port support under Linux and Windows
  • UDP Network Scheme
  • Ability to make use of native ("__builtin") 64-bit math, if it is available

Along with its ambitious scope, Coherence 1.5 is the outgrowth of another cycle of iteration on the reorganization and rethinking of Rebol. The goal is to meet up with modern C yet build even more standardly as C89 (with static analysis enabled through modern C++). Some of the more heavy-handed "search-and-replace" choices that needed greater subtlety were rethought in Coherence 1.5, with casting reviewed in particular. See the article Casts for the Masses (in C).

This PR was given heavy thought on how to make things simpler, clearer, and better-checked. Across the board the code is more readable than what came in, and has several notable simplifications. Each commit has notes you can click the [***] to expand and read below, or you can click on the commit to see the diff.

Here are some perhaps-interesting-in-general highlights:

  • Stepping into the code starts with decompressing the native specs. And it was already breaking rules: putting const data into a fake series (and a series considers itself the owner-and-freer of its data!) The length--already encoded in the compressed data redundantly by Rebol (which is redundant with zlib)--was put into the data again and had to be measured. The whole thing was tidied up to need no mutable casts and be simple and obvious. So let's see this wave of simplicity and correctness continue.
  • Putting Host_Lib into its own .inc file. Rebol does not have include guards on its header files, so everything can be included exactly once. While revisiting that may be worthwhile, it does have some advantages. Yet putting data definitions in a header...especially one included indirectly under switches you may not control...is confusing. For everyone who remembers the Host_Lib duplicate-symbol-or-not-defined problems linking RenCpp/RenGarden...this is going to put an end to those for good.
  • The REBCHR Quarantine. I think basically everywhere REBCHR appears is a sign of a problem. By making it a "opaque" struct in the core and its native type in the host, there's a strong alert regarding its usage...and they've been vastly pared down. Red communicates with the outside world via UTF-8, and it's likely the case that if Rebol actually needs to handle a string (vs just route it as a black box from one bit of host code to another) that it do the same.
  • memory macros inspired by C++...these help catch errors, allow us to have a C++ build, and I think they look better as well. They've been separated into parallel ALLOC and OS_ALLOC versions, and it's much more clear what to use and why.

So there's more and better comments, solid checks, and hopefully a good baseline for allowing contributors to modify with confidence... getting error feedback when they do the wrong thing instead of a silent "I dunno if that's the right routine to use here or not".

Comments are welcome, assistance even moreso.

hostilefork added some commits Jul 7, 2015

defines for gnu99 support w/Linux signal c99 POSIX
There is no siginfo_t or other types available when you compile with
--std=c89 or --std=c99 or --std=c11.  So Linux build must be compiled
with --std=gnu89 or --std=gnu99 or --std=gnu11 to get it, so long
as the signals are enabled.
assert()+Panic()+Trap() revamp for debug build
This is a comprehensive change-over for Rebol to use C's <assert.h>
and to separate assertions out from "Panics" and "Traps".  The
former definition of ASSERT in Rebol would include those asserts
in release builds (depending on the "assert level") and required
the inclusion of a "Rebol panic code".

The comments added to sys-core.h summarize the situation, and the
most observable effect (besides renaming Crash to Panic) is the
versions of Trap and Panic that indicate a DEAD_END condition.
This informs the compiler that the lack of a return on that
particular code path is intentional.  This becomes particularly
important in stronger path checking than GCC or Clang provide
by default.
Fix variable wchar_t size issues with wcslen()
wchar_t has no guaranteed size on non-Windows platforms, and in fact
I discovered on my 64-bit Linux that sizeof(wchar_t)==4.  This means
there needed to be a UCS-2/UTF-16 length checker that could handle
REBUNI.  This adds Strlen_Uni for that functionality and eliminates
the calls to wcslen().
eliminate duplicate MAX_U64 in f-random.c
It's already defined in reb-c.h
Include FINITE definitions compliant with C99
C89 and C++98 had no standard way of testing for if a number
was finite or not.  Windows and POSIX came up with their
own methods.  Finally it was standardized in C99 and C++11:

    http://en.cppreference.com/w/cpp/numeric/math/isfinite

@hostilefork hostilefork referenced this pull request Jul 14, 2015

Closed

"Coherence One" #1

@hostilefork hostilefork force-pushed the coherence-1.5 branch from 1a47ee1 to 26b9f26 Jul 14, 2015

hostilefork added some commits Jul 10, 2015

char*/REBYTE fixes with casts-for-the-masses
This commit is the logical consequences of turning on -Wpointer-size
so that REBYTE* and char* become incompatible types, and turning all
the C literal constants into 'const char *'.  Whenever a point is
reached that requires a transition, it tends to be meaningful and
worth paying attention to--as a switch from unencoded characters to
encoded UTF-8 bytes (or similar).  I wrote an article about it, which
provides a thorough overview:

    http://blog.hostilefork.com/c-casts-for-the-masses/

Not only does it improve the robustness of the code and catch potential
misunderstandings and bugs...but I think it looks better too.
Remove non-sequitur check for a bad pointer
With sophisticated address checking solutions available, it is not
useful in one random place in the code to test a pointer for validity
with "cast to integer, less than 100".  Looks to be a random one-off
piece of debug probing from a particular situation that got committed.
Non-char-or-REBYTE signed pointer fixes
I tried to batch up all the -Wpointer-sign changes that were related
into a commit together, but they're not the only types that trigger
the problem.  You'll get it on REBCNT*/REBINT*, i64*/u64*, etc.
Thought it would be easier to see these if they got their own commit.
Fix non-ANSI-compliant overlong Native_Specs
In ANSI-C when you turn on --pedantic, it informs you that there is a
maximum length of string literal that a compiler has to support.  The
number is weird: 509 characters, ostensibly for 512 and CR + LF + '\0'

    http://stackoverflow.com/questions/19365391/

This fixes that issue by encoding it as an array of hex bytes, which
silences the warning.  For simplicity and clarity, I also moved the
array's redundant length check into a separate variable.  (Note this
is triply-redundant: values from the generation process, the size
check Rebol adds onto the zlib data, and the size kept by zlib itself.)

But beyond that: stepping into the code starts with decompressing
the native specs.  It was already breaking rules: putting const
data into a fake series (and a series considers itself the owner
and freer of its data!)  This overdue simplification of the compression
This simplification gets rid of an unnecessary mutability cast putting
a const* into a temporary series' owned data.
Do Function table as an extern in make-boot.r
The table needs to be marked as extern in order for C++ to find it.
Test NONE in sys-start.r before triggering attempt
Something that strongly suggests to me that Rebol wasn't loaded up
under a debugger all that often is that there are two triggers in
sys-start.r where a failed `attempt` is likely, causing a Throw_Error
to happen.  If you've set a breakpoint on Throw_Error, you will
always be hitting those twice...which is distracting.  I'd think anyone
who was running under a debugger would get in there and fix that (it
was one of the early things I did, patching it in for Coherence 1.5).
Remove redundant host-lib.h inclusions
reb-host.h includes host-lib.h (as does sys-core.h).  So there is no
reason to redundantly include it.  I guess the reason so many files
did is because one did, and then it got copy-pasted...
Rewrite/clarify code that generates host-lib.h
The 'make-os-ext.r' code was a bit hard to follow, so I went through
and made it clearer.  While doing so, I added some explanatory comments
to describe what host-lib does and how it works.
Safer, cleaner, C++-ready memory macros
These memory allocation macros were initially motivated by wanting
to do a C++ build without putting a cast on every malloc().  However,
the macros are pretty nice in and of themselves...even if not using
C++ at all.  They make the code cleaner and help with the issue of
Rebol's requirement that you must supply the size of the allocation
you were given when freeing memory from the pool.  Under C++11, the
macros do even more checking to make sure you're freeing the type
you say you are.
Hack to get around argv[] -Wcast-qual warning in C
Although in "casts for the masses" I describe a way to leverage a C++
build to make sure your C code isn't casting away consts, it turns out
that C has a compiler warning: -Wcast-qual which can rigorously demand
you never cast away a const.  While that is going to not work for many
such codebases, Rebol can actually do it... but there's one problem
here with passing argv to execvp.  It expects char * const *, and the
desire is to pass in 'const char**'.

If it weren't just this *one* case of a warning, and they were all
over the place and unfixable, I'd say give up on -Wcast-qual and just
let the C++ build check it.  But with a single case serving as an
opportunity to turn on -Wcast-qual and -Werror to keep new instances
of casting-away const from popping up from C contributors...I feel
it's worth it to tunnel under the cast and keep the warning on.
Quarantine REBCHR as opaque in core
I describe in make-os-ext.r the gripe with REBCHR and how it seems
like a bad idea in most all the places it occurs.  A better story is
needed, but while we wait for that better story it's good to have it
quarantined and type-checked as well as possible.  This limits the
reach of REBCHR by making it a struct that can't be easily used as
a character when you're inside the core.  And in the host, it is
defined as its native type...so the host code doesn't talk about
REBCHR anywhere but the function prototypes.  It can then just pass
those to things taking the native type with no cast.

So from here on out: if one is writing Windows host code, just use
wchar_t.  And if it's other clients, just use char.  It makes more
sense and will fit in with whatever the longer-term solution is.

Also, this eliminates TCHAR usage.  TCHAR is Windows' own version of
REBCHR; a conditionally compiled type which could be a char or a
whchar_t.  It is considered obsolete, and versions of Windows that
don't have unicode support are hard to come by.  Even Windows 9x
had support retrofitted.

Point being that using TCHAR in an isolated part of the hostkit
isn't going to make Rebol work on Windows 3.1, given all the other
uses of wchar_t.  If one wanted to compile a non-GUI executable for
older Windows or DOS, one should do it with DJGPP with POSIX support.
Fix null-terminator overflowing Enbase64 array
It's taking a 65-byte entity and writing it into a 64-byte array.
This is illegal in C++, but strangely enough it is legal in C:

    http://stackoverflow.com/a/13490908/211160

Rather than bump the size up to 65 I thought it would be better
to just make it an array and clear up any ambiguity.
Patches for enabling -Wmissing-field-initializers
You can't zero a type using '= {0}' in C++ (unless it contains exactly
one element you can initialize from a zero).  Having constructors means
that it was better to err on the side of caution, since you could just
write:

    MyType m; // initialize to zero

I'm not technically sure how many of these types needed to be zeroed,
but much of the code I'm changing I have complete rewrites of anyway.
In particular, I know I've merged the zeroing into Init_Mold, so I
grouped things to remind me of that patch.  Otherwise, I just wanted
to do the simplest transformation and used CLEARS()
Patches for turning on -Wtype-limits
These are just some basic fixes that come from the compiler noticing
when you have an unsigned type and test if it's less than zero, or
other things of that sort.  It's a good check to have on!

Note the weird situation with WAIT_OBJECT_0.  The WinApi has
effectively defined another name for 0, which means you may be
tempted to make sure your result is in a range starting with the
value of WAIT_OBJECT_0.  But now you're testing for something being
greater than zero...which an unsigned value of DWORD always will be.
I took out the check, but added an assert that WAIT_OBJECT_0==0
in case it ever changes (it probably won't, but...)
Remove #pragmas for disabling warnings
One really should not use pragmas if avoidable, as they are
implementation-defined.  (At one point in time gcc would shell out
and run a game of Tetris or whatever it could find if you used one,
to make a point).

If pragmas are to be used, they should be selectively applied to work
around an issue with a specific piece of code.  These blanket pragmas
that are included by every source file and apply over the whole
codebase are better (and more clearly) done at the makefile level.
non-ROUTINE! patches for enabling -Wsign-compare
Signed and unsigned comparison rules are kind of annoying, but they
are important to know.  Quick quiz: what does this output?

    #include <stdio.h>
    int main() {
        unsigned int e = 304;
        int b = -1020;
        if (e + b > 1020) puts(">1020"); else puts("<=1020");
    }

The sum will be driven to be an unsigned value, since one addends
was unsigned.  And an unsigned value can't hold a negative number.
So it's good to be aware of these.  Sometimes the answer is that
you didn't need to mix after all, sometimes it just needs a cast
to make it explicit and call attention.

This is all the changes that weren't in ROUTINE!/STRUCT! so they
could be considered separately.
ROUTINE!-related patches for -Wsign-compare
See previous commit for notes on sign comparison, but I wanted to call
this out separately to make it easier for @ShixinZeng to look over them
Patches for turning on -Wmain in JPEG code
If you're wondering what C programmer would call a variable or struct
member 'main', now you know.  JPEG people: this is a black mark on
your record!  :-)
Patches for turning on -Wparentheses
Rebol had a macro NZ(...) for wrapping up assignments to indicate you
really meant to do an assignment and not test for equality.  But as
idioms go, I think the double-parentheses is a bit less jarring while
still calling attention to the "I didn't mean this to be an equality
test" idea:

    http://stackoverflow.com/a/5476795/211160

The NZ not-equal-zero macro is weird, and if there's going to be a
removal from programming in C and saying '!= 0' then that invites the
creation of macros for UNLESS and EITHER or all kinds of redesign of
C.  So I killed NZ and moved everything to the double-parentheses
convention, given that it is so common that there's even a warning
where the compiler checks it for you.

hostilefork added some commits Jul 14, 2015

mark 'extern' and signatures on hostkit routines
The hostkit doesn't use a mechanism like make-headers.r in order to
automatically expose routines from one .c file to another.  Externs must
be specified manually, and several were not.

Additionally, the types need to be correct in C++.  It's good to have
the check, and since these are internal to the host implementation the
fact that they have name mangling isn't a problem (so they don't need
to be extern "C").
Include rsa/rsa.h in dh.c file
Given there is a header file, it's better than redefining the prototype
Use C linkage (no name-mangling) for externs
I find surprising behavior when trying to get the linker to work a lot
of the time, and so I don't really know if I've done this the best way.
It seems sometimes specifying extern "C" linkage is needed when I
would think if both the definition and the prototype were using the
C++ name mangling they'd match up just as well.  In any case, this gets
it to link, so we'll start here.
Make #define _GNU_SOURCE conditional on C build
I don't completely understand what _GNU_SOURCE does, but without it a
C89 build does not find things like 'environ'.  If you build in C++
it comes up as a duplicate symbol, already included by the compiler.
So I put it conditional under `#ifndef __cplusplus` and it seemed to
work, so that's what it is for now.
Add missing MD5 header to generate prototype
This header means that make-headers.r will pick up MD5() and it will be
forward declared the way other internal functions are.
C89 compatiblity and -Woverflow bitfield fix
There are only 3 legal types to use in C89 bitfields, and that's int,
signed int, and unsigned int.  Interestingly enough, if you use a
REBOOL then it winds up being an overflow unless you assign it -1.

Using an unsigned int means you can do 0 and 1 as you probably intend.
Patch enumeral constant in conditional expression
When you turn warnings up, they like to tell you when you've got two
different types on a conditional.  So with `foo ? bar : baz` it thinks
you might be making a mistake if bar and baz aren't the same type.
This fixes that for __SYM_APPLY by casting it.
Add missing return in Set_Serial_Settings
Another one of those "warnings are good, use them" moments.  :-)
Use correct WinApi types (DWORD, LONG, HMODULE..)
The WinApi is pretty well standardized in terms of the types of the
arguments, so one shouldn't be passing a pointer to an 'int' when
it expects a 'DWORD' (for example).  With C++ you get notified
about the bad pointer casts and type issues, so this fixes them for
the Windows host.

Notice this calls out bugs...for instance, there were two error
handling branches in the serial code, and the second (which sent a
signal) would never be called.
Casts for MultiByteToWideChar to get Win32 build
I'm skeptical of some of the casting in here, and don't really want
to go through it with a fine-toothed comb, so I'll leave it for
@ShixinZeng and others to look through.  There's a lot going on,
along with OEM codepages (I read about it being deprecated) and
questions about the sizes of all the buffers...whether the counts are
characters or bytes, etc.

Hopefully this is a start for review to make sure all the types line
up and that it's working properly.  The type-checking should help
under the C++ build.
Conditional inclusion of serial device WIN32/LINUX
Fortunately the core does not directly refer to these devices, so the
the devices out so that they live entirely in the host and are not
registered through this table at all.  But for now, we know that the
only platforms that have serial implementations are WIN32 and LINUX.
Sync OSX and POSIX duplicated code
There's a very unfortunate duplication of code right now across hosts.
In the open source release there were two hostkits: POSIX and Windows.
Now there's:

 - Windows
 - Linux
 - OSX
 - POSIX
 - and "Porting Templates"

Much of the code is identical between Linux, OSX, and POSIX.  But the
files are just duplicated.  That porting templates is basically a copy
of the POSIX code again is even more frustrating.

Atronix has been maintaining Linux/Windows, so those are the ones that
work.  As a stop-gap measure (short of a redesign), this copies the
Linux changes as best possible to try and revive a POSIX and OSX build.

Now that we've seen what NOT to do, we can contemplate ideas for doing
this multi-platform model in a more sane way.

@hostilefork hostilefork force-pushed the coherence-1.5 branch from 88e63c8 to dffe14a Jul 15, 2015

hostilefork added a commit that referenced this pull request Jul 15, 2015

@hostilefork hostilefork merged commit e5e2d0c into master Jul 15, 2015

@hostilefork

This comment has been minimized.

Copy link
Member Author

commented Jul 15, 2015

Lessons in git: Don't use the GitHub interface to merge a pull request, then not pull it back locally, then make a patch and force commit. You'll break the connection of the PR on GitHub.

I did this, but it is merged into master now.

zsx added a commit that referenced this pull request Jul 20, 2015

Fix a heap-buffer-overflow
Found by AddressSanitizer:
==8157==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61d0000f5897 at pc 0x4816ef bp 0x7fffffffafb0 sp 0x7fffffffafa0
READ of size 1 at 0x61d0000f5897 thread T0
    #0 0x4816ee in Expand_Series ../src/core/m-series.c:138
    #1 0x4e258c in Insert_Gobs ../src/core/t-gob.c:219
    #2 0x4e7782 in T_Gob ../src/core/t-gob.c:833
    #3 0x42e26f in Do_Act ../src/core/c-function.c:338
    #4 0x42e9d8 in Do_Action ../src/core/c-function.c:396
    #5 0x41395b in Do_Next ../src/core/c-do.c:886
    #6 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #7 0x4883d6 in N_if ../src/core/n-control.c:632
    #8 0x42dd9c in Do_Native ../src/core/c-function.c:289
    #9 0x41395b in Do_Next ../src/core/c-do.c:886
    #10 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #11 0x4893c0 in N_unless ../src/core/n-control.c:792
    #12 0x42dd9c in Do_Native ../src/core/c-function.c:289
    #13 0x41395b in Do_Next ../src/core/c-do.c:886
    #14 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #15 0x488c03 in N_switch ../src/core/n-control.c:736
    #16 0x42dd9c in Do_Native ../src/core/c-function.c:289
    #17 0x41395b in Do_Next ../src/core/c-do.c:886
    #18 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #19 0x4883d6 in N_if ../src/core/n-control.c:632
    #20 0x42dd9c in Do_Native ../src/core/c-function.c:289
    #21 0x41395b in Do_Next ../src/core/c-do.c:886
    #22 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #23 0x42ea5c in Do_Function ../src/core/c-function.c:415
    #24 0x41395b in Do_Next ../src/core/c-do.c:886
    #25 0x415658 in Try_Block ../src/core/c-do.c:1083
    #26 0x4862f8 in N_attempt ../src/core/n-control.c:306
    #27 0x42dd9c in Do_Native ../src/core/c-function.c:289
    #28 0x41395b in Do_Next ../src/core/c-do.c:886
    #29 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #30 0x493bb9 in Loop_Integer ../src/core/n-loop.c:131
    #31 0x49693a in N_for ../src/core/n-loop.c:486
    #32 0x42dd9c in Do_Native ../src/core/c-function.c:289
    #33 0x41395b in Do_Next ../src/core/c-do.c:886
    #34 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #35 0x4883d6 in N_if ../src/core/n-control.c:632
    #36 0x42dd9c in Do_Native ../src/core/c-function.c:289
    #37 0x41395b in Do_Next ../src/core/c-do.c:886
    #38 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #39 0x42ea5c in Do_Function ../src/core/c-function.c:415
    #40 0x41395b in Do_Next ../src/core/c-do.c:886
    #41 0x415658 in Try_Block ../src/core/c-do.c:1083
    #42 0x488f7d in N_try ../src/core/n-control.c:760
    #43 0x42dd9c in Do_Native ../src/core/c-function.c:289
    #44 0x41395b in Do_Next ../src/core/c-do.c:886
    #45 0x4118a1 in Do_Args ../src/core/c-do.c:668
    #46 0x413700 in Do_Next ../src/core/c-do.c:879
    #47 0x4118a1 in Do_Args ../src/core/c-do.c:668
    #48 0x413700 in Do_Next ../src/core/c-do.c:879
    #49 0x414f2f in Do_Block_Value_Throw ../src/core/c-do.c:1048
    #50 0x5725ac in Parse_Rules_Loop ../src/core/u-parse.c:830
    #51 0x5731f8 in Parse_Rules_Loop ../src/core/u-parse.c:927
    #52 0x56c799 in Parse_Series ../src/core/u-parse.c:96
    #53 0x576950 in N_parse ../src/core/u-parse.c:1269
    #54 0x42dd9c in Do_Native ../src/core/c-function.c:289
    #55 0x41395b in Do_Next ../src/core/c-do.c:886
    #56 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #57 0x4883d6 in N_if ../src/core/n-control.c:632
    #58 0x42dd9c in Do_Native ../src/core/c-function.c:289
    #59 0x41395b in Do_Next ../src/core/c-do.c:886
    #60 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #61 0x42ea5c in Do_Function ../src/core/c-function.c:415
    #62 0x41395b in Do_Next ../src/core/c-do.c:886
    #63 0x415658 in Try_Block ../src/core/c-do.c:1083
    #64 0x4862f8 in N_attempt ../src/core/n-control.c:306
    #65 0x42dd9c in Do_Native ../src/core/c-function.c:289
    #66 0x41395b in Do_Next ../src/core/c-do.c:886
    #67 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #68 0x487b91 in N_do ../src/core/n-control.c:524
    #69 0x42dd9c in Do_Native ../src/core/c-function.c:289
    #70 0x41395b in Do_Next ../src/core/c-do.c:886
    #71 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #72 0x487fcb in N_either ../src/core/n-control.c:598
    #73 0x42dd9c in Do_Native ../src/core/c-function.c:289
    #74 0x41395b in Do_Next ../src/core/c-do.c:886
    #75 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #76 0x487fcb in N_either ../src/core/n-control.c:598
    #77 0x42dd9c in Do_Native ../src/core/c-function.c:289
    #78 0x41395b in Do_Next ../src/core/c-do.c:886
    #79 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #80 0x487fcb in N_either ../src/core/n-control.c:598
    #81 0x42dd9c in Do_Native ../src/core/c-function.c:289
    #82 0x41395b in Do_Next ../src/core/c-do.c:886
    #83 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #84 0x42ea5c in Do_Function ../src/core/c-function.c:415
    #85 0x4198c2 in Apply_Function ../src/core/c-do.c:1524
    #86 0x419fa8 in Do_Sys_Func ../src/core/c-do.c:1584
    #87 0x41e406 in Init_Mezz ../src/core/c-do.c:2313
    #88 0x405fd3 in RL_Start ../src/core/a-lib.c:167
    #89 0x59d1f7 in main ../src/os/host-main.c:231
    #90 0x7ffff571403f in __libc_start_main (/usr/lib/libc.so.6+0x2003f)
    #91 0x405858 (/home/zsx/work/r3.git/make/r3-view-linux+0x405858)

0x61d0000f5897 is located 7 bytes to the right of 2064-byte region [0x61d0000f5080,0x61d0000f5890)
allocated by thread T0 here:
    #0 0x7ffff6f56b77 in __interceptor_malloc (/usr/lib/libasan.so.1+0x57b77)
    #1 0x47c300 in Make_Mem ../src/core/m-pools.c:125
    #2 0x47ca2f in Fill_Pool ../src/core/m-pools.c:233
    #3 0x47d80c in Make_Series ../src/core/m-pools.c:388
    #4 0x4826f3 in Copy_Series ../src/core/m-series.c:261
    #5 0x43ca14 in Copy_Deep_Values ../src/core/f-blocks.c:131
    #6 0x43cb82 in Copy_Deep_Values ../src/core/f-blocks.c:136
    #7 0x43cb82 in Copy_Deep_Values ../src/core/f-blocks.c:136
    #8 0x43cb82 in Copy_Deep_Values ../src/core/f-blocks.c:136
    #9 0x43cb82 in Copy_Deep_Values ../src/core/f-blocks.c:136
    #10 0x43cb82 in Copy_Deep_Values ../src/core/f-blocks.c:136
    #11 0x43cb82 in Copy_Deep_Values ../src/core/f-blocks.c:136
    #12 0x43cb82 in Copy_Deep_Values ../src/core/f-blocks.c:136
    #13 0x43cb82 in Copy_Deep_Values ../src/core/f-blocks.c:136
    #14 0x43cb82 in Copy_Deep_Values ../src/core/f-blocks.c:136
    #15 0x43cb82 in Copy_Deep_Values ../src/core/f-blocks.c:136
    #16 0x43cb82 in Copy_Deep_Values ../src/core/f-blocks.c:136
    #17 0x43cd30 in Copy_Block_Values ../src/core/f-blocks.c:159
    #18 0x43cd9f in Clone_Block ../src/core/f-blocks.c:174
    #19 0x42db12 in Clone_Function ../src/core/c-function.c:266
    #20 0x43cc00 in Copy_Deep_Values ../src/core/f-blocks.c:139
    #21 0x43cd30 in Copy_Block_Values ../src/core/f-blocks.c:159
    #22 0x4fd371 in T_Object ../src/core/t-object.c:364
    #23 0x42e26f in Do_Act ../src/core/c-function.c:338
    #24 0x42e9d8 in Do_Action ../src/core/c-function.c:396
    #25 0x41395b in Do_Next ../src/core/c-do.c:886
    #26 0x4133cc in Do_Next ../src/core/c-do.c:860
    #27 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #28 0x493bb9 in Loop_Integer ../src/core/n-loop.c:131
    #29 0x49693a in N_for ../src/core/n-loop.c:486

SUMMARY: AddressSanitizer: heap-buffer-overflow ../src/core/m-series.c:138 Expand_Series
Shadow bytes around the buggy address:
  0x0c3a80016ac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c3a80016ad0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c3a80016ae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c3a80016af0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c3a80016b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c3a80016b10: 00 00[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a80016b20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a80016b30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a80016b40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a80016b50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c3a80016b60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:           fe
==8157==ABORTING

This is happening because "GOB_TAIL(gob) = count" sets the tail of a
series with length of "count" to be "count", and Expand_Series expects
a terminator in the series. (m-series.c:90 size  = (series->tail + 1) * wide;)

zsx added a commit that referenced this pull request Jul 20, 2015

Fix a memory leak
Reported by AddressSanitizer of GCC:
Direct leak of 970518528 byte(s) in 947772 object(s) allocated from:
    #0 0x7f505036363f in operator new[](unsigned long) (/usr/lib/libasan.so.1+0x5863f)
    #1 0x65676f in agg::agg_graphics::agg_gradient_pen(int, double, double, double, double, double, double, double, unsigned char*, double*, int) ../src/agg/agg_graphics.cpp:1306
    #2 0x5fe247 in rebdrw_gradient_pen ../src/os/host-draw-api-agg.cpp:184
    #3 0x5f8834 in RXD_Draw ../src/os/host-draw.c:294
    #4 0x45cd8e in Do_Commands ../src/core/f-extension.c:579
    #5 0x40680d in RL_Do_Commands ../src/core/a-lib.c:376
    #6 0x603d21 in rebdrw_gob_draw ../src/os/host-draw-api-agg.cpp:567
    #7 0x60c732 in process_gobs ../src/os/linux/host-compositor.c:520
    #8 0x60cb55 in process_gobs ../src/os/linux/host-compositor.c:559
    #9 0x60cb55 in process_gobs ../src/os/linux/host-compositor.c:559
    #10 0x60cb55 in process_gobs ../src/os/linux/host-compositor.c:559
    #11 0x60cb55 in process_gobs ../src/os/linux/host-compositor.c:559
    #12 0x60f753 in rebcmp_compose ../src/os/linux/host-compositor.c:685
    #13 0x5e8299 in Draw_Window ../src/os/host-view.c:225
    #14 0x5e8682 in Show_Gob ../src/os/host-view.c:288
    #15 0x5e8b58 in RXD_Graphics ../src/os/host-view.c:346
    #16 0x45bf75 in Do_Command ../src/core/f-extension.c:456
    #17 0x41395b in Do_Next ../src/core/c-do.c:886
    #18 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #19 0x42ea5c in Do_Function ../src/core/c-function.c:415
    #20 0x41395b in Do_Next ../src/core/c-do.c:886
    #21 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #22 0x42ea5c in Do_Function ../src/core/c-function.c:415
    #23 0x41395b in Do_Next ../src/core/c-do.c:886
    #24 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #25 0x4883d6 in N_if ../src/core/n-control.c:632
    #26 0x42dd9c in Do_Native ../src/core/c-function.c:289
    #27 0x41395b in Do_Next ../src/core/c-do.c:886
    #28 0x414b73 in Do_Blk ../src/core/c-do.c:1016
    #29 0x496d2f in N_forever ../src/core/n-loop.c:532

zsx added a commit that referenced this pull request Jul 20, 2015

Fix an alloc-dealloc-mismatch
Found by GCC Address Sanitizer:

=================================================================
==32465==ERROR: AddressSanitizer: alloc-dealloc-mismatch (malloc vs operator delete []) on 0x6030000add40
    #0 0x7f012194676f in operator delete[](void*) (/usr/lib/libasan.so.1+0x5876f)
    #1 0x6c8785 in agg::agg_graphics::agg_reset() ../src/agg/agg_graphics.cpp:1562
    #2 0x6bc20c in agg::agg_graphics::~agg_graphics() ../src/agg/agg_graphics.cpp:96
    #3 0x66fb18 in rebdrw_gob_draw ../src/os/host-draw-api-agg.cpp:571
    #4 0x678500 in process_gobs ../src/os/linux/host-compositor.c:520
    #5 0x6789b7 in process_gobs ../src/os/linux/host-compositor.c:559
    #6 0x6789b7 in process_gobs ../src/os/linux/host-compositor.c:559
    #7 0x6789b7 in process_gobs ../src/os/linux/host-compositor.c:559
    #8 0x67b63f in rebcmp_compose ../src/os/linux/host-compositor.c:685
    #9 0x65158c in Draw_Window ../src/os/host-view.c:225
    #10 0x651b21 in Show_Gob ../src/os/host-view.c:288
    #11 0x6520ed in RXD_Graphics ../src/os/host-view.c:346
    #12 0x471ccd in Do_Command ../src/core/f-extension.c:456
    #13 0x419332 in Do_Next ../src/core/c-do.c:886
    #14 0x41aaed in Do_Blk ../src/core/c-do.c:1017
    #15 0x43f6c8 in Do_Function ../src/core/c-function.c:415
    #16 0x419332 in Do_Next ../src/core/c-do.c:886
    #17 0x41aaed in Do_Blk ../src/core/c-do.c:1017
    #18 0x43f6c8 in Do_Function ../src/core/c-function.c:415
    #19 0x419332 in Do_Next ../src/core/c-do.c:886
    #20 0x41aaed in Do_Blk ../src/core/c-do.c:1017
    #21 0x4a6c9a in N_do ../src/core/n-control.c:524
    #22 0x43e037 in Do_Native ../src/core/c-function.c:289
    #23 0x419332 in Do_Next ../src/core/c-do.c:886
    #24 0x41b643 in Try_Block ../src/core/c-do.c:1087
    #25 0x4a872e in N_try ../src/core/n-control.c:760
    #26 0x43e037 in Do_Native ../src/core/c-function.c:289
    #27 0x419332 in Do_Next ../src/core/c-do.c:886
    #28 0x4168bd in Do_Args ../src/core/c-do.c:668
    #29 0x41a070 in Do_Next ../src/core/c-do.c:942
    #30 0x4168bd in Do_Args ../src/core/c-do.c:668
    #31 0x4190d4 in Do_Next ../src/core/c-do.c:879
    #32 0x4168bd in Do_Args ../src/core/c-do.c:668
    #33 0x4190d4 in Do_Next ../src/core/c-do.c:879
    #34 0x41aaed in Do_Blk ../src/core/c-do.c:1017
    #35 0x43f6c8 in Do_Function ../src/core/c-function.c:415
    #36 0x419332 in Do_Next ../src/core/c-do.c:886
    #37 0x4168bd in Do_Args ../src/core/c-do.c:668
    #38 0x4190d4 in Do_Next ../src/core/c-do.c:879
    #39 0x41aaed in Do_Blk ../src/core/c-do.c:1017
    #40 0x4a6c9a in N_do ../src/core/n-control.c:524
    #41 0x43e037 in Do_Native ../src/core/c-function.c:289
    #42 0x419332 in Do_Next ../src/core/c-do.c:886
    #43 0x41aaed in Do_Blk ../src/core/c-do.c:1017
    #44 0x4a732e in N_either ../src/core/n-control.c:598
    #45 0x43e037 in Do_Native ../src/core/c-function.c:289
    #46 0x419332 in Do_Next ../src/core/c-do.c:886
    #47 0x41aaed in Do_Blk ../src/core/c-do.c:1017
    #48 0x4a732e in N_either ../src/core/n-control.c:598
    #49 0x43e037 in Do_Native ../src/core/c-function.c:289
    #50 0x419332 in Do_Next ../src/core/c-do.c:886
    #51 0x41aaed in Do_Blk ../src/core/c-do.c:1017
    #52 0x4a732e in N_either ../src/core/n-control.c:598
    #53 0x43e037 in Do_Native ../src/core/c-function.c:289
    #54 0x419332 in Do_Next ../src/core/c-do.c:886
    #55 0x41aaed in Do_Blk ../src/core/c-do.c:1017
    #56 0x43f6c8 in Do_Function ../src/core/c-function.c:415
    #57 0x42094d in Apply_Function ../src/core/c-do.c:1528
    #58 0x42116c in Do_Sys_Func ../src/core/c-do.c:1588
    #59 0x426d54 in Init_Mezz ../src/core/c-do.c:2320
    #60 0x4069c1 in RL_Start ../src/core/a-lib.c:193
    #61 0x5fea9d in main ../src/os/host-main.c:235
    #62 0x7f011fed27ff in __libc_start_main (/usr/lib/libc.so.6+0x207ff)
    #63 0x405dd8 in _start (/home/zsx/stuffs/work/r3.git/make/r3-view-linux+0x405dd8)

0x6030000add40 is located 0 bytes inside of 24-byte region [0x6030000add40,0x6030000add58)
allocated by thread T0 here:
    #0 0x7f01219457a7 in malloc (/usr/lib/libasan.so.1+0x577a7)
    #1 0x606495 in OS_Make ../src/os/linux/host-lib.c:380
    #2 0x664b61 in RXD_Draw ../src/os/host-draw.c:438
    #3 0x472f24 in Do_Commands ../src/core/f-extension.c:585
    #4 0x4073a0 in RL_Do_Commands ../src/core/a-lib.c:402
    #5 0x66fadb in rebdrw_gob_draw ../src/os/host-draw-api-agg.cpp:568
    #6 0x678500 in process_gobs ../src/os/linux/host-compositor.c:520
    #7 0x6789b7 in process_gobs ../src/os/linux/host-compositor.c:559
    #8 0x6789b7 in process_gobs ../src/os/linux/host-compositor.c:559
    #9 0x6789b7 in process_gobs ../src/os/linux/host-compositor.c:559
    #10 0x67b63f in rebcmp_compose ../src/os/linux/host-compositor.c:685
    #11 0x65158c in Draw_Window ../src/os/host-view.c:225
    #12 0x651b21 in Show_Gob ../src/os/host-view.c:288
    #13 0x6520ed in RXD_Graphics ../src/os/host-view.c:346
    #14 0x471ccd in Do_Command ../src/core/f-extension.c:456
    #15 0x419332 in Do_Next ../src/core/c-do.c:886
    #16 0x41aaed in Do_Blk ../src/core/c-do.c:1017
    #17 0x43f6c8 in Do_Function ../src/core/c-function.c:415
    #18 0x419332 in Do_Next ../src/core/c-do.c:886
    #19 0x41aaed in Do_Blk ../src/core/c-do.c:1017
    #20 0x43f6c8 in Do_Function ../src/core/c-function.c:415
    #21 0x419332 in Do_Next ../src/core/c-do.c:886
    #22 0x41aaed in Do_Blk ../src/core/c-do.c:1017
    #23 0x4a6c9a in N_do ../src/core/n-control.c:524
    #24 0x43e037 in Do_Native ../src/core/c-function.c:289
    #25 0x419332 in Do_Next ../src/core/c-do.c:886
    #26 0x41b643 in Try_Block ../src/core/c-do.c:1087
    #27 0x4a872e in N_try ../src/core/n-control.c:760
    #28 0x43e037 in Do_Native ../src/core/c-function.c:289
    #29 0x419332 in Do_Next ../src/core/c-do.c:886

SUMMARY: AddressSanitizer: alloc-dealloc-mismatch ??:0 operator delete[](void*)
==32465==HINT: if you don't care about these warnings you may set ASAN_OPTIONS=alloc_dealloc_mismatch=0
==32465==ABORTING

zsx added a commit that referenced this pull request Jul 20, 2015

Fix a crash caused by integer underflow
index is unsigned, and could be zero, so 'index--' will underflow and
round to 0xffffffff, and cause problem in a later call to Expand_Series

I believe the idea of

    if ((REBINT)index > i) index--;

is to move the index forward because gob being inserted were in PANE,
and they can't be there twice (Detach_Gob will remove them from the
current gob). So if they were not there, "index" shouldn't be changed.

This fixes a crash in the following script:
    REBOL []

    foo: make block! []
    for i 0 15 1 [
	    txt: #"a" + i
	    append foo make gob! reduce/no-set [text: to string! txt]
    ]

    g: make gob! []
    append g foo

    g/pane: next g/pane

With this stack trace:
zsx@touchsmart-arch:~/work/r3.git/make$ R3_ALWAYS_MALLOC=1 ./r3-view-linux test-insert-gob-crash.r
=================================================================
==24248==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60d00000c8a8 at pc 0x522243 bp 0x7fff91ba7a60 sp 0x7fff91ba7a50
WRITE of size 8 at 0x60d00000c8a8 thread T0
    #0 0x522242 in Insert_Gobs ../src/core/t-gob.c:230
    #1 0x5242d6 in Set_GOB_Var ../src/core/t-gob.c:421
    #2 0x5278ee in PD_Gob ../src/core/t-gob.c:713
    #3 0x414cda in Next_Path ../src/core/c-do.c:399
    #4 0x415c8c in Do_Path ../src/core/c-do.c:463
    #5 0x41a018 in Do_Next ../src/core/c-do.c:928
    #6 0x41ad1d in Do_Blk ../src/core/c-do.c:1017
    #7 0x4a6eca in N_do ../src/core/n-control.c:524
    #8 0x43e267 in Do_Native ../src/core/c-function.c:289
    #9 0x419562 in Do_Next ../src/core/c-do.c:886
    #10 0x41ad1d in Do_Blk ../src/core/c-do.c:1017
    #11 0x4a755e in N_either ../src/core/n-control.c:598
    #12 0x43e267 in Do_Native ../src/core/c-function.c:289
    #13 0x419562 in Do_Next ../src/core/c-do.c:886
    #14 0x41ad1d in Do_Blk ../src/core/c-do.c:1017
    #15 0x4a755e in N_either ../src/core/n-control.c:598
    #16 0x43e267 in Do_Native ../src/core/c-function.c:289
    #17 0x419562 in Do_Next ../src/core/c-do.c:886
    #18 0x41ad1d in Do_Blk ../src/core/c-do.c:1017
    #19 0x4a755e in N_either ../src/core/n-control.c:598
    #20 0x43e267 in Do_Native ../src/core/c-function.c:289
    #21 0x419562 in Do_Next ../src/core/c-do.c:886
    #22 0x41ad1d in Do_Blk ../src/core/c-do.c:1017
    #23 0x43f8f8 in Do_Function ../src/core/c-function.c:415
    #24 0x420b7d in Apply_Function ../src/core/c-do.c:1528
    #25 0x42139c in Do_Sys_Func ../src/core/c-do.c:1588
    #26 0x426f84 in Init_Mezz ../src/core/c-do.c:2320
    #27 0x406bf1 in RL_Start ../src/core/a-lib.c:193
    #28 0x5fecee in main ../src/os/host-main.c:235
    #29 0x7facd0bf67ff in __libc_start_main (/usr/lib/libc.so.6+0x207ff)
    #30 0x406008 in _start (/home/zsx/stuffs/work/r3.git/make/r3-view-linux+0x406008)

0x60d00000c8a8 is located 0 bytes to the right of 136-byte region [0x60d00000c820,0x60d00000c8a8)
allocated by thread T0 here:
    #0 0x7facd26567a7 in malloc (/usr/lib/libasan.so.1+0x577a7)
    #1 0x4999a7 in Make_Mem ../src/core/m-pools.c:125
    #2 0x49b188 in Make_Series ../src/core/m-pools.c:413
    #3 0x521929 in Insert_Gobs ../src/core/t-gob.c:208
    #4 0x529717 in T_Gob ../src/core/t-gob.c:835
    #5 0x43eb86 in Do_Act ../src/core/c-function.c:338
    #6 0x43f82a in Do_Action ../src/core/c-function.c:396
    #7 0x419562 in Do_Next ../src/core/c-do.c:886
    #8 0x41ad1d in Do_Blk ../src/core/c-do.c:1017
    #9 0x4a6eca in N_do ../src/core/n-control.c:524
    #10 0x43e267 in Do_Native ../src/core/c-function.c:289
    #11 0x419562 in Do_Next ../src/core/c-do.c:886
    #12 0x41ad1d in Do_Blk ../src/core/c-do.c:1017
    #13 0x4a755e in N_either ../src/core/n-control.c:598
    #14 0x43e267 in Do_Native ../src/core/c-function.c:289
    #15 0x419562 in Do_Next ../src/core/c-do.c:886
    #16 0x41ad1d in Do_Blk ../src/core/c-do.c:1017
    #17 0x4a755e in N_either ../src/core/n-control.c:598
    #18 0x43e267 in Do_Native ../src/core/c-function.c:289
    #19 0x419562 in Do_Next ../src/core/c-do.c:886
    #20 0x41ad1d in Do_Blk ../src/core/c-do.c:1017
    #21 0x4a755e in N_either ../src/core/n-control.c:598
    #22 0x43e267 in Do_Native ../src/core/c-function.c:289
    #23 0x419562 in Do_Next ../src/core/c-do.c:886
    #24 0x41ad1d in Do_Blk ../src/core/c-do.c:1017
    #25 0x43f8f8 in Do_Function ../src/core/c-function.c:415
    #26 0x420b7d in Apply_Function ../src/core/c-do.c:1528
    #27 0x42139c in Do_Sys_Func ../src/core/c-do.c:1588
    #28 0x426f84 in Init_Mezz ../src/core/c-do.c:2320
    #29 0x406bf1 in RL_Start ../src/core/a-lib.c:193

SUMMARY: AddressSanitizer: heap-buffer-overflow ../src/core/t-gob.c:230 Insert_Gobs
Shadow bytes around the buggy address:
  0x0c1a7fff98c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c1a7fff98d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c1a7fff98e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c1a7fff98f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c1a7fff9900: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c1a7fff9910: 00 00 00 00 00[fa]fa fa fa fa fa fa fa fa 00 00
  0x0c1a7fff9920: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
  0x0c1a7fff9930: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c1a7fff9940: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
  0x0c1a7fff9950: fa fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c1a7fff9960: 00 00 00 00 fa fa fa fa fa fa fa fa fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:           fe
==24248==ABORTING

zsx added a commit that referenced this pull request Jul 20, 2015

Remove free'd serieses from GC_Infants
reported by address sanitizer with manual poisonation:

=================================================================
==11513==ERROR: AddressSanitizer: use-after-poison on address 0x7efe281542c0 at pc 0x00000071038f bp 0x7ffdc9de9330 sp 0x7ffdc9de9328
READ of size 4 at 0x7efe281542c0 thread T0
    #0 0x71038e in Mark_Series /home/zsx/stuffs/work/r3.git/make/../src/core/m-gc.c:501:6
    #1 0x70ea8b in Recycle /home/zsx/stuffs/work/r3.git/make/../src/core/m-gc.c:744:4
    #2 0x7bbde6 in N_recycle /home/zsx/stuffs/work/r3.git/make/../src/core/n-system.c:99:10
    #3 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6
    #4 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #5 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #6 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11
    #7 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #8 0x566f3d in Do_Block_Value_Throw /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1049:11
    #9 0xb0b6d9 in Parse_Rules_Loop /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:830:4
    #10 0xb0e7f7 in Parse_Rules_Loop /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:927:9
    #11 0xb07b10 in Parse_Series /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:96:9
    #12 0xb06b65 in N_parse /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:1269:7
    #13 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6
    #14 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #15 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #16 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11
    #17 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #18 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #19 0x745e54 in N_case /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:348:10
    #20 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6
    #21 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #22 0x56360b in Do_Args /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:668:12
    #23 0x55edc9 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:879:11
    #24 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #25 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11
    #26 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #27 0x55e447 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:860:11
    #28 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #29 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11
    #30 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #31 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #32 0x749b0b in N_do /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:524:8
    #33 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6
    #34 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #35 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #36 0x74abca in N_either /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:598:3
    #37 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6
    #38 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #39 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #40 0x74abca in N_either /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:598:3
    #41 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6
    #42 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #43 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #44 0x74abca in N_either /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:598:3
    #45 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6
    #46 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #47 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #48 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11
    #49 0x5758b0 in Apply_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1528:33
    #50 0x576ec0 in Do_Sys_Func /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1588:10
    #51 0x582548 in Init_Mezz /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:2320:9
    #52 0x52e62f in RL_Start /home/zsx/stuffs/work/r3.git/make/../src/core/a-lib.c:193:9
    #53 0xbb6c93 in main /home/zsx/stuffs/work/r3.git/make/../src/os/host-main.c:235:6
    #54 0x7efe2bfcb7ff in __libc_start_main (/usr/lib/libc.so.6+0x207ff)
    #55 0x486498 in _start (/home/zsx/stuffs/work/r3.git/make/r3-view-linux+0x486498)

0x7efe281542c0 is located 96960 bytes inside of 131088-byte region [0x7efe2813c800,0x7efe2815c810)
allocated by thread T0 here:
    #0 0x50d462 in __interceptor_malloc (/home/zsx/stuffs/work/r3.git/make/r3-view-linux+0x50d462)
    #1 0x721a85 in Make_Mem /home/zsx/stuffs/work/r3.git/make/../src/core/m-pools.c:127:14
    #2 0x723acd in Fill_Pool /home/zsx/stuffs/work/r3.git/make/../src/core/m-pools.c:235:19
    #3 0x7233af in Make_Node /home/zsx/stuffs/work/r3.git/make/../src/core/m-pools.c:280:20
    #4 0x725f8a in Make_Series /home/zsx/stuffs/work/r3.git/make/../src/core/m-pools.c:391:21
    #5 0x738823 in Copy_Series /home/zsx/stuffs/work/r3.git/make/../src/core/m-series.c:261:19
    #6 0x5f93a6 in Copy_Deep_Values /home/zsx/stuffs/work/r3.git/make/../src/core/f-blocks.c:131:22
    #7 0x5f98cf in Copy_Deep_Values /home/zsx/stuffs/work/r3.git/make/../src/core/f-blocks.c:136:6
    #8 0x5fa3ed in Copy_Block_Values /home/zsx/stuffs/work/r3.git/make/../src/core/f-blocks.c:159:18
    #9 0x89efc2 in T_Block /home/zsx/stuffs/work/r3.git/make/../src/core/t-block.c:796:23
    #10 0x5c458f in Do_Act /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:338:8
    #11 0x5c5927 in Do_Action /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:396:2
    #12 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #13 0x56360b in Do_Args /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:668:12
    #14 0x55edc9 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:879:11
    #15 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #16 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11
    #17 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #18 0x55e447 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:860:11
    #19 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #20 0x749b0b in N_do /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:524:8
    #21 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6
    #22 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #23 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #24 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11
    #25 0x5758b0 in Apply_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1528:33
    #26 0x576ec0 in Do_Sys_Func /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1588:10
    #27 0x5a37d0 in Make_Module /home/zsx/stuffs/work/r3.git/make/../src/core/c-frame.c:585:10
    #28 0x9510d5 in T_Object /home/zsx/stuffs/work/r3.git/make/../src/core/t-object.c:308:16
    #29 0x8ac4eb in T_Datatype /home/zsx/stuffs/work/r3.git/make/../src/core/t-datatype.c:92:20

SUMMARY: AddressSanitizer: use-after-poison /home/zsx/stuffs/work/r3.git/make/../src/core/m-gc.c:501 Mark_Series
Shadow bytes around the buggy address:
  0x0fe045022800: f7 f7 00 00 00 00 00 00 00 00 f7 f7 f7 f7 00 00
  0x0fe045022810: 00 00 00 00 00 00 f7 f7 f7 f7 00 00 00 00 00 00
  0x0fe045022820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe045022830: 00 00 f7 f7 f7 f7 00 00 00 00 00 00 00 00 f7 f7
  0x0fe045022840: f7 f7 00 00 00 00 00 00 00 00 f7 f7 f7 f7 00 00
=>0x0fe045022850: 00 00 00 00 00 00 f7 f7[f7]f7 00 00 00 00 00 00
  0x0fe045022860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe045022870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe045022880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe045022890: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe0450228a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==11513==ABORTING

zsx added a commit that referenced this pull request Jul 20, 2015

Pass correct length to Deline_*
The length of the VAL_SERIES(value) has been set correctly by
Append_UTF8, and it could be smaller than "len", because UTF8 is a
multi-byte encoding, thus passing "len" to Deline_Uni could cause
out-of-bound memory access.

Fixes CC#2169

The following code

    REBOL[]
    t: <ēee>

causes:

==13053==ERROR: AddressSanitizer: use-after-poison on address 0x61d00001a5f8 at pc 0x000000853d50 bp 0x7ffd2a31a1b0 sp 0x7ffd2a31a1a8
WRITE of size 2 at 0x61d00001a5f8 thread T0
    #0 0x853d4f in Deline_Uni /home/zsx/stuffs/work/r3.git/make/../src/core/s-ops.c:426:2
    #1 0x7064d4 in Scan_Any /home/zsx/stuffs/work/r3.git/make/../src/core/l-types.c:846:7
    #2 0x6dca3c in Scan_Block /home/zsx/stuffs/work/r3.git/make/../src/core/l-scan.c:1421:4
    #3 0x6d9f92 in Scan_Block /home/zsx/stuffs/work/r3.git/make/../src/core/l-scan.c:1301:12
    #4 0x6df0e6 in Scan_Code /home/zsx/stuffs/work/r3.git/make/../src/core/l-scan.c:1550:9
    #5 0x6df462 in Scan_Source /home/zsx/stuffs/work/r3.git/make/../src/core/l-scan.c:1570:9
    #6 0x896105 in Make_Block_Type /home/zsx/stuffs/work/r3.git/make/../src/core/t-block.c:306:9
    #7 0x89af62 in T_Block /home/zsx/stuffs/work/r3.git/make/../src/core/t-block.c:624:3
    #8 0x8ac80b in T_Datatype /home/zsx/stuffs/work/r3.git/make/../src/core/t-datatype.c:92:20
    #9 0x5c458f in Do_Act /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:338:8
    #10 0x5c5927 in Do_Action /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:396:2
    #11 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #12 0x55e447 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:860:11
    #13 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #14 0x746174 in N_case /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:348:10
    #15 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6
    #16 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #17 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #18 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11
    #19 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #20 0x55e447 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:860:11
    #21 0x568295 in Try_Block /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1087:11
    #22 0x7506ac in N_try /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:760:6
    #23 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6
    #24 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #25 0x56360b in Do_Args /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:668:12
    #26 0x55edc9 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:879:11
    #27 0x56360b in Do_Args /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:668:12
    #28 0x55edc9 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:879:11
    #29 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #30 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11
    #31 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #32 0x566f3d in Do_Block_Value_Throw /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1049:11
    #33 0xb0b9f9 in Parse_Rules_Loop /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:830:4
    #34 0xb0eb17 in Parse_Rules_Loop /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:927:9
    #35 0xb07e30 in Parse_Series /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:96:9
    #36 0xb06e85 in N_parse /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:1269:7
    #37 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6
    #38 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #39 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #40 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11
    #41 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #42 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #43 0x746174 in N_case /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:348:10
    #44 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6
    #45 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #46 0x56360b in Do_Args /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:668:12
    #47 0x55edc9 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:879:11
    #48 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #49 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11
    #50 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #51 0x55e447 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:860:11
    #52 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #53 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11
    #54 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #55 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #56 0x749e2b in N_do /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:524:8
    #57 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6
    #58 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #59 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #60 0x74aeea in N_either /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:598:3
    #61 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6
    #62 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #63 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #64 0x74aeea in N_either /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:598:3
    #65 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6
    #66 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #67 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #68 0x74aeea in N_either /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:598:3
    #69 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6
    #70 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #71 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11
    #72 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11
    #73 0x5758b0 in Apply_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1528:33
    #74 0x576ec0 in Do_Sys_Func /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1588:10
    #75 0x582548 in Init_Mezz /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:2320:9
    #76 0x52e62f in RL_Start /home/zsx/stuffs/work/r3.git/make/../src/core/a-lib.c:193:9
    #77 0xbb6fb3 in main /home/zsx/stuffs/work/r3.git/make/../src/os/host-main.c:235:6
    #78 0x7fd1c04ef7ff in __libc_start_main (/usr/lib/libc.so.6+0x207ff)
    #79 0x486498 in _start (/home/zsx/stuffs/work/r3.git/make/r3-view-linux+0x486498)

0x61d00001a5f8 is located 376 bytes inside of 2064-byte region [0x61d00001a480,0x61d00001ac90)
allocated by thread T0 here:
    #0 0x50d462 in __interceptor_malloc (/home/zsx/stuffs/work/r3.git/make/r3-view-linux+0x50d462)
    #1 0x721a85 in Make_Mem /home/zsx/stuffs/work/r3.git/make/../src/core/m-pools.c:132:14
    #2 0x723bed in Fill_Pool /home/zsx/stuffs/work/r3.git/make/../src/core/m-pools.c:240:19
    #3 0x7233c2 in Make_Node /home/zsx/stuffs/work/r3.git/make/../src/core/m-pools.c:295:20
    #4 0x7267f3 in Make_Series /home/zsx/stuffs/work/r3.git/make/../src/core/m-pools.c:419:10
    #5 0x818d71 in Copy_String /home/zsx/stuffs/work/r3.git/make/../src/core/s-make.c:337:8
    #6 0x6dc386 in Scan_Block /home/zsx/stuffs/work/r3.git/make/../src/core/l-scan.c:1388:22
    #7 0x6df0e6 in Scan_Code /home/zsx/stuffs/work/r3.git/make/../src/core/l-scan.c:1550:9
    #8 0x6e1f81 in N_transcode /home/zsx/stuffs/work/r3.git/make/../src/core/l-scan.c:1630:8
    #9 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6
    #10 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #11 0x56360b in Do_Args /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:668:12
    #12 0x55edc9 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:879:11
    #13 0x56360b in Do_Args /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:668:12
    #14 0x56110f in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:942:13
    #15 0x568295 in Try_Block /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1087:11
    #16 0x7506ac in N_try /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:760:6
    #17 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6
    #18 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18
    #19 0x56360b in Do_Args /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:668:12
    #20 0x55edc9 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:879:11
    #21 0x56360b in Do_Args /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:668:12
    #22 0x55edc9 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:879:11
    #23 0x55e447 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:860:11
    #24 0x566f3d in Do_Block_Value_Throw /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1049:11
    #25 0xb0b9f9 in Parse_Rules_Loop /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:830:4
    #26 0xb0eb17 in Parse_Rules_Loop /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:927:9
    #27 0xb0eb17 in Parse_Rules_Loop /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:927:9
    #28 0xb0eb17 in Parse_Rules_Loop /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:927:9
    #29 0xb0eb17 in Parse_Rules_Loop /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:927:9

SUMMARY: AddressSanitizer: use-after-poison /home/zsx/stuffs/work/r3.git/make/../src/core/s-ops.c:426 Deline_Uni
Shadow bytes around the buggy address:
  0x0c3a7fffb460: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a7fffb470: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a7fffb480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a7fffb490: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0c3a7fffb4a0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
=>0x0c3a7fffb4b0: f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 00 f7 00 00[f7]
  0x0c3a7fffb4c0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0c3a7fffb4d0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0c3a7fffb4e0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0c3a7fffb4f0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0c3a7fffb500: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==13053==ABORTING

@lkppo lkppo referenced this pull request Mar 22, 2019

Closed

Build fails on OpenBSD #965

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.