[android] [GWP-ASan]: Buffer Overflow dp::vulkan::VulkanGPUBuffer::UpdateData()

[rtsisyk]

Brand:Google
Model:Pixel 4a
Orientation:Unknown
RAM free: 70.65 MB
Disk free: 998.14 MB
Operating system
Version:Android 13
Orientation:Unknown
Rooted:No
Date:2 May 2024, 14:08:03
App version:2024.04.29-31-Google-beta (24042931)

[GWP-ASan]: Buffer Overflow, 0 bytes right of a 256-byte allocation at 0x73f0c0cf00: SIGSEGV  0x00000073f0c0d000
#00 pc 0x4d7dc libc.so (BuildId: 4e07915368c859b1910c68c84a8de75f)
#01 pc 0x76b2a4 liborganicmaps.so (dp::vulkan::VulkanGPUBuffer::UpdateData(void*, void const*, unsigned int, unsigned int) [string.h:61]) (BuildId: 330ca0b7a2e78c7ee280e38487282957f3ca0c2f)
#02 pc 0x751f54 liborganicmaps.so (dp::VertexArrayBuffer::ApplyMutation(ref_ptr<dp::GraphicsContext>, ref_ptr<dp::IndexBufferMutator>, ref_ptr<dp::AttributeBufferMutator>) [data_buffer.cpp:84]) (BuildId: 330ca0b7a2e78c7ee280e38487282957f3ca0c2f)
#03 pc 0x6eeb2c liborganicmaps.so (std::__ndk1::__function::__func<gui::ShapeRenderer::Render(ref_ptr<dp::GraphicsContext>, ref_ptr<gpu::ProgramManager>, ScreenBase const&)::$_0, std::__ndk1::allocator<gui::ShapeRenderer::Render(ref_ptr<dp::GraphicsContext>, ref_ptr<gpu::ProgramManager>, ScreenBase const&)::$_0>, void (gui::ShapeControl::ShapeInfo&)>::operator()(gui::ShapeControl::ShapeInfo&) [shape.cpp:120]) (BuildId: 330ca0b7a2e78c7ee280e38487282957f3ca0c2f)
#04 pc 0x6ef0d8 liborganicmaps.so (std::__ndk1::__function::__func<gui::ShapeRenderer::ForEachShapeInfo(std::__ndk1::function<void (gui::ShapeControl::ShapeInfo&)> const&)::$_0, std::__ndk1::allocator<gui::ShapeRenderer::ForEachShapeInfo(std::__ndk1::function<void (gui::ShapeControl::ShapeInfo&)> const&)::$_0>, void (gui::ShapeControl&)>::operator()(gui::ShapeControl&) [function.h:510]) (BuildId: 330ca0b7a2e78c7ee280e38487282957f3ca0c2f)
#05 pc 0x6cf4e8 liborganicmaps.so (gui::ShapeRenderer::ForEachShapeControl(std::__ndk1::function<void (gui::ShapeControl&)> const&) [function.h:510]) (BuildId: 330ca0b7a2e78c7ee280e38487282957f3ca0c2f)
#06 pc 0x6cca5c liborganicmaps.so (gui::ShapeRenderer::Render(ref_ptr<dp::GraphicsContext>, ref_ptr<gpu::ProgramManager>, ScreenBase const&) [shape.cpp:154]) (BuildId: 330ca0b7a2e78c7ee280e38487282957f3ca0c2f)
#07 pc 0x6c1890 liborganicmaps.so (gui::LayerRenderer::Render(ref_ptr<dp::GraphicsContext>, ref_ptr<gpu::ProgramManager>, bool, ScreenBase const&) [layer_render.cpp:56]) (BuildId: 330ca0b7a2e78c7ee280e38487282957f3ca0c2f)
#08 pc 0x6c0048 liborganicmaps.so (df::FrontendRenderer::RenderScene(ScreenBase const&, bool) [frontend_renderer.cpp:1524]) (BuildId: 330ca0b7a2e78c7ee280e38487282957f3ca0c2f)
#09 pc 0x6c243c liborganicmaps.so (df::FrontendRenderer::RenderFrame() [frontend_renderer.cpp:1765]) (BuildId: 330ca0b7a2e78c7ee280e38487282957f3ca0c2f)
#10 pc 0x6c5868 liborganicmaps.so (df::FrontendRenderer::Routine::Do() [base_renderer.cpp:64]) (BuildId: 330ca0b7a2e78c7ee280e38487282957f3ca0c2f)
#11 pc 0xad93a8 liborganicmaps.so (threads::(anonymous namespace)::RunRoutine(std::__ndk1::shared_ptr<threads::IRoutine>) [thread.cpp:26]) (BuildId: 330ca0b7a2e78c7ee280e38487282957f3ca0c2f)
#12 pc 0xae14c8 liborganicmaps.so (void* std::__ndk1::__thread_proxy[abi:v170000]<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct> >, void (*)(std::__ndk1::shared_ptr<threads::IRoutine>), std::__ndk1::shared_ptr<threads::IRoutine> > >(void*) [invoke.h:394]) (BuildId: 330ca0b7a2e78c7ee280e38487282957f3ca0c2f)
#13 pc 0xb63b0 libc.so (BuildId: 4e07915368c859b1910c68c84a8de75f)
#14 pc 0x530b8 libc.so (BuildId: 4e07915368c859b1910c68c84a8de75f)

Not too many details. It was likely my Pixel 4a. I don't know how to reproduce this issue.

[biodranik]

Looks like https://developer.android.com/ndk/guides/gwp-asan can be enabled for OM to detect such issues.

[rtsisyk]

Looks like https://developer.android.com/ndk/guides/gwp-asan can be enabled for OM to detect such issues.

ASAN has been already enabled for the last 6 months (see #6634). This is how this buffer overflow issue was discovered.

[biodranik]

Why Recovery ASAN was not enabled for production? https://developer.android.com/ndk/guides/gwp-asan#recoverable